Closed LarsMilland closed 4 years ago
Hi
I have resolved my problem myself.
By adding the resourceAPIGroup to the SAR it worked for me.
So my SAR looks like this:
{ "resource": "jenkins", "verb": "deploy", "resourceAPIGroup": "build.openshift.io", "namespace": "apparc-t" }
Best regards Lars Milland
Hi
I am trying to get version 1.0.0 of this oauth-proxy working towards an OpenShift 3.1.146 environment with a custom crafted role and verb.
I have created my own "verbs" and "resources" in a new clusterrole "deploy":
and have that granted/bound to a user that I would like to have check for that permission via the OAuth proxy:
I would assume that the subjectaccessreviews API call should look something like this:
but using a token for this user: PP_UOpenShiftProjDemoXTestEdit the response I get back is:
Do anyone here know what could be wrong. Maybe how I should structure the SAR post contents to match this rolebinding? Or if it at all is possible to use the OpenShift OAuth API with the subjectaccessreviews like this for "resources" I have defined myself.
I know that the user I am using works, since I can do:
getting this back
Best regards Lars Milland