quarkusbot
commented
3 years ago /cc @geoand
Open gastaldi opened 3 years ago
quarkusbot
commented
3 years ago /cc @geoand
geoand
commented
3 years ago cc @iocanel
geoand
commented
3 years ago cc @manusa
geoand
commented
2 years ago @gastaldi can you elaborate on the use case you need this for?
iocanel
commented
2 years ago This is something that users are already able to use, since its something supported directly by the client.
I am not sure what additional we could provide on top of that.
Maybe an annotation for methods that would indicate that all calls in the context of this method should be done as user X? Would that work for @gastaldi ? Did you had something else in mind?
gastaldi
commented
2 years ago I was thinking of a couple of properties in the application.properties, to be able to initialize the KubernetesClient with an impersonated user and group, but since this can be a request-scoped change, maybe the developer can perform that with an inteceptor/filter somehow.
An annotation would be interesting to have but I think documenting how to impersonate users in the Kubernetes Client guide may be enough for now.
Kubernetes supports User impersonation. It would be nice to have that feature OOTB.
See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation for more details
Example on how it can be triggered: https://github.com/fabric8-launcher/launcher-application/blob/master/services/openshift-service-impl/src/main/java/io/fabric8/launcher/service/openshift/impl/Fabric8OpenShiftServiceImpl.java#L118-L124
Originally posted by @gastaldi in https://github.com/quarkusio/quarkus/pull/11982#issuecomment-689595515