Open gastaldi opened 3 years ago
/cc @geoand
cc @iocanel
cc @manusa
@gastaldi can you elaborate on the use case you need this for?
This is something that users are already able to use, since its something supported directly by the client.
I am not sure what additional we could provide on top of that.
Maybe an annotation for methods that would indicate that all calls in the context of this method should be done as user X
? Would that work for @gastaldi ? Did you had something else in mind?
I was thinking of a couple of properties in the application.properties, to be able to initialize the KubernetesClient with an impersonated user and group, but since this can be a request-scoped change, maybe the developer can perform that with an inteceptor/filter somehow.
An annotation would be interesting to have but I think documenting how to impersonate users in the Kubernetes Client guide may be enough for now.
Kubernetes supports User impersonation. It would be nice to have that feature OOTB.
See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation for more details
Example on how it can be triggered: https://github.com/fabric8-launcher/launcher-application/blob/master/services/openshift-service-impl/src/main/java/io/fabric8/launcher/service/openshift/impl/Fabric8OpenShiftServiceImpl.java#L118-L124
Originally posted by @gastaldi in https://github.com/quarkusio/quarkus/pull/11982#issuecomment-689595515