origin: Metadata of the `kubeadmin` user profile doesn't contain a `uid`

The kubeadmin user profile doesn’t provide the kube:admin user uid.

Version

OpenShift 4.3.9

Steps To Reproduce
  1. Get the profile of an standard user:

The profile of a user created with an identity provider such as the htpasswd identity provider contains a metadata.uid field.

╰─ curl -k -H "Authorization: Bearer xxxxxxx" "https://api.test-ocp43.codereadyqe.com:6443/apis/user.openshift.io/v1/users/~"
{
  "kind": "User",
  "apiVersion": "user.openshift.io/v1",
  "metadata": {
    "name": "user",
    "selfLink": "/apis/user.openshift.io/v1/users/user",
    "uid": "e01e78aa-50d9-482e-8bb4-3442a5247313",
    "resourceVersion": "5462325",
    "creationTimestamp": "2020-04-17T09:47:59Z"
  },
  "identities": [
    "htpasswd:user"
  ],
  "groups": [
    "system:authenticated",
    "system:authenticated:oauth"
  ]
}
  1. In comparison, the profile of the kubeadmin user doesn’t contain a uid and seems quite incomplete:
╰─ curl -k -H "Authorization: Bearer xxxxxxxxx" "https://api.test-ocp43.codereadyqe.com:6443/apis/user.openshift.io/v1/users/~"
{
  "kind": "User",
  "apiVersion": "user.openshift.io/v1",
  "metadata": {
    "name": "kube:admin",
    "selfLink": "/apis/user.openshift.io/v1/users/kube%3Aadmin",
    "creationTimestamp": null
  },
  "identities": null,
  "groups": [
    "system:authenticated",
    "system:cluster-admins"
  ]
}
Current Result

The profile of the kubeadmin user doesn’t contain a metadata.uid field and seems quite incomplete

Expected Result

Shouldn’t the profile of the kubeadmin user also contain a metadata.uid field as it is the case for any other user ?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18 (11 by maintainers)

Most upvoted comments

+1

+2
DGuhr on Sep 9, 2021

Justification: The current state of being able to evaluable software on OpenShift such as CodeReady Workspaces, is that it is blocked after setting up a cluster and then deploying CRW Operator since there isn’t a user on the platform other than kubeadm. With the lack of the being enabled, it adds another step for IDP setup before able to leverage CRW right out the box. This is a very common issue many of our users (most evaluators, demonstrating, testing) have to go through this additional step.

+1
sspeiche on Jan 14, 2021
Read more comments on GitHub
← origin: make build-cross fails with "undefined: gssapi" for linux/arm64
origin: Mounting file from ConfigMap using volume subPath causes file permission denied error →