OpenShift - List Groups using the oc get groups command

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The oc get groups command can be used to list the groups that have been created, and the members of each group.

~]$ oc get groups
NAME                          USERS
my-group-admins               john.doe
my-group-cluster-admins       jane.doe
my-group-cluster-status       jack.doe
my-group-cluster-readers      james.doe jasper.doe
my-group-editors              jackson.doe jordan.doe
my-group-self-provisioners    julie.doe jose.doe
my-group-viewers              josh.doe jeremy.doe

 

A group is almost always associated with a Role Binding so it might be a good design to have the groups match the Role Bindings.

Group Name Role
my-group-admins admin
my-group-cluster-admins cluster-admin
my-group-cluster-status cluster-status
my-group-cluster-readers cluster-reader
my-group-editors edit
my-group-self-provisioners self-provisioner
my-group-viewers view

 

The oc describe group can display a bit more information about a group.

~]$ oc describe group my-group-admins
Name:           my-group-admins
Created:        28 seconds ago
Labels:         <none>
Annotations:    <none>
Users:          jane.doe

 

Or, the oc get groups command with the --output json‚Äč or --output yaml option can be used.

~]$ oc get groups my-group-admins --output json
{
    "apiVersion": "user.openshift.io/v1",
    "kind": "Group",
    "metadata": {
        "creationTimestamp": "2022-07-26T01:45:24Z",
        "name": "my-group-admins",
        "resourceVersion": "444131094",
        "uid": "db7ece86-9507-45f0-aa17-66c49b51fe97"
    },
    "users": [
        "john.doe"
    ]
}

 

The --output jsonpath option can be used to print the value of a specific JSON key

~]$ oc get groups my-group-admins --output jsonpath={.users}
["john.doe"]

 

This one liner can be used to list the Cluster Role Bindings that have been mapped to the group. In this example the Cluster Role Binding named "my-role-admins" is mapped to my-group-admins.

~]$ for crb in `oc get clusterrolebindings | awk '{print $1'}`; do echo $crb; oc describe clusterrolebinding $crb | grep -i my_group; done;
my-role-admins
  Group  my-group-admins

 

Then the oc describe clusterrolebinding command can be used to show that Cluster Role Binding my-role-admins has group my-group-admins and role cluster-admin.

~]$ oc describe clusterrolebinding admin
Name:         admin
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  admin
Subjects:
  Kind            Name              Namespace
  ----            ----              ---------
  Group           my-group-admins

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 555be in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |