How to list users with role cluster-admin in OpenShift?

openshift-origin

I can add users to the cluster-role "cluster-admin" with:

oc adm policy add-cluster-role-to-user cluster-admin <user>

But how can I list all users with the role cluster-admin?

Environment: OpenShift 3.x


Solution 1:

Found it myself:

It's in the RoleBinding[cluster-admins]: section of:

oc describe clusterPolicyBindings :default

With jq you can get the list of users in one command:

oc get --all-namespaces --output json clusterPolicyBindings | jq '.items[].roleBindings[] | select(.name=="cluster-admins") | .roleBinding.userNames'

For OpenShift 3.7 and newer:

oc get clusterrolebindings -o json | jq '.items[] | select(.metadata.name=="cluster-admins") | .userNames'

Solution 2:

in openshift 3.9 the cluster admins are located in different dictionaries(cluster-admin-0,cluster-admin-1, and so on). To list them: 

oc get clusterrolebinding -o json | jq '.items[] | select(.metadata.name |  startswith("cluster-admin")) | .userNames'

Related

why don't DHCP discover/ARP messages amplify and reverberate in WANs?
Two PDCs, two ADs, two domains - how to replicate one domain/AD to the other?
How to determine why a static external IP address changed in GCP?
linux bridge two NICs with multiple VLANs and assign virtual IP
Docker without sudo in Ubuntu 20.04?
Fail2ban regex working but not banning. DNS warning instead
SSH Keys were changed/regenerated on Hetzner cloud server, I got alert "remote host identification changed"
How to find source of 4625 Event ID in windows server 2012
Unable to finalize Container Registry Transition to Artifact Repository
Appropriate word for a young person who behaves like a cynical old person?
Somebody who pretends to understand, but doesn't [closed]
Word for the thing that's fixed on the wall and holds a (fire) torch in stories set in the distant past