Authentication, Authentication, Authorization

Question 1

Export the existing OAuth cluster resource to a file

Answer 1

oc get oauth cluster -o yaml > oauth.yaml

Question 2

Update oAuth cluster resource afters aving it to file

Answer 2

oc replace -f oauth.yaml

Question 3

Create the htpasswd file

Answer 3

htpasswd -c -B -b /tmp/htpasswd student redhat123

Question 4

Add or update credentials in htpasswd file

Answer 4

htpasswd -b /tmp/htpasswd student redhat1234

Question 5

Delete credentials in htpasswd file

Answer 5

htpasswd -D /tmp/htpasswd student

Question 6

create a secret that contains the htpasswd file data

Answer 6

oc create secret generic htpasswd-secret –from-file htpasswd=/tmp/htpasswd -n openshift-config

Question 7

3 steps to completely detele a htpasswd user

Answer 7

1) htpasswd -D /tmp/htpasswd manager
2) oc set data secret/htpasswd-secret –from-file htpasswd=/tmp/htpasswd -n openshift-config
3) oc delete user manager

Question 8

List all identity resources

Answer 8

oc get identities

Question 9

Delete an identity resource

Answer 9

oc delete identity my_htpasswd_provider:manager

Question 10

Assign the cluster-admin role to the student user

Answer 10

oc adm policy add-cluster-role-to-user cluster-admin student

Question 11

Assign the cluster-role role to the student user

Answer 11

oc adm policy add-cluster-role-to-user cluster-role student

Question 12

Remove the cluster-role role from the student user

Answer 12

oc adm policy remove-cluster-role-from-user cluster-role student

Question 13

Determine if a user can execute an action on a resource

Answer 13

oc adm policy who-can delete user

oc adm policy who-can /verb/ /resource/

Question 14

Add a specified role to a user

Answer 14

oc adm policy add-role-to-user role-name username -n project

Question 15

Mentally list all user types

Answer 15

1. regular users
2. system users
3. service accounts

Question 16

Create a generic secret containing key-value pairs from literal values typed on the command line

Answer 16

oc create secret generic secret_name –from-literal key1=secret1 –from-literal key2=secret2

Question 17

Create a generic secret using key names specified on the command line and values from files

Answer 17

oc create secret generic ssh-keys –from-file id_rsa=/path-to/id_rsa –from-file id_rsa.pub=/path-to/id_rsa.pub

Question 18

Create a secret specifying a certificate and the associated key

Answer 18

oc create secret tls secret-tls –cert /path-to-certificate –key /path-to-key

Question 19

set application environment variables from secrets

Answer 19

oc set env deployment/demo –from secret/demo-secret –prefix MYSQL_

Question 20

mount secrets as file in a pod

Answer 20

oc set volume deployment/demo –add –type secret –secret-name demo-secret –mount-path /app-secrets

Question 21

create a configuration map

Answer 21

oc create configmap my-config –from-literal key1=config1 –from-literal key2=config2

Question 22

Save the cm data to a specific directory

Answer 22

oc extract cm/myconfig –to /tmp/ –confirm

Question 23

Update modified secret file

Answer 23

oc set data secret/htpasswd-ppklq -n openshift-config –from-file /tmp/htpasswd

Question 24

Command to list all scc defined in OpenShift

Answer 24

oc get scc

Question 25

Obtain more info on an scc

Answer 25

oc describe scc anyuid

Question 26

view the security context constraint that a pod uses

Answer 26

oc describe pod console-5df4fcbb47-67c52 -n openshift-console | grep scc

Question 27

Command to list all the security context constraints that can overcome the limitations of a container

Answer 27

oc get pod podname -o yaml | oc adm policy scc-subject-review -f -

Question 28

Create service account

Answer 28

oc create serviceaccount service-account-name

Question 29

Associate a service account with an SCC

Answer 29

oc adm policy add-scc-to-user SCC -z service-account

Question 30

Modify an existing deployment o to use a service account

Answer 30

oc set serviceaccount deployment/deployment-name service-account-name

Question 31

Create self signed cert

Answer 31

openssl x509 -in training.csr -out training.pem -req -signkey training.key

Question 32

nginx image

Answer 32

twalter/openshift-nginx

Question 33

List all cluster role bindings that reference the self-provisioner cluster role

Answer 33

oc get clusterrolebinding | grep -E 'NAME|self-provisioner'

Question 34

Confirm that the group system:authenticated:oauth has the self-provisioner role

Answer 34

**oc describe clusterrolebindings self-provisioners**

Question 35

Remove the self-provisioner role from group system:authenticated:oauth

Answer 35

**oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth**

Question 36

Grant project administration privileges to user leader on project auth-rbac

Answer 36

**oc adm policy add-role-to-user admin leader**

Question 37

Create a group called dev-group

Answer 37

**oc adm groups new dev-group**

Question 38

Add the qa-engineer user to qa-group

Answer 38

**oc adm groups add-users qa-group qa-engineer**

Question 39

List all groups

Answer 39

oc get groups

Question 40

Add write privileges to dev-group on the current project in which current user is logged in

Answer 40

oc adm policy add-role-to-group edit dev-group

Question 41

Add read privileges to dev-group on the current project in which current user is logged in

Answer 41

**oc policy add-role-to-group view qa-group**

Question 42

Check all roles people have on tthe current project

Answer 42

**get rolebindings -o wide**