Configuring OAuth httpasswd identity provider in OpenShift

First, create httpasswd file with users - add first user:

htpasswd -c -B -b /tmp/htpasswd admin adminpwd1

Add 2 more users, note that below command changed:

htpasswd -b -B /tmp/htpasswd anna annapwd2
htpasswd -b -B /tmp/htpasswd linda lindapwd3

View the contents of the htpasswd file:

cat /tmp/htpasswd

Create a secret which uses this file contents in the openshift-config namespace:

oc -n openshift-config create secret generic httpasswd-secret --from-file htpasswd=/tmp/htpasswd

Add user anna as cluster-admin using RBAC:

oc adm policy add-cluster-role-to-user cluster-admin anna

You can ignore warnings, you will get them if you weren't login first with this user. We will do that later.

Get OAuth configuration and edit it:

oc get oauth cluster -o yaml > oauth.yaml
vim oauth.yaml

Add the above secret to the configuration:

spec:
  identityProviders:
  - htpasswd:
      fileData:
        name: htpasswd-sercret
    type: HTPasswd
    name: htpasswd_provider
    mappingMethod: claim

Save and apply:

oc replace -f oauth.yaml

Monitor the changes, some of below pods should terminate and new one should be started by OAuth operator:

oc -n openshift-authentication get pods

Once it is done, when you issue:

oc get users

you won't get the list of the users until you login.

So, try to login:

oc login -u anna -p annapwd2

Note that in above case - you will get cluster-admin privileges after login:

oc get nodes
oc get ns

If you login as linda:

oc login -u anna -p lindapwd3

You will have limited privileges.

Now you can see all users (if you login back as anna to have cluster-admin permissions):

oc get users
oc get identity

To update password, add a new user, or delete existing - you should extract the file from secret:

oc -n openshift-config extract secret/httpasswd-secret --to /tmp --confirm

And then update the file with htpasswd. To update a password:

htpasswd -b -B /tmp/htpasswd anna newpassword123

To add a new user:

htpasswd -b -B /tmp/htpasswd bob bobpwd4

To delete a user:

htpasswd -D -B /tmp/htpasswd linda

After required procedure on users, update the secret:

oc -n openshift-config set data secret/httpasswd-secret --from-file httpasswd=/tmp/htpasswd

And wait until the OAuth operator restarts the pods in the openshift-authentication namespace:

oc -n openshift-authentication get pods