func GetScopedClientForUser(adminClient *client.Client, clientConfig restclient.Config, username string, scopes []string) (*client.Client, *kclient.Client, *restclient.Config, error) {
// make sure the user exists
if _, _, _, err := GetClientForUser(clientConfig, username); err != nil {
return nil, nil, nil, err
}
user, err := adminClient.Users().Get(username)
if err != nil {
return nil, nil, nil, err
}
token := &oauthapi.OAuthAccessToken{
ObjectMeta: kapi.ObjectMeta{Name: fmt.Sprintf("%s-token-plus-some-padding-here-to-make-the-limit-%d", username, rand.Int())},
ClientName: origin.OpenShiftCLIClientID,
ExpiresIn: 86400,
Scopes: scopes,
RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
UserName: user.Name,
UserUID: string(user.UID),
}
if _, err := adminClient.OAuthAccessTokens().Create(token); err != nil {
return nil, nil, nil, err
}
scopedConfig := clientcmd.AnonymousClientConfig(&clientConfig)
scopedConfig.BearerToken = token.Name
kubeClient, err := kclient.New(&scopedConfig)
if err != nil {
return nil, nil, nil, err
}
osClient, err := client.New(&scopedConfig)
if err != nil {
return nil, nil, nil, err
}
return osClient, kubeClient, &scopedConfig, nil
}
func whoAmI(client *client.Client) (*api.User, error) {
me, err := client.Users().Get("~")
if err != nil {
return nil, err
}
return me, nil
}
func verifyOpenShiftUser(client *client.Client) error {
if _, err := client.Users().Get("~"); err != nil {
log.Errorf("Get user failed with error: %s", err)
if kerrors.IsUnauthorized(err) || kerrors.IsForbidden(err) {
return ErrOpenShiftAccessDenied
}
return err
}
return nil
}