It doesn't give you an anonymous token. It gives you the current token held by oc, which the server may or may not consider valid.
On Wed, Jun 21, 2017 at 1:47 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Jun 21, 2017 at 12:30 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> If your script looks like: >> >> $ oc get service foo --token "$(oc whoami -t)" >> >> and whoami -t fails you're going to get something you didn't expect as >> output. >> > > if it succeeds and gives you an anonymous token you're also going to get > something you didn't expect as output. Namely a denial on the get that > appears to make no sense. (I don't know what you'll get if the oc whoami > -t failed with an error, but probably at least something that might point > you towards the token being malformed which might lead you to run oc whoami > -t to see what it's returning. Getting a permission denied is going to > lead you to go check if the user you think you are, has permissions) > > > > >> >> >> >> On Wed, Jun 21, 2017 at 9:38 AM, Ben Parees <bpar...@redhat.com> wrote: >> >>> >>> >>> On Wed, Jun 21, 2017 at 9:31 AM, Clayton Coleman <ccole...@redhat.com> >>> wrote: >>> >>>> The reason today it does not do that so you can use it in scripting >>>> effectively. It's expected you're using that immediately in another >>>> command which would display that error. >>>> >>> >>> why would "oc whoami -t" returning an error in this case prevent using >>> it in scripting effectively? it would just mean the script would fail one >>> command earlier (before the bad token was used). Seems like that would be >>> the more useful behavior in terms of understanding what failed in the >>> script, too. >>> >>> >>> >>> >>>> >>>> On Jun 21, 2017, at 7:49 AM, Philippe Lafoucrière < >>>> philippe.lafoucri...@tech-angels.com> wrote: >>>> >>>> Just to be clear, my point is: if `oc whoami` returns "error: You must >>>> be logged in to the server (the server has asked for the client to provide >>>> credentials)", `oc whoami -t` should return the same if the session has >>>> timed out ;) >>>> >>>> _______________________________________________ >>>> users mailing list >>>> users@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> users@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >>> >>> -- >>> Ben Parees | OpenShift >>> >>> >> > > > -- > Ben Parees | OpenShift > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users