cmoulliard/gist:f277724b4371862d018dff84035c0cba Secret

## gistfile1.txt
mvn clean compile exec:java
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512m; support was removed in 8.0
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building openshift-client 1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ openshift-client ---
[INFO] Deleting /Users/chmoulli/Temp/test-kubernetes-client/target
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ openshift-client ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 1 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ openshift-client ---
[INFO] Changes detected - recompiling the module!
[WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent!
[INFO] Compiling 1 source file to /Users/chmoulli/Temp/test-kubernetes-client/target/classes
[INFO]
[INFO] --- exec-maven-plugin:1.4.0:java (default-cli) @ openshift-client ---
--> GET https://172.28.128.4:8443/oapi/v1/users/~ HTTP/1.1
Accept: application/json
Host: 172.28.128.4:8443
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.7.2
--> END GET
<-- HTTP/1.1 403 Forbidden (10ms)
Cache-Control: no-store
Content-Type: application/json
Date: Wed, 27 Apr 2016 09:52:32 GMT
Content-Length: 263
OkHttp-Sent-Millis: 1461750752648
OkHttp-Received-Millis: 1461750752657

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "User \"system:anonymous\" cannot get users at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "name": "~",
    "kind": "users"
  },
  "code": 403
}

<-- END HTTP (263-byte body)
--> GET https://172.28.128.4:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client HTTP/1.1
Authorization: Basic YWRtaW46YWRtaW4=
Accept: application/json
Host: 172.28.128.4:8443
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.7.2
--> END GET
<-- HTTP/1.1 302 Found (22ms)
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://172.28.128.4:8443/oauth/token/implicit#access_token=qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU&expires_in=86400&token_type=Bearer
Pragma: no-cache
Set-Cookie: ssn=MTQ2MTc1MDc1MnxhSEU4RjdxQ1NRelM1aFphc0ExZGVoXzdvQXBiQk9WcFRmZHRLUHJSZVBlaFl0bk9LV081VF9nMmpuMzh4b1JFdXhkSXprTlVmM2J4TjRCNGpRa3hFQUpFb04ydlVNZFJ1V2tFeVBmb1BiRS13cHRqQkNrampJdzgxUS16WHVNa2RnPT18OHVYMlRQEcWD-0KRKISSoAfOwAxrs03gffV6S-zLtB4=; Path=/; Expires=Wed, 27 Apr 2016 09:57:32 GMT; Max-Age=300; HttpOnly; Secure
Date: Wed, 27 Apr 2016 09:52:32 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8
OkHttp-Sent-Millis: 1461750752662
OkHttp-Received-Millis: 1461750752684
<-- END HTTP (0-byte body)
--> GET https://172.28.128.4:8443/oauth/token/implicit#access_token=qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU&expires_in=86400&token_type=Bearer HTTP/1.1
Authorization: Basic YWRtaW46YWRtaW4=
Accept: application/json
Host: 172.28.128.4:8443
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.7.2
--> END GET
<-- HTTP/1.1 200 OK (2ms)
Content-Type: text/plain
Date: Wed, 27 Apr 2016 09:52:32 GMT
Content-Length: 756
OkHttp-Sent-Millis: 1461750752685
OkHttp-Received-Millis: 1461750752687


You have reached this page by following a redirect Location header from an OAuth authorize request.

If a response_type=token parameter was passed to the /authorize endpoint, that requested an
"Implicit Grant" OAuth flow (see https://tools.ietf.org/html/rfc6749#section-4.2).

That flow requires the access token to be returned in the fragment portion of a redirect header.
Rather than following the redirect here, you can obtain the access token from the Location header
(see https://tools.ietf.org/html/rfc6749#section-4.2.2):

  1. Parse the URL in the Location header and extract the fragment portion
  2. Parse the fragment using the "application/x-www-form-urlencoded" format
  3. The access_token parameter contains the granted OAuth access token

<-- END HTTP (756-byte body)
--> GET https://172.28.128.4:8443/oapi/v1/users/~ HTTP/1.1
Accept: application/json
Authorization: Bearer qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU
Host: 172.28.128.4:8443
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.7.2
--> END GET
<-- HTTP/1.1 200 OK (4ms)
Cache-Control: no-store
Content-Type: application/json
Date: Wed, 27 Apr 2016 09:52:32 GMT
Content-Length: 258
OkHttp-Sent-Millis: 1461750752688
OkHttp-Received-Millis: 1461750752692

{"kind":"User","apiVersion":"v1","metadata":{"name":"admin","selfLink":"/oapi/v1/users/admin","uid":"2bef9c82-0b01-11e6-9d72-080027b5c2f4","resourceVersion":"1819","creationTimestamp":"2016-04-25T16:17:14Z"},"identities":["anypassword:admin"],"groups":null}

<-- END HTTP (258-byte body)
11:52:32.723 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO  org.fuse.demo.kubernetes.ApimanClient - User : User(apiVersion=v1, fullName=null, groups=null, identities=[anypassword:admin], kind=User, metadata=ObjectMeta(annotations=null, creationTimestamp=2016-04-25T16:17:14Z, deletionGracePeriodSeconds=null, deletionTimestamp=null, generateName=null, generation=null, labels=null, name=admin, namespace=null, resourceVersion=1819, selfLink=/oapi/v1/users/admin, uid=2bef9c82-0b01-11e6-9d72-080027b5c2f4, additionalProperties={}), additionalProperties={})
--> POST https://172.28.128.4:8443/oapi/v1/namespaces/default/subjectaccessreviews HTTP/1.1
Content-Type: application/json; charset=utf-8
Content-Length: 86
Accept: application/json
Authorization: Bearer qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU
Host: 172.28.128.4:8443
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/2.7.2

{"apiVersion":"v1","groups":[],"kind":"SubjectAccessReview","resource":"*","verb":"*"}
--> END POST (86-byte body)
<-- HTTP/1.1 201 Created (5ms)
Cache-Control: no-store
Content-Type: application/json
Date: Wed, 27 Apr 2016 09:52:32 GMT
Content-Length: 129
OkHttp-Sent-Millis: 1461750752757
OkHttp-Received-Millis: 1461750752762

{"kind":"SubjectAccessReviewResponse","apiVersion":"v1","namespace":"default","allowed":true,"reason":"allowed by cluster rule"}

<-- END HTTP (129-byte body)
11:52:32.765 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO  org.fuse.demo.kubernetes.ApimanClient - isAdminResponse: SubjectAccessReviewResponse(allowed=true, apiVersion=v1, kind=SubjectAccessReviewResponse, namespace=default, reason=allowed by cluster rule, additionalProperties={})
11:52:32.765 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO  org.fuse.demo.kubernetes.ApimanClient - Allowed : true
11:52:32.765 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO  org.fuse.demo.kubernetes.ApimanClient - User name : admin
	mvn clean compile exec:java
	Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0
	Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512m; support was removed in 8.0
	[INFO] Scanning for projects...
	[INFO]
	[INFO] ------------------------------------------------------------------------
	[INFO] Building openshift-client 1.0-SNAPSHOT
	[INFO] ------------------------------------------------------------------------
	[INFO]
	[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ openshift-client ---
	[INFO] Deleting /Users/chmoulli/Temp/test-kubernetes-client/target
	[INFO]
	[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ openshift-client ---
	[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
	[INFO] Copying 1 resource
	[INFO]
	[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ openshift-client ---
	[INFO] Changes detected - recompiling the module!
	[WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent!
	[INFO] Compiling 1 source file to /Users/chmoulli/Temp/test-kubernetes-client/target/classes
	[INFO]
	[INFO] --- exec-maven-plugin:1.4.0:java (default-cli) @ openshift-client ---
	--> GET https://172.28.128.4:8443/oapi/v1/users/~ HTTP/1.1
	Accept: application/json
	Host: 172.28.128.4:8443
	Connection: Keep-Alive
	Accept-Encoding: gzip
	User-Agent: okhttp/2.7.2
	--> END GET
	<-- HTTP/1.1 403 Forbidden (10ms)
	Cache-Control: no-store
	Content-Type: application/json
	Date: Wed, 27 Apr 2016 09:52:32 GMT
	Content-Length: 263
	OkHttp-Sent-Millis: 1461750752648
	OkHttp-Received-Millis: 1461750752657

	{
	"kind": "Status",
	"apiVersion": "v1",
	"metadata": {},
	"status": "Failure",
	"message": "User \"system:anonymous\" cannot get users at the cluster scope",
	"reason": "Forbidden",
	"details": {
	"name": "~",
	"kind": "users"
	},
	"code": 403
	}

	<-- END HTTP (263-byte body)
	--> GET https://172.28.128.4:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client HTTP/1.1
	Authorization: Basic YWRtaW46YWRtaW4=
	Accept: application/json
	Host: 172.28.128.4:8443
	Connection: Keep-Alive
	Accept-Encoding: gzip
	User-Agent: okhttp/2.7.2
	--> END GET
	<-- HTTP/1.1 302 Found (22ms)
	Cache-Control: no-cache, no-store, max-age=0, must-revalidate
	Expires: Fri, 01 Jan 1990 00:00:00 GMT
	Location: https://172.28.128.4:8443/oauth/token/implicit#access_token=qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU&expires_in=86400&token_type=Bearer
	Pragma: no-cache
	Set-Cookie: ssn=MTQ2MTc1MDc1MnxhSEU4RjdxQ1NRelM1aFphc0ExZGVoXzdvQXBiQk9WcFRmZHRLUHJSZVBlaFl0bk9LV081VF9nMmpuMzh4b1JFdXhkSXprTlVmM2J4TjRCNGpRa3hFQUpFb04ydlVNZFJ1V2tFeVBmb1BiRS13cHRqQkNrampJdzgxUS16WHVNa2RnPT18OHVYMlRQEcWD-0KRKISSoAfOwAxrs03gffV6S-zLtB4=; Path=/; Expires=Wed, 27 Apr 2016 09:57:32 GMT; Max-Age=300; HttpOnly; Secure
	Date: Wed, 27 Apr 2016 09:52:32 GMT
	Content-Length: 0
	Content-Type: text/plain; charset=utf-8
	OkHttp-Sent-Millis: 1461750752662
	OkHttp-Received-Millis: 1461750752684
	<-- END HTTP (0-byte body)
	--> GET https://172.28.128.4:8443/oauth/token/implicit#access_token=qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU&expires_in=86400&token_type=Bearer HTTP/1.1
	Authorization: Basic YWRtaW46YWRtaW4=
	Accept: application/json
	Host: 172.28.128.4:8443
	Connection: Keep-Alive
	Accept-Encoding: gzip
	User-Agent: okhttp/2.7.2
	--> END GET
	<-- HTTP/1.1 200 OK (2ms)
	Content-Type: text/plain
	Date: Wed, 27 Apr 2016 09:52:32 GMT
	Content-Length: 756
	OkHttp-Sent-Millis: 1461750752685
	OkHttp-Received-Millis: 1461750752687


	You have reached this page by following a redirect Location header from an OAuth authorize request.

	If a response_type=token parameter was passed to the /authorize endpoint, that requested an
	"Implicit Grant" OAuth flow (see https://tools.ietf.org/html/rfc6749#section-4.2).

	That flow requires the access token to be returned in the fragment portion of a redirect header.
	Rather than following the redirect here, you can obtain the access token from the Location header
	(see https://tools.ietf.org/html/rfc6749#section-4.2.2):

	1. Parse the URL in the Location header and extract the fragment portion
	2. Parse the fragment using the "application/x-www-form-urlencoded" format
	3. The access_token parameter contains the granted OAuth access token

	<-- END HTTP (756-byte body)
	--> GET https://172.28.128.4:8443/oapi/v1/users/~ HTTP/1.1
	Accept: application/json
	Authorization: Bearer qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU
	Host: 172.28.128.4:8443
	Connection: Keep-Alive
	Accept-Encoding: gzip
	User-Agent: okhttp/2.7.2
	--> END GET
	<-- HTTP/1.1 200 OK (4ms)
	Cache-Control: no-store
	Content-Type: application/json
	Date: Wed, 27 Apr 2016 09:52:32 GMT
	Content-Length: 258
	OkHttp-Sent-Millis: 1461750752688
	OkHttp-Received-Millis: 1461750752692

	{"kind":"User","apiVersion":"v1","metadata":{"name":"admin","selfLink":"/oapi/v1/users/admin","uid":"2bef9c82-0b01-11e6-9d72-080027b5c2f4","resourceVersion":"1819","creationTimestamp":"2016-04-25T16:17:14Z"},"identities":["anypassword:admin"],"groups":null}

	<-- END HTTP (258-byte body)
	11:52:32.723 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO org.fuse.demo.kubernetes.ApimanClient - User : User(apiVersion=v1, fullName=null, groups=null, identities=[anypassword:admin], kind=User, metadata=ObjectMeta(annotations=null, creationTimestamp=2016-04-25T16:17:14Z, deletionGracePeriodSeconds=null, deletionTimestamp=null, generateName=null, generation=null, labels=null, name=admin, namespace=null, resourceVersion=1819, selfLink=/oapi/v1/users/admin, uid=2bef9c82-0b01-11e6-9d72-080027b5c2f4, additionalProperties={}), additionalProperties={})
	--> POST https://172.28.128.4:8443/oapi/v1/namespaces/default/subjectaccessreviews HTTP/1.1
	Content-Type: application/json; charset=utf-8
	Content-Length: 86
	Accept: application/json
	Authorization: Bearer qn08Tfjn4NgL_TSsqSBiOEoP6-6wr-pnmPzE6J_mzQU
	Host: 172.28.128.4:8443
	Connection: Keep-Alive
	Accept-Encoding: gzip
	User-Agent: okhttp/2.7.2

	{"apiVersion":"v1","groups":[],"kind":"SubjectAccessReview","resource":"","verb":""}
	--> END POST (86-byte body)
	<-- HTTP/1.1 201 Created (5ms)
	Cache-Control: no-store
	Content-Type: application/json
	Date: Wed, 27 Apr 2016 09:52:32 GMT
	Content-Length: 129
	OkHttp-Sent-Millis: 1461750752757
	OkHttp-Received-Millis: 1461750752762

	{"kind":"SubjectAccessReviewResponse","apiVersion":"v1","namespace":"default","allowed":true,"reason":"allowed by cluster rule"}

	<-- END HTTP (129-byte body)
	11:52:32.765 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO org.fuse.demo.kubernetes.ApimanClient - isAdminResponse: SubjectAccessReviewResponse(allowed=true, apiVersion=v1, kind=SubjectAccessReviewResponse, namespace=default, reason=allowed by cluster rule, additionalProperties={})
	11:52:32.765 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO org.fuse.demo.kubernetes.ApimanClient - Allowed : true
	11:52:32.765 [org.fuse.demo.kubernetes.ApimanClient.main()] INFO org.fuse.demo.kubernetes.ApimanClient - User name : admin