Skip to content

Instantly share code, notes, and snippets.

@harivemula

harivemula/tkgi-admin-scope-fix.md

Last active February 23, 2021 14:24
Show Gist options
  • Save harivemula/7fa3c2e9d38a86965e398bb22319db77 to your computer and use it in GitHub Desktop.
Save harivemula/7fa3c2e9d38a86965e398bb22319db77 to your computer and use it in GitHub Desktop.
Download ZIP
Fix TKGi UAA admin user scope by DB method
Raw
tkgi-admin-scope-fix.md

NOTE: don't use this method if you have alternate way to fix it by using any other user with clients.write scope

If you have removed uaa.admin scope from TKGi 'admin' user, here are the steps to fix it by db method

  • bosh -d <pks...> ssh pks-db/0
  • sudo su -
  • mysql --socket=/var/vcap/sys/run/pxc-mysql/mysqld.sock -u uaa -p
  • <password should be from TKGi tile 'Cf Mysql Uaa Db Password'>
  • use uaa;
  • Take note of existing admin client authorities.. select client_id, authorities from oauth_client_details;
  • Run update with existing authorities and add uaa.admin in the beginning.. (update oauth_client_details set authorities='uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin,pks.clusters.admin,pks.clusters.admin.read,pks.clusters.manage' where client_id='admin';*)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment