Description of problem: `oc --token <token_value>` is not respected in some scenario Version-Release number of selected component (if applicable): oc: openshift-clients-4.4.0-202002140717.git.1.7c44b75.el7.x86_64 server: 4.4.0-0.nightly-2020-02-19-222437 How reproducible: Always Steps to Reproduce: 1. First, login with normal user xxia1: $ rm -f ~/.kube/config $ oc login --server https://api...:6443 --insecure-skip-tls-verify -u xxia1 -p ... $ oc whoami -t LD-kO... $ oc new-project xxia1-proj Then login with normal user xxia2: $ oc login --server https://api...:6443 --insecure-skip-tls-verify -u xxia2 -p ... 2. Check below with above xxia1 token: $ oc whoami --token LD-kO... # shows xxia1 $ oc get project --token LD-kO... # shows xxia1-proj This is correct since --token is expected to override current user xxia2 in ~/.kube/config 3. Clean ~/.kube/config $ rm -f ~/.kube/config Place above https://api...:6443 cluster's original kubeconfig in ~/.kube/config: $ curl -k -o ~/.kube/config https://.../job/Launch%20Environment%20Flexy/81790/artifact/workdir/install-dir/auth/kubeconfig 4. Check step 2 again: $ oc whoami --token LD-kO... # shows system:admin $ oc get project --token LD-kO... # shows all projects Actual results: 4. `oc --token <token_value>` is not respected. Check with --v 9, it indeed used above xxia1 token "Bearer LD-kO...": $ oc whoami --token LD-kO... --v 9 ... curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: oc/v4.4.0 (linux/amd64) kubernetes/5d7a12f" -H "Authorization: Bearer LD-kO..." 'https://api...:6443/apis/user.openshift.io/v1/users/~' ... Expected results: 4. `oc --token <token_value>` is respected
This is not a bug, but was changed recently to match what k8s does, see https://github.com/openshift/origin/pull/24178.