uaa admin account is stored in the mysql database running on the pks-db VM under the pivotal-container-service deployment
1. Bosh ssh into the pks-db VM
bosh -d pivotal-container-service-DEPLOYMENT ssh pks-db
2. backup the uaa database with mysqldump from pks-db VM
sudo /var/vcap/packages/pxc/bin/mysqldump --defaults-file=/var/vcap/jobs/pxc-mysql/config/mylogin.cnf uaa > /tmp/database_uaa.sql
3. connect to the mysql and uaa database from the pks-db VM
mysql --defaults-file=/var/vcap/jobs/pxc-mysql/config/mylogin.cnf
mysql> USE uaa;
4. confirm the current scope authorities for uaa admin account
mysql> SELECT client_id,scope,authorities FROM oauth_client_details WHERE client_id = 'admin' ;
5. restore the original scope authorities for uaa admin account
UPDATE oauth_client_details SET authorities = 'uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin,pks.clusters.admin,pks.clusters.admin.read,pks.clusters.manage' WHERE client_id = 'admin' ;
6. confirm the original scope authorities for uaa admin account has been restored
mysql> SELECT client_id,scope,authorities FROM oauth_client_details WHERE client_id = 'admin' ;
+-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| client_id | scope | authorities |
+-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin | uaa.none | uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin,pks.clusters.admin,pks.clusters.admin.read,pks.clusters.manage |
+-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
7. confirm with uaac cli from OpsManager VM, you can now list the uaa clients (PKS_UAA_MANAGEMENT_ADMIN_CLIENT and TKGI_API_URL can be retrieved from the TKGi tile)
uaac target https://TKGI_API_URL:8443 --skip-ssl-validation
uaac token client get admin -s PKS_UAA_MANAGEMENT_ADMIN_CLIENT
uaac clients