@@ -122,24 +122,26 @@ This section covers how to perform all the steps of building, deploying, and upd

     need to accept the server certificates and present its own client

     certificate. These are generated as part of the `openshift start`

     command in whatever the current directory is at the time. You will

-    need to point osc and curl at the appropriate .kubeconfig in order

+    need to point osc and curl at the appropriate certificates in order

     to connect to OpenShift. Assuming you are running as a user other

     than root, you will also need to make the .kubeconfig readable by

     that user. (Note: this is just for example purposes; in a real

     installation, users would generate their own keys and not have access

     to the system keys.)

-        $ export OPENSHIFTCONFIG=`pwd`/openshift.local.certificates/admin/.kubeconfig

         $ export CURL_CA_BUNDLE=`pwd`/openshift.local.certificates/ca/cert.crt

-        $ sudo chmod a+rwX "$OPENSHIFTCONFIG"

+        $ sudo chmod a+rwX `pwd`/openshift.local.certificates/admin/.kubeconfig

 4. Bind a user names `test-admin` to the `view` role in the default namespace so you can observe progress in the web console

-        $ openshift ex policy add-role-to-user view test-admin

+        $ osadm policy add-role-to-user view test-admin --config=openshift.local.certificates/admin/.kubeconfig

+5. Login as `test-admin` using any password

+        $ osc login --certificate-authority=`pwd`/openshift.local.certificates/ca/cert.crt

-5. *Optional:* View the OpenShift web console in your browser by browsing to `https://<host>:8443/console`.  Login using the user `test-admin` and any password.

+

+6. *Optional:* View the OpenShift web console in your browser by browsing to `https://<host>:8443/console`.  Login using the user `test-admin` and any password.

     * You will need to have the browser accept the certificate at

       `https://<host>:8443` before the console can consult the OpenShift

@@ -150,10 +152,10 @@ This section covers how to perform all the steps of building, deploying, and upd

       and run builds.

-6. Deploy a private docker registry within OpenShift with the certs necessary for access to master:

+7. Deploy a private docker registry within OpenShift with the certs necessary for access to master:

         $ sudo chmod +r ./openshift.local.certificates/openshift-registry/.kubeconfig

-        $ openshift ex registry --create --credentials=./openshift.local.certificates/openshift-registry/.kubeconfig

+        $ openshift ex registry --create --credentials=./openshift.local.certificates/openshift-registry/.kubeconfig --config=openshift.local.certificates/admin/.kubeconfig

           docker-registry # the service

           docker-registry # the deployment config

@@ -163,7 +165,7 @@ This section covers how to perform all the steps of building, deploying, and upd

     of this tutorial.

-7. Confirm the registry is started (this can take a few minutes):

+8. Confirm the registry is started (this can take a few minutes):

         $ osc describe service docker-registry

@@ -181,7 +183,7 @@ This section covers how to perform all the steps of building, deploying, and upd

     be added to the docker-registry service list so that it's reachable from other places.

-8. Confirm the registry is accessible (you may need to run this more than once):

+9. Confirm the registry is accessible (you may need to run this more than once):

         $ curl `osc get service docker-registry --template="{{ .spec.portalIP }}:{{ with index .spec.ports 0 }}{{ .port }}{{ end }}"`

@@ -190,12 +192,12 @@ This section covers how to perform all the steps of building, deploying, and upd

         "docker-registry server (dev) (v0.9.0)"

-9. Create a new project in OpenShift. This creates a namespace `test` to contain the builds and app that we will generate below.

+10. Create a new project in OpenShift. This creates a namespace `test` to contain the builds and app that we will generate below.

-        $ openshift ex new-project test --display-name="OpenShift 3 Sample" --description="This is an example project to demonstrate OpenShift v3" --admin=test-admin

+        $ osc new-project test --display-name="OpenShift 3 Sample" --description="This is an example project to demonstrate OpenShift v3"

-10. *Optional:* View the OpenShift web console in your browser by browsing to `https://<host>:8443/console`.  Login using the user `test-admin` and any password.

+11. *Optional:* View the OpenShift web console in your browser by browsing to `https://<host>:8443/console`.  Login using the user `test-admin` and any password.

     * You will need to have the browser accept the certificate at

       `https://<host>:8443` before the console can consult the OpenShift

@@ -206,7 +208,7 @@ This section covers how to perform all the steps of building, deploying, and upd

       and run builds.

-11. *Optional:* Fork the [ruby sample repository](https://github.com/openshift/ruby-hello-world)

+12. *Optional:* Fork the [ruby sample repository](https://github.com/openshift/ruby-hello-world)

     to an OpenShift-visible git account that you control, preferably

     somewhere that can also reach your OpenShift server with a webhook.

     A github.com account is an obvious place for this, but an in-house

@@ -220,7 +222,7 @@ This section covers how to perform all the steps of building, deploying, and upd

     OpenShift's public repository, just not a changed build.

-12. *Optional:* Add the following webhook under the settings in your new GitHub repository:

+13. *Optional:* Add the following webhook under the settings in your new GitHub repository:

         $ https://<host>:8443/osapi/v1beta1/buildConfigHooks/ruby-sample-build/secret101/github?namespace=test

@@ -230,20 +232,12 @@ This section covers how to perform all the steps of building, deploying, and upd

     instance as the certificate chain generated is not publicly verified.

-13. Edit application-template-stibuild.json which will define the sample application

+14. Edit application-template-stibuild.json which will define the sample application

  * Update the BuildConfig's sourceURI (git://github.com/openshift/ruby-hello-world.git) to point to your forked repository.

    *Note:* You can skip this step if you did not create a forked repository.

-14. Log in with the "test-admin" user and switch to the "test" project which will be used by every command from now on. This

-    will update the file pointed by $OPENSHIFTCONFIG and will make it easy to switch betwen the "master" context and the

-    "test-admin" user:

-

-        $ osc login -u test-admin -p pass

-        $ osc project test

-

-

 15. Submit the application template for processing (generating shared parameters requested in the template)

     and then request creation of the processed template:

@@ -379,23 +373,26 @@ the ip address shown below with the correct one for your environment.

             $ docker pull openshift/origin-haproxy-router

             $ sudo chmod +r `pwd`/openshift.local.certificates/openshift-router/.kubeconfig

-            $ openshift ex router --create --credentials="`pwd`/openshift.local.certificates/openshift-router/.kubeconfig"

+            $ openshift ex router --create --credentials="`pwd`/openshift.local.certificates/openshift-router/.kubeconfig" --config=openshift.local.certificates/admin/.kubeconfig

               router # the service

               router # the deployment config

-3.  Wait for the router to start.

+3.  Switch to the `default` project to watch for router to start

+            $ osc project default

+

+4.  Wait for the router to start.

             $ osc describe dc router

             # watch for the number of deployed pods to go to 1

-4.  *Optional:* View the logs of the router.

+5.  *Optional:* View the logs of the router.

             $ osc log router-1-<podrandom-suffix>

-5.  Curl the url, substituting the ip address shown for the correct value in your environment.

+6.  Curl the url, substituting the ip address shown for the correct value in your environment.

             $ curl -s -k --resolve www.example.com:443:10.0.2.15 https://www.example.com

                 ... removed for readability ...

@@ -403,7 +400,7 @@ the ip address shown below with the correct one for your environment.

                 ... removed for readability ...

-6. *Optional*: View the certificate being used for the secure route.

+7. *Optional*: View the certificate being used for the secure route.

             $ openssl s_client -servername www.example.com -connect 10.0.2.15:443

             ... removed for readability ...

@@ -123,7 +123,7 @@ if [[ "${API_SCHEME}" == "https" ]]; then

 fi

 # set the home directory so we don't pick up the users .config

-export HOME="${CERT_DIR}/admin"

+export HOME="${TEMP_DIR}/home"

 wait_for_url "${KUBELET_SCHEME}://${KUBELET_HOST}:${KUBELET_PORT}/healthz" "kubelet: " 0.25 80

 wait_for_url "${API_SCHEME}://${API_HOST}:${API_PORT}/healthz" "apiserver: " 0.25 80

@@ -146,11 +146,14 @@ export KUBERNETES_MASTER="${API_SCHEME}://${API_HOST}:${API_PORT}"

 if [[ "${API_SCHEME}" == "https" ]]; then

     # test bad certificate

     [ "$(osc get services 2>&1 | grep 'certificate signed by unknown authority')" ]

-

-    # ignore anything in the running user's $HOME dir

-    export HOME="${CERT_DIR}/admin"

 fi

+

+osc login --server=${KUBERNETES_MASTER} --certificate-authority="${CERT_DIR}/ca/cert.crt" -u test-user -p anything

+osc new-project project-foo --display-name="my project" --description="boring project description"

+[ "$(osc project | grep 'Using project "project-foo"')" ]

+

+

 # test config files from the --config flag

 osc get services --config="${CERT_DIR}/admin/.kubeconfig"

@@ -243,17 +243,11 @@ func (o *LoginOptions) gatherProjectInfo() error {

 	switch len(projectsItems) {

 	case 0:

-		// TODO most users will not be allowed to run the suggested commands below, so we should check it and/or

-		// have a server endpoint that allows an admin to describe to users how to request projects

-		fmt.Fprintf(o.Out, `You don't have any projects. If you have access to create a new project, run

+		fmt.Fprintf(o.Out, `You don't have any projects. You can try to create a new project, by running

-    $ openshift ex new-project <projectname> --admin=%q

+    $ osc new-project <projectname>

-To be added as an admin to an existing project, run

-

-    $ openshift ex policy add-role-to-user admin %q -n <projectname>

-

-`, o.Username, o.Username)

+`)

 	case 1:

 		o.Project = projectsItems[0].Name

@@ -1,13 +1,16 @@

 package cmd

 import (

+	"errors"

 	"fmt"

 	"io"

-	"github.com/golang/glog"

 	"github.com/spf13/cobra"

+	kcmdutil "github.com/GoogleCloudPlatform/kubernetes/pkg/kubectl/cmd/util"

+

 	"github.com/openshift/origin/pkg/client"

+	cliconfig "github.com/openshift/origin/pkg/cmd/cli/config"

 	"github.com/openshift/origin/pkg/cmd/util/clientcmd"

 	projectapi "github.com/openshift/origin/pkg/project/api"

 )

@@ -18,6 +21,9 @@ type NewProjectOptions struct {

 	Description string

 	Client client.Interface

+

+	ProjectOptions *ProjectOptions

+	Out            io.Writer

 }

 const requestProjectLongDesc = `

@@ -40,22 +46,23 @@ After your project is created you can switch to it using %[3]s <project name>.

 func NewCmdRequestProject(name, fullName, oscLoginName, oscProjectName string, f *clientcmd.Factory, out io.Writer) *cobra.Command {

 	options := &NewProjectOptions{}

+	options.Out = out

 	cmd := &cobra.Command{

 		Use:   fmt.Sprintf("%s <project-name> [--display-name=<your display name> --description=<your description]", name),

 		Short: "request a new project",

 		Long:  fmt.Sprintf(requestProjectLongDesc, fullName, oscLoginName, oscProjectName),

 		Run: func(cmd *cobra.Command, args []string) {

-			if !options.complete(cmd) {

-				return

+			if err := options.complete(cmd, f); err != nil {

+				kcmdutil.CheckErr(err)

 			}

 			var err error

 			if options.Client, _, err = f.Clients(); err != nil {

-				glog.Fatalf("Error getting client: %v", err)

+				kcmdutil.CheckErr(err)

 			}

 			if err := options.Run(); err != nil {

-				glog.Fatal(err)

+				kcmdutil.CheckErr(err)

 			}

 		},

 	}

@@ -67,16 +74,22 @@ func NewCmdRequestProject(name, fullName, oscLoginName, oscProjectName string, f

 	return cmd

 }

-func (o *NewProjectOptions) complete(cmd *cobra.Command) bool {

+func (o *NewProjectOptions) complete(cmd *cobra.Command, f *clientcmd.Factory) error {

 	args := cmd.Flags().Args()

 	if len(args) != 1 {

 		cmd.Help()

-		return false

+		return errors.New("must have exactly one argument")

 	}

 	o.ProjectName = args[0]

-	return true

+	o.ProjectOptions = &ProjectOptions{}

+	o.ProjectOptions.PathOptions = cliconfig.NewPathOptions(cmd)

+	if err := o.ProjectOptions.Complete(f, []string{""}, o.Out); err != nil {

+		return err

+	}

+

+	return nil

 }

 func (o *NewProjectOptions) Run() error {

@@ -85,9 +98,20 @@ func (o *NewProjectOptions) Run() error {

 	projectRequest.DisplayName = o.DisplayName

 	projectRequest.Annotations = make(map[string]string)

 	projectRequest.Annotations["description"] = o.Description

-	if _, err := o.Client.ProjectRequests().Create(projectRequest); err != nil {

+

+	project, err := o.Client.ProjectRequests().Create(projectRequest)

+	if err != nil {

 		return err

 	}

+	if o.ProjectOptions != nil {

+		o.ProjectOptions.ProjectName = project.Name

+		o.ProjectOptions.ProjectOnly = true

+

+		if err := o.ProjectOptions.RunProject(); err != nil {

+			return err

+		}

+	}

+

 	return nil

 }

@@ -3,6 +3,7 @@

 package integration

 import (

+	"io/ioutil"

 	"testing"

 	"time"

@@ -50,6 +51,7 @@ func TestUnprivilegedNewProject(t *testing.T) {

 		Description: "the special description",

 		Client: valerieOpenshiftClient,

+		Out:    ioutil.Discard,

 	}

 	if err := requestProject.Run(); err != nil {