Skip to content

Commit e6b5f0b

Browse files
Kumm-KaiKumm-Kai
committed
fix(ske/login): add profile email to cacheKey
This solves an issue where the user doesn't directly see that their current credentials are unable to access the cluster, when they have a cached and still valid kubeconfig that was retrieved with different/working credentials earlier.
1 parent 2d40337 commit e6b5f0b

File tree

1 file changed

+13
-6
lines changed
  • internal/cmd/ske/kubeconfig/login

1 file changed

+13
-6
lines changed

internal/cmd/ske/kubeconfig/login/login.go

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ import (
1818
"k8s.io/client-go/rest"
1919

2020
"github.com/stackitcloud/stackit-cli/internal/pkg/args"
21+
"github.com/stackitcloud/stackit-cli/internal/pkg/auth"
22+
"github.com/stackitcloud/stackit-cli/internal/pkg/config"
2123
"github.com/stackitcloud/stackit-cli/internal/pkg/examples"
2224
"github.com/stackitcloud/stackit-cli/internal/pkg/print"
2325
"github.com/stackitcloud/stackit-cli/internal/pkg/services/ske/client"
@@ -149,20 +151,25 @@ func parseClusterConfig(p *print.Printer, cmd *cobra.Command) (*clusterConfig, e
149151
if execCredential == nil || execCredential.Spec.Cluster == nil {
150152
return nil, fmt.Errorf("ExecCredential contains not all needed fields")
151153
}
152-
config := &clusterConfig{}
153-
err = json.Unmarshal(execCredential.Spec.Cluster.Config.Raw, config)
154+
clusterConfig := &clusterConfig{}
155+
err = json.Unmarshal(execCredential.Spec.Cluster.Config.Raw, clusterConfig)
154156
if err != nil {
155157
return nil, fmt.Errorf("unmarshal: %w", err)
156158
}
157159

158-
config.cacheKey = fmt.Sprintf("ske-login-%x", sha256.Sum256([]byte(execCredential.Spec.Cluster.Server)))
160+
profile, err := config.GetProfile()
161+
if err != nil {
162+
return nil, fmt.Errorf("error getting profile: %w", err)
163+
}
164+
165+
clusterConfig.cacheKey = fmt.Sprintf("ske-login-%x", sha256.Sum256([]byte(execCredential.Spec.Cluster.Server+auth.GetProfileEmail(profile))))
159166

160167
// NOTE: Fallback if region is not set in the kubeconfig (this was the case in the past)
161-
if config.Region == "" {
162-
config.Region = globalflags.Parse(p, cmd).Region
168+
if clusterConfig.Region == "" {
169+
clusterConfig.Region = globalflags.Parse(p, cmd).Region
163170
}
164171

165-
return config, nil
172+
return clusterConfig, nil
166173
}
167174

168175
func getCachedKubeConfig(key string) *rest.Config {

0 commit comments

Comments
 (0)