diff --git a/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts b/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts index 010ec7174e..fbdce1ea41 100644 --- a/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts +++ b/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts @@ -15,6 +15,7 @@ import pathExistsInjectable from "../../common/fs/path-exists.injectable"; import writeFileInjectable from "../../common/fs/write-file.injectable"; import removePathInjectable from "../../common/fs/remove.injectable"; import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable"; +import authHeaderStateInjectable from "../../features/auth-header/common/header-state.injectable"; export interface KubeConfigManagerInstantiationParameter { cluster: Cluster; @@ -30,12 +31,13 @@ const createKubeconfigManagerInjectable = getInjectable({ directoryForTemp: di.inject(directoryForTempInjectable), logger: di.inject(loggerInjectable), lensProxyPort: di.inject(lensProxyPortInjectable), + certificate: di.inject(lensProxyCertificateInjectable).get(), + authHeaderToken: di.inject(authHeaderStateInjectable).get(), joinPaths: di.inject(joinPathsInjectable), getDirnameOfPath: di.inject(getDirnameOfPathInjectable), removePath: di.inject(removePathInjectable), pathExists: di.inject(pathExistsInjectable), writeFile: di.inject(writeFileInjectable), - certificate: di.inject(lensProxyCertificateInjectable).get(), }; return (cluster) => new KubeconfigManager(dependencies, cluster); diff --git a/src/main/kubeconfig-manager/kubeconfig-manager.ts b/src/main/kubeconfig-manager/kubeconfig-manager.ts index 0486521e21..41548698fb 100644 --- a/src/main/kubeconfig-manager/kubeconfig-manager.ts +++ b/src/main/kubeconfig-manager/kubeconfig-manager.ts @@ -21,12 +21,13 @@ export interface KubeconfigManagerDependencies { readonly directoryForTemp: string; readonly logger: Logger; readonly lensProxyPort: { get: () => number }; + readonly certificate: SelfSignedCert; + readonly authHeaderToken: string; joinPaths: JoinPaths; getDirnameOfPath: GetDirnameOfPath; pathExists: PathExists; removePath: RemovePath; writeFile: WriteFile; - certificate: SelfSignedCert; } export class KubeconfigManager { @@ -87,10 +88,6 @@ export class KubeconfigManager { } } - get resolveProxyUrl() { - return `https://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}`; - } - /** * Creates new "temporary" kubeconfig that point to the kubectl-proxy. * This way any user of the config does not need to know anything about the auth etc. details. @@ -98,24 +95,36 @@ export class KubeconfigManager { protected async createProxyKubeconfig(): Promise { const { cluster } = this; const { contextName, id } = cluster; - const tempFile = this.dependencies.joinPaths( - this.dependencies.directoryForTemp, + const { + certificate, + authHeaderToken, + joinPaths, + lensProxyPort, + writeFile, + directoryForTemp, + logger, + } = this.dependencies; + + const tempFile = joinPaths( + directoryForTemp, `kubeconfig-${id}`, ); const kubeConfig = await cluster.getKubeconfig(); - const { certificate } = this.dependencies; const proxyConfig: PartialDeep = { currentContext: contextName, clusters: [ { name: contextName, - server: this.resolveProxyUrl, + server: `https://127.0.0.1:${lensProxyPort.get()}/${cluster.id}`, skipTLSVerify: false, caData: Buffer.from(certificate.cert).toString("base64"), }, ], users: [ - { name: "proxy", username: "lens", password: "fake" }, + { + name: "proxy", + token: authHeaderToken, + }, ], contexts: [ { @@ -129,8 +138,8 @@ export class KubeconfigManager { // write const configYaml = dumpConfigYaml(proxyConfig); - await this.dependencies.writeFile(tempFile, configYaml, { mode: 0o600 }); - this.dependencies.logger.debug(`[KUBECONFIG-MANAGER]: Created temp kubeconfig "${contextName}" at "${tempFile}": \n${configYaml}`); + await writeFile(tempFile, configYaml, { mode: 0o600 }); + logger.debug(`[KUBECONFIG-MANAGER]: Created temp kubeconfig "${contextName}" at "${tempFile}": \n${configYaml}`); return tempFile; }