Skip to content

Commit 9c73f9c

Browse files
Kumm-Kairubenhoenle
Kumm-Kai
authored and
rubenhoenle
committed
fix(ske/login): add profile email to cacheKey
This solves an issue where the user doesn't directly see that their current credentials are unable to access the cluster, when they have a cached and still valid kubeconfig that was retrieved with different/working credentials earlier.
1 parent 8d9cdc4 commit 9c73f9c

File tree

1 file changed

+13
-6
lines changed
  • internal/cmd/ske/kubeconfig/login

1 file changed

+13
-6
lines changed

internal/cmd/ske/kubeconfig/login/login.go

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ import (
1919
"k8s.io/client-go/rest"
2020

2121
"github.com/stackitcloud/stackit-cli/internal/pkg/args"
22+
"github.com/stackitcloud/stackit-cli/internal/pkg/auth"
23+
"github.com/stackitcloud/stackit-cli/internal/pkg/config"
2224
"github.com/stackitcloud/stackit-cli/internal/pkg/examples"
2325
"github.com/stackitcloud/stackit-cli/internal/pkg/print"
2426
"github.com/stackitcloud/stackit-cli/internal/pkg/services/ske/client"
@@ -150,20 +152,25 @@ func parseClusterConfig(p *print.Printer, cmd *cobra.Command) (*clusterConfig, e
150152
if execCredential == nil || execCredential.Spec.Cluster == nil {
151153
return nil, fmt.Errorf("ExecCredential contains not all needed fields")
152154
}
153-
config := &clusterConfig{}
154-
err = json.Unmarshal(execCredential.Spec.Cluster.Config.Raw, config)
155+
clusterConfig := &clusterConfig{}
156+
err = json.Unmarshal(execCredential.Spec.Cluster.Config.Raw, clusterConfig)
155157
if err != nil {
156158
return nil, fmt.Errorf("unmarshal: %w", err)
157159
}
158160

159-
config.cacheKey = fmt.Sprintf("ske-login-%x", sha256.Sum256([]byte(execCredential.Spec.Cluster.Server)))
161+
profile, err := config.GetProfile()
162+
if err != nil {
163+
return nil, fmt.Errorf("error getting profile: %w", err)
164+
}
165+
166+
clusterConfig.cacheKey = fmt.Sprintf("ske-login-%x", sha256.Sum256([]byte(execCredential.Spec.Cluster.Server+auth.GetProfileEmail(profile))))
160167

161168
// NOTE: Fallback if region is not set in the kubeconfig (this was the case in the past)
162-
if config.Region == "" {
163-
config.Region = globalflags.Parse(p, cmd).Region
169+
if clusterConfig.Region == "" {
170+
clusterConfig.Region = globalflags.Parse(p, cmd).Region
164171
}
165172

166-
return config, nil
173+
return clusterConfig, nil
167174
}
168175

169176
func getCachedKubeConfig(key string) *rest.Config {

0 commit comments

Comments
 (0)