fix(kubeconfig): show kubeconfig download button for non admin users [EE-2123] (#6204)

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2025-07-23 07:19:41 +02:00 · 2021-12-06 18:40:59 -03:00 · 2021-12-06 18:40:59 -03:00 · 2a1b8efaed
commit 2a1b8efaed
parent 98972dec0d
6 changed files with 21 additions and 25 deletions
--- a/api/kubernetes/cli/client.go
+++ b/api/kubernetes/cli/client.go
@ -44,6 +44,10 @@ func NewClientFactory(signatureService portainer.DigitalSignatureService, revers
 	}
 }

+func (factory *ClientFactory) GetInstanceID() (instanceID string) {
+	return factory.instanceID
+}
+
 // Remove the cached kube client so a new one can be created
 func (factory *ClientFactory) RemoveKubeClient(endpointID portainer.EndpointID) {
 	factory.endpointClients.Remove(strconv.Itoa(int(endpointID)))
--- a/api/kubernetes/cli/naming.go
+++ b/api/kubernetes/cli/naming.go
@ -17,7 +17,7 @@ const (
 	portainerShellPodPrefix                 = "portainer-pod-kubectl-shell"
 )

-func userServiceAccountName(userID int, instanceID string) string {
+func UserServiceAccountName(userID int, instanceID string) string {
 	return fmt.Sprintf("%s-%s-%d", portainerUserServiceAccountPrefix, instanceID, userID)
 }

--- a/api/kubernetes/cli/service_account.go
+++ b/api/kubernetes/cli/service_account.go
@ -16,7 +16,7 @@ func (kcl *KubeClient) GetServiceAccount(tokenData *portainer.TokenData) (*v1.Se
 	if tokenData.Role == portainer.AdministratorRole {
 		portainerServiceAccountName = portainerClusterAdminServiceAccountName
 	} else {
-		portainerServiceAccountName = userServiceAccountName(int(tokenData.ID), kcl.instanceID)
+		portainerServiceAccountName = UserServiceAccountName(int(tokenData.ID), kcl.instanceID)
 	}

 	// verify name exists as service account resource within portainer namespace
@ -30,7 +30,7 @@ func (kcl *KubeClient) GetServiceAccount(tokenData *portainer.TokenData) (*v1.Se

 // GetServiceAccountBearerToken returns the ServiceAccountToken associated to the specified user.
 func (kcl *KubeClient) GetServiceAccountBearerToken(userID int) (string, error) {
-	serviceAccountName := userServiceAccountName(userID, kcl.instanceID)
+	serviceAccountName := UserServiceAccountName(userID, kcl.instanceID)

 	return kcl.getServiceAccountToken(serviceAccountName)
 }
@ -39,7 +39,7 @@ func (kcl *KubeClient) GetServiceAccountBearerToken(userID int) (string, error)
 // cluster before creating a ServiceAccount and a ServiceAccountToken for the specified Portainer user.
 //It will also create required default RoleBinding and ClusterRoleBinding rules.
 func (kcl *KubeClient) SetupUserServiceAccount(userID int, teamIDs []int, restrictDefaultNamespace bool) error {
-	serviceAccountName := userServiceAccountName(userID, kcl.instanceID)
+	serviceAccountName := UserServiceAccountName(userID, kcl.instanceID)

 	err := kcl.ensureRequiredResourcesExist()
 	if err != nil {
--- a/api/kubernetes/cli/service_account_test.go
+++ b/api/kubernetes/cli/service_account_test.go
@ -67,7 +67,7 @@ func Test_GetServiceAccount(t *testing.T) {
 			ID:   1,
 			Role: portainer.StandardUserRole,
 		}
-		serviceAccountName := userServiceAccountName(int(tokenData.ID), k.instanceID)
+		serviceAccountName := UserServiceAccountName(int(tokenData.ID), k.instanceID)
 		serviceAccount := &v1.ServiceAccount{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: serviceAccountName,