mirror of
https://github.com/portainer/portainer.git
synced 2025-07-22 06:49:40 +02:00
fix(kubernetes): Namespace access permission changes role bindings not created [R8S-366] (#826)
This commit is contained in:
Cara Ryan
GitHub
parent
150d986179
commit
b7e906701a
10 changed files with 95 additions and 17 deletions
|
|
@ -77,9 +77,26 @@ func (factory *ClientFactory) ClearClientCache() {
|
|||
factory.endpointProxyClients.Flush()
|
||||
}
|
||||
|
||||
// ClearClientCache removes all cached kube clients for a userId
|
||||
func (factory *ClientFactory) ClearUserClientCache(userID string) {
|
||||
for key := range factory.endpointProxyClients.Items() {
|
||||
if strings.HasSuffix(key, "."+userID) {
|
||||
factory.endpointProxyClients.Delete(key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the cached kube client so a new one can be created
|
||||
func (factory *ClientFactory) RemoveKubeClient(endpointID portainer.EndpointID) {
|
||||
factory.endpointProxyClients.Delete(strconv.Itoa(int(endpointID)))
|
||||
|
||||
endpointPrefix := strconv.Itoa(int(endpointID)) + "."
|
||||
|
||||
for key := range factory.endpointProxyClients.Items() {
|
||||
if strings.HasPrefix(key, endpointPrefix) {
|
||||
factory.endpointProxyClients.Delete(key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (factory *ClientFactory) GetAddrHTTPS() string {
|
||||
|
|
@ -104,6 +121,24 @@ func (factory *ClientFactory) GetPrivilegedKubeClient(endpoint *portainer.Endpoi
|
|||
return kcl, nil
|
||||
}
|
||||
|
||||
// GetPrivilegedUserKubeClient checks if an existing admin client is already registered for the environment(endpoint) and user and returns it if one is found.
|
||||
// If no client is registered, it will create a new client, register it, and returns it.
|
||||
func (factory *ClientFactory) GetPrivilegedUserKubeClient(endpoint *portainer.Endpoint, userID string) (*KubeClient, error) {
|
||||
key := strconv.Itoa(int(endpoint.ID)) + ".admin." + userID
|
||||
pcl, ok := factory.endpointProxyClients.Get(key)
|
||||
if ok {
|
||||
return pcl.(*KubeClient), nil
|
||||
}
|
||||
|
||||
kcl, err := factory.createCachedPrivilegedKubeClient(endpoint)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
factory.endpointProxyClients.Set(key, kcl, cache.DefaultExpiration)
|
||||
return kcl, nil
|
||||
}
|
||||
|
||||
// GetProxyKubeClient retrieves a KubeClient from the cache. You should be
|
||||
// calling SetProxyKubeClient before first. It is normally, called the
|
||||
// kubernetes middleware.
|
||||
|
|
@ -156,8 +191,9 @@ func (factory *ClientFactory) createCachedPrivilegedKubeClient(endpoint *portain
|
|||
}
|
||||
|
||||
return &KubeClient{
|
||||
cli: cli,
|
||||
instanceID: factory.instanceID,
|
||||
cli: cli,
|
||||
instanceID: factory.instanceID,
|
||||
IsKubeAdmin: true,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue