fix(kube): Use KubeClusterAccessService for Helm operations [EE-2500] (#6559)

2025-07-24 07:49:41 +02:00 · 2022-03-21 09:51:29 -03:00 · 2022-03-21 09:51:29 -03:00 · c486130a9f
commit c486130a9f
parent cf7746082b
10 changed files with 105 additions and 103 deletions
--- a/api/http/handler/helm/handler.go
+++ b/api/http/handler/helm/handler.go
@ -2,6 +2,7 @@ package helm

 import (
 	"net/http"
+	"strings"

 	"github.com/gorilla/mux"
 	"github.com/portainer/libhelm"
@ -14,10 +15,6 @@ import (
 	"github.com/portainer/portainer/api/kubernetes"
 )

-const (
-	handlerActivityContext = "Kubernetes"
-)
-
 type requestBouncer interface {
 	AuthenticatedAccess(h http.Handler) http.Handler
 }
@ -25,24 +22,24 @@ type requestBouncer interface {
 // Handler is the HTTP handler used to handle environment(endpoint) group operations.
 type Handler struct {
 	*mux.Router
-	requestBouncer     requestBouncer
-	dataStore          dataservices.DataStore
-	jwtService         dataservices.JWTService
-	kubeConfigService  kubernetes.KubeConfigService
-	kubernetesDeployer portainer.KubernetesDeployer
-	helmPackageManager libhelm.HelmPackageManager
+	requestBouncer           requestBouncer
+	dataStore                dataservices.DataStore
+	jwtService               dataservices.JWTService
+	kubeClusterAccessService kubernetes.KubeClusterAccessService
+	kubernetesDeployer       portainer.KubernetesDeployer
+	helmPackageManager       libhelm.HelmPackageManager
 }

 // NewHandler creates a handler to manage endpoint group operations.
-func NewHandler(bouncer requestBouncer, dataStore dataservices.DataStore, jwtService dataservices.JWTService, kubernetesDeployer portainer.KubernetesDeployer, helmPackageManager libhelm.HelmPackageManager, kubeConfigService kubernetes.KubeConfigService) *Handler {
+func NewHandler(bouncer requestBouncer, dataStore dataservices.DataStore, jwtService dataservices.JWTService, kubernetesDeployer portainer.KubernetesDeployer, helmPackageManager libhelm.HelmPackageManager, kubeClusterAccessService kubernetes.KubeClusterAccessService) *Handler {
 	h := &Handler{
-		Router:             mux.NewRouter(),
-		requestBouncer:     bouncer,
-		dataStore:          dataStore,
-		jwtService:         jwtService,
-		kubernetesDeployer: kubernetesDeployer,
-		helmPackageManager: helmPackageManager,
-		kubeConfigService:  kubeConfigService,
+		Router:                   mux.NewRouter(),
+		requestBouncer:           bouncer,
+		dataStore:                dataStore,
+		jwtService:               jwtService,
+		kubernetesDeployer:       kubernetesDeployer,
+		helmPackageManager:       helmPackageManager,
+		kubeClusterAccessService: kubeClusterAccessService,
 	}

 	h.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"))
@ -104,10 +101,20 @@ func (handler *Handler) getHelmClusterAccess(r *http.Request) (*options.Kubernet
 		return nil, &httperror.HandlerError{http.StatusUnauthorized, "Unauthorized", err}
 	}

-	kubeConfigInternal := handler.kubeConfigService.GetKubeConfigInternal(endpoint.ID, bearerToken)
+	sslSettings, err := handler.dataStore.SSLSettings().Settings()
+	if err != nil {
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
+	}
+
+	hostURL := "localhost"
+	if !sslSettings.SelfSigned {
+		hostURL = strings.Split(r.Host, ":")[0]
+	}
+
+	kubeConfigInternal := handler.kubeClusterAccessService.GetData(hostURL, endpoint.ID)
 	return &options.KubernetesClusterAccess{
 		ClusterServerURL:         kubeConfigInternal.ClusterServerURL,
 		CertificateAuthorityFile: kubeConfigInternal.CertificateAuthorityFile,
-		AuthToken:                kubeConfigInternal.AuthToken,
+		AuthToken:                bearerToken,
 	}, nil
 }
--- a/api/http/handler/helm/helm_delete_test.go
+++ b/api/http/handler/helm/helm_delete_test.go
@ -36,8 +36,8 @@ func Test_helmDelete(t *testing.T) {

 	kubernetesDeployer := exectest.NewKubernetesDeployer()
 	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
-	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
-	h := NewHandler(helper.NewTestRequestBouncer(), store, jwtService, kubernetesDeployer, helmPackageManager, kubeConfigService)
+	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService("", "", "")
+	h := NewHandler(helper.NewTestRequestBouncer(), store, jwtService, kubernetesDeployer, helmPackageManager, kubeClusterAccessService)

 	is.NotNil(h, "Handler should not fail")

--- a/api/http/handler/helm/helm_install_test.go
+++ b/api/http/handler/helm/helm_install_test.go
@ -39,8 +39,8 @@ func Test_helmInstall(t *testing.T) {

 	kubernetesDeployer := exectest.NewKubernetesDeployer()
 	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
-	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
-	h := NewHandler(helper.NewTestRequestBouncer(), store, jwtService, kubernetesDeployer, helmPackageManager, kubeConfigService)
+	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService("", "", "")
+	h := NewHandler(helper.NewTestRequestBouncer(), store, jwtService, kubernetesDeployer, helmPackageManager, kubeClusterAccessService)

 	is.NotNil(h, "Handler should not fail")

--- a/api/http/handler/helm/helm_list_test.go
+++ b/api/http/handler/helm/helm_list_test.go
@ -38,8 +38,8 @@ func Test_helmList(t *testing.T) {

 	kubernetesDeployer := exectest.NewKubernetesDeployer()
 	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
-	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
-	h := NewHandler(helper.NewTestRequestBouncer(), store, jwtService, kubernetesDeployer, helmPackageManager, kubeConfigService)
+	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService("", "", "")
+	h := NewHandler(helper.NewTestRequestBouncer(), store, jwtService, kubernetesDeployer, helmPackageManager, kubeClusterAccessService)

 	// Install a single chart.  We expect to get these values back
 	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default"}