From 0eb6315d7495585a0fdfe9f86887310ac804e668 Mon Sep 17 00:00:00 2001
From: Cape Masbro <116721791+faustsec@users.noreply.github.com>
Date: Thu, 1 Feb 2024 14:37:32 +0700
Subject: [PATCH] Use authenticated client for getLogsStreamReaderFor

Instead of manually using http.NewRequest we should use the already existing + authenticated client
---
 proctord/kubernetes/client.go | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/proctord/kubernetes/client.go b/proctord/kubernetes/client.go
index d8473351..c32e3867 100644
--- a/proctord/kubernetes/client.go
+++ b/proctord/kubernetes/client.go
@@ -243,15 +243,25 @@ func (client *client) JobExecutionStatus(jobExecutionID string) (string, error)
 
 func (client *client) getLogsStreamReaderFor(podName string) (io.ReadCloser, error) {
 	logger.Debug("reading pod logs for: ", podName)
-
-	req, err := http.NewRequest("GET", "https://"+config.KubeClusterHostName()+"/api/v1/namespaces/"+namespace+"/pods/"+podName+"/log?follow=true", nil)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Authorization", "Basic "+config.KubeBasicAuthEncoded())
-	resp, err := client.httpClient.Do(req)
+	// req, err := http.NewRequest("GET", "https://"+config.KubeClusterHostName()+"/api/v1/namespaces/"+namespace+"/pods/"+podName+"/log?follow=true", nil)
+	// if err != nil {
+	// 	return nil, err
+	// }
+	// req.Header.Set("Authorization", "Basic "+config.KubeBasicAuthEncoded())
+	// resp, err := client.httpClient.Do(req)
+	// if err != nil {
+	// 	return nil, err
+	// }
+	// return resp.Body, err
+
+	// Use the authenticated client instead of manually requesting the control plane
+	clt := client.clientSet.CoreV1()
+	req := clt.Pods(namespace).GetLogs(podName, &v1.PodLogOptions{
+		Follow: true,
+	})
+	logs, err := req.Stream()
 	if err != nil {
 		return nil, err
 	}
-	return resp.Body, err
+	return logs, err
 }