From d6e291db158fc100dc8cdee3e4161d259711cd59 Mon Sep 17 00:00:00 2001
From: cong meng <mcpacino@gmail.com>
Date: Thu, 26 Aug 2021 11:31:22 +1200
Subject: [PATCH] fix(kubectl): EE-1342 non-admin users cannot connect to the
 local kube cluster using kubectl shell (#5475)

Co-authored-by: Simon Meng <simon.meng@portainer.io>
---
 api/http/handler/websocket/shell_pod.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/api/http/handler/websocket/shell_pod.go b/api/http/handler/websocket/shell_pod.go
index c47b311bc..e7e5861b3 100644
--- a/api/http/handler/websocket/shell_pod.go
+++ b/api/http/handler/websocket/shell_pod.go
@@ -86,17 +86,12 @@ func (handler *Handler) websocketShellPodExec(w http.ResponseWriter, r *http.Req
 		return nil
 	}
 
-	serviceAccountToken, isAdminToken, err := handler.getToken(r, endpoint, false)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to get user service account token", err}
-	}
-
 	handlerErr := handler.hijackPodExecStartOperation(
 		w,
 		r,
 		cli,
-		serviceAccountToken,
-		isAdminToken,
+		"",
+		true,
 		endpoint,
 		shellPod.Namespace,
 		shellPod.PodName,