Minikube + snap permissions

[liamdawson]

Describe the bug
When using the snap edition, I can't connect to my minikube cluster using the generated kubeconfig, because lens cannot read the CA file.
A clear and concise description of what the bug is.

To Reproduce

1. Create a minikube cluster
2. Attempt to use the new minikube-generated kubeconfig in the "add a new cluster" configuration

Expected behavior
Cluster connects successfully

Actual behavior
Cluster attempts to load forever

Environment (please complete the following information):

• Lens Version: 2.0.9
• OS: [e.g. OSX] Ubuntu Budgie 19.04
• Installation method (e.g. snap or AppImage in Linux): snap

Logs:
When you run the application executable from command line you will see some logging output. Please paste them here:

liamdawson@crow ~/Downloads> kontena-lens --debug --verbose
CLUSTER STORE, MIGRATION: 2.0.0-beta.2
Store data now: {"_options":{"configName":"lens-cluster-store","fileExtension":"json","projectSuffix":"nodejs","clearInvalidConfig":true,"accessPropertiesByDotNotation":false,"projectVersion":"2.0.9","migrations":{},"cwd":"/home/liamdawson/snap/kontena-lens/21/.config/Lens"},"events":{"_events":{},"_eventsCount":0},"path":"/home/liamdawson/snap/kontena-lens/21/.config/Lens/lens-cluster-store.json"}
info: SNAP env is defined, updater is disabled
dumping kc: {
  apiVersion: 'v1',
  kind: 'Config',
  preferences: {},
  'current-context': 'cygnus-dev',
  clusters: [ { name: 'cygnus-dev', cluster: [Object] } ],
  contexts: [ { name: 'cygnus-dev', context: [Object] } ],
  users: [ { name: 'cygnus-dev', user: [Object] } ]
}
(node:11938) UnhandledPromiseRejectionWarning: Error: EACCES: permission denied, open '/home/liamdawson/.minikube/ca.crt'
    at Object.openSync (fs.js:447:3)
    at Object.func (electron/js2c/asar.js:155:31)
    at Object.func [as openSync] (electron/js2c/asar.js:155:31)
    at Object.readFileSync (fs.js:349:35)
    at Object.fs.readFileSync (electron/js2c/asar.js:597:40)
    at Object.fs.readFileSync (electron/js2c/asar.js:597:40)
    at e.<anonymous> (/snap/kontena-lens/21/resources/app.asar/webpack:/src/main/context-handler.ts:44:24)
    at /snap/kontena-lens/21/resources/app.asar/main.js:1:270277
    at Object.next (/snap/kontena-lens/21/resources/app.asar/main.js:1:270382)
    at o (/snap/kontena-lens/21/resources/app.asar/main.js:1:269128)
    at processTicksAndRejections (internal/process/task_queues.js:89:5)
(node:11938) UnhandledPromiseRejectionWarning: Error: EACCES: permission denied, open '/home/liamdawson/.minikube/ca.crt'
    at Object.openSync (fs.js:447:3)
    at Object.func (electron/js2c/asar.js:155:31)
    at Object.func [as openSync] (electron/js2c/asar.js:155:31)
    at Object.readFileSync (fs.js:349:35)
    at Object.fs.readFileSync (electron/js2c/asar.js:597:40)
    at Object.fs.readFileSync (electron/js2c/asar.js:597:40)
    at e.<anonymous> (/snap/kontena-lens/21/resources/app.asar/webpack:/src/main/context-handler.ts:44:24)
    at /snap/kontena-lens/21/resources/app.asar/main.js:1:270277
    at Object.next (/snap/kontena-lens/21/resources/app.asar/main.js:1:270382)
    at o (/snap/kontena-lens/21/resources/app.asar/main.js:1:269128)
    at processTicksAndRejections (internal/process/task_queues.js:89:5)
(node:11938) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:11938) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:11938) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
(node:11938) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
user-open error: Object does not implement the interface

Kubeconfig:
Quite often the problems are caused by malformed kubeconfig which the application tries to load. Please share your kubeconfig, remember to remove any secret and sensitive information.

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/liamdawson/.minikube/ca.crt
    server: https://192.168.39.82:8443
  name: cygnus-dev
contexts:
- context:
    cluster: cygnus-dev
    user: cygnus-dev
  name: cygnus-dev
current-context: cygnus-dev
kind: Config
preferences: {}
users:
- name: cygnus-dev
  user:
    client-certificate: /home/liamdawson/.minikube/client.crt
    client-key: /home/liamdawson/.minikube/client.key

Additional context
It looks like snap prohibits access to hidden files in the root of a user's home directory, and I think the only current workaround is classic confinement. (https://forum.snapcraft.io/t/access-to-specific-hidden-file-path-in-users-home/6948/21)

[liamdawson]

Installing in devmode fixes the issue, but disables benefits like auto-update. (sudo snap install --devmode kontena-lens)

[jakolehm]

Installing in devmode fixes the issue, but disables benefits like auto-update. (sudo snap install --devmode kontena-lens)

We have requested snap access to personal-files. See: https://forum.snapcraft.io/t/personal-files-request-for-kontena-lens/13504/5

[jnummelin]

Unfortunately we're still waiting for the Snapcraft folks to approve the apps access to personal files.

[liamdawson]

For those who've stumbled across this, Lens is now requesting classic confinement: https://forum.snapcraft.io/t/personal-files-request-for-kontena-lens/13504/15

[jakolehm]

Kontena-lens snap has classic confinement (since 2.7.0).