Apply suggestions after review

kubeshop · Feb 17, 2023 · 71be7c2 · 71be7c2
1 parent 07c5d19
commit 71be7c2
Show file tree

Hide file tree

Showing 18 changed files with 210 additions and 344 deletions.
diff --git a/cmd/executor/echo/README.md b/cmd/executor/echo/README.md
@@ -1,11 +1,3 @@
 # Echo executor
 
 Echo is an example Botkube executor plugin used during [e2e tests](../../../test/e2e). It's not meant for production usage.
-
-## Configuration parameters
-
-The configuration should be specified in the YAML format. Such parameters are supported:
-
-```yaml
-changeResponseToUpperCase: true # default is 'false'.
-```
diff --git a/cmd/executor/helm/README.md b/cmd/executor/helm/README.md
@@ -2,16 +2,6 @@
 
 Helm is the Botkube executor plugin that allows you to run the Helm CLI commands directly from any communication platform.
 
-## Configuration parameters
-
-The configuration should be specified in the YAML format. Such parameters are supported:
-
-```yaml
-helmDriver: "secret" # Allowed values are configmap, secret, memory.
-helmCacheDir: "/tmp/helm/.cache"
-helmConfigDir: "/tmp/helm/"
-```
-
 ## Manual testing
 
 This section describes a manual testing of all supported Helm executor commands. It utilizes the `k3d` cluster and the leverages a built-in functionality to access your host system by referring to it as [`host.k3d.internal`](https://k3d.io/v5.0.1/faq/faq/#how-to-access-services-like-a-database-running-on-my-docker-host-machine).

diff --git a/cmd/executor/kubectl/README.md b/cmd/executor/kubectl/README.md
@@ -1,22 +1,3 @@
 # Kubectl executor
 
 Kubectl is the Botkube executor plugin that allows you to run the Kubectl CLI commands directly from any communication platform.
-
-## Configuration parameters
-
-The configuration should be specified in the YAML format. Such parameters are supported:
-
-```yaml
-# Configures the default Namespace for executing Botkube `kubectl` commands. If not set, uses the 'default'.
-defaultNamespace: "default"
-# Configures the interactive kubectl command builder.
-interactiveBuilder:
-  allowed:
-    # Configures which K8s namespace are displayed in namespace dropdown.
-    # If not specified, plugin needs to have access to fetch all Namespaces, otherwise Namespace dropdown won't be visible at all.
-    namespaces: ["default"]
-    # Configures which `kubectl` methods are displayed in commands dropdown.
-    verbs: ["api-resources", "api-versions", "cluster-info", "describe", "explain", "get", "logs", "top"]
-    # Configures which K8s resource are displayed in resources dropdown.
-    resources: [ "deployments", "pods", "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes", "configmaps", "services", "ingresses" ]
-```
diff --git a/helm/botkube/README.md b/helm/botkube/README.md
diff --git a/helm/botkube/e2e-test-values.yaml b/helm/botkube/e2e-test-values.yaml
@@ -11,7 +11,7 @@ communications:
           name: "" # Tests will override this temporarily
           bindings:
             executors:
-              - kubectl-read-only
+              - k8s-default-tools
               - kubectl-wait-cmd
               - kubectl-exec-cmd
               - kubectl-allow-all
@@ -27,7 +27,7 @@ communications:
             disabled: true
           bindings:
             executors:
-              - kubectl-read-only
+              - k8s-default-tools
             sources:
               - k8s-updates
     discord:
@@ -39,7 +39,7 @@ communications:
           id: "" # Tests will override this channel ID temporarily
           bindings:
             executors:
-              - kubectl-read-only
+              - k8s-default-tools
               - kubectl-wait-cmd
               - kubectl-exec-cmd
               - kubectl-allow-all
@@ -56,7 +56,7 @@ communications:
           bindings:
             # -- Executors configuration for a given channel.
             executors:
-              - kubectl-read-only
+              - k8s-default-tools
             # -- Notification sources configuration for a given channel.
             sources:
               - k8s-updates
@@ -137,7 +137,7 @@ sources:
           event: ADDED
 
 executors:
-  'kubectl-read-only':
+  'k8s-default-tools':
     kubectl:
       enabled: true
       namespaces:
@@ -206,7 +206,7 @@ actions:
       sources:
         - k8s-pod-create-events
       executors:
-        - kubectl-read-only
+        - k8s-default-tools
 
 filters:
   kubernetes:

diff --git a/helm/botkube/values.yaml b/helm/botkube/values.yaml
@@ -46,7 +46,7 @@ rbac:
     - apiGroups: ["*"]
       resources: ["*"]
       verbs: ["get", "watch", "list"]
-  staticGroupName: &static-group-name "botkube-plugins-read-only"
+  staticGroupName: &static-group-name "botkube-plugins-default"
 
 ## Kubeconfig settings used by Botkube.
 kubeconfig:
@@ -83,7 +83,7 @@ actions:
         - k8s-create-events
       # -- Executors configuration used to execute a configured command.
       executors:
-        - kubectl-read-only
+        - k8s-default-tools
   'show-logs-on-error':
     # -- If true, enables the action.
     enabled: false
@@ -102,7 +102,7 @@ actions:
         - k8s-err-with-logs-events
       # -- Executors configuration used to execute a configured command.
       executors:
-        - kubectl-read-only
+        - k8s-default-tools
 
 # -- Map of sources. Source contains configuration for Kubernetes events and sending recommendations.
 # The property name under `sources` object is an alias for a given configuration. You can define multiple sources configuration with different names.
@@ -426,26 +426,9 @@ filters:
 #
 ## Format: executors.{alias}
 executors:
-  'kubectl-plugin':
-    botkube/kubectl:
-      enabled: false
-      ## Custom configuration
-  #    config:
-  #      # Configures the default Namespace for executing Botkube `kubectl` commands. If not set, uses the 'default'.
-  #      defaultNamespace: "default"
-  #      # Configures the interactive kubectl command builder.
-  #      interactiveBuilder:
-  #        allowed:
-  #          # Configures which K8s namespace are displayed in namespace dropdown.
-  #          # If not specified, plugin needs to have access to fetch all Namespaces, otherwise Namespace dropdown won't be visible at all.
-  #          namespaces: ["default"]
-  #          # Configures which `kubectl` methods are displayed in commands dropdown.
-  #          verbs: ["api-resources", "api-versions", "cluster-info", "describe", "explain", "get", "logs", "top"]
-  #          # Configures which K8s resource are displayed in resources dropdown.
-  #          resources: [ "deployments", "pods", "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes", "configmaps", "services", "ingresses" ]
-
-  'kubectl-read-only':
-    ## Kubectl executor configuration.
+  k8s-default-tools:
+    ## Built-in Kubectl executor configuration.
+    ## DEPRECATED: The botkube/kubectl plugin version should be used instead. If both are enabled the plugin version takes the precedences.
     kubectl:
       namespaces:
         # -- List of allowed Kubernetes Namespaces for command execution.
@@ -470,22 +453,21 @@ executors:
       # -- If true, enables commands execution from configured channel only.
       restrictAccess: false
 
-  'helm':
     ## Helm executor configuration
     ## Plugin name syntax: <repo>/<plugin>[@<version>]. If version is not provided, the latest version from repository is used.
     botkube/helm:
       # -- If true, enables `helm` commands execution.
       enabled: false
       config:
+        # Configures the default Namespace for executing Botkube `helm` commands. If not set, uses 'default'.
+        defaultNamespace: "default"
         # -- Allowed values are configmap, secret, memory.
         helmDriver: "secret"
         # -- Location for storing Helm configuration.
         helmConfigDir: "/tmp/helm/"
         # -- Location for storing cached files. Must be under the Helm config directory.
         helmCacheDir: "/tmp/helm/.cache"
-      context:
-        # -- Default namespace for this plugin.
-        defaultNamespace: "botkube"
+      context: &defaultExecutorContext
         # -- RBAC configuration for this plugin.
         rbac:
           # -- Static impersonation for a given username and groups.
@@ -504,6 +486,31 @@ executors:
               # -- Name of user.rbac.authorization.k8s.io the plugin will be bound to.
               value: "default"
 
+    ## Kubectl executor configuration
+    ## Plugin name syntax: <repo>/<plugin>[@<version>]. If version is not provided, the latest version from repository is used.
+    botkube/kubectl:
+      enabled: false
+      # -- Custom kubectl configuration.
+      # @default -- See the `values.yaml` file for full object including optional properties related to interactive builder.
+      config:
+        # Configures the default Namespace for executing Botkube `kubectl` commands. If not set, uses 'default'.
+        defaultNamespace: "default"
+      #  # Configures Kubectl internal logger. Messages are send to stdout.
+      #  # To see the plugin standard output you need to enable it. Learn more at https://docs.botkube.io/plugin/debugging/.
+      #  log:
+      #    level: "info"
+      #  # Configures the interactive kubectl command builder.
+      #  interactiveBuilder:
+      #    allowed:
+      #      # Configures which K8s namespace are displayed in namespace dropdown.
+      #      # If not specified, plugin needs to have access to fetch all Namespaces, otherwise Namespace dropdown won't be visible at all.
+      #      namespaces: [ "default" ]
+      #      # Configures which `kubectl` methods are displayed in commands dropdown.
+      #      verbs: [ "api-resources", "api-versions", "cluster-info", "describe", "explain", "get", "logs", "top" ]
+      #      # Configures which K8s resource are displayed in resources dropdown.
+      #      resources: [ "deployments", "pods", "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes", "configmaps", "services", "ingresses", "replicasets", "secrets", "cronjobs", "jobs" ]
+      context: *defaultExecutorContext
+
 # -- Custom aliases for given commands.
 # The aliases are replaced with the underlying command before executing it.
 # Aliases can replace a single word or multiple ones. For example, you can define a `k` alias for `kubectl`, or `kgp` for `kubectl get pods`.
@@ -553,8 +560,7 @@ communications:
           bindings:
             # -- Executors configuration for a given channel.
             executors:
-              - kubectl-read-only
-              - helm
+              - k8s-default-tools
             # -- Notification sources configuration for a given channel.
             sources:
               - k8s-err-events
@@ -594,8 +600,7 @@ communications:
           bindings:
             # -- Executors configuration for a given channel.
             executors:
-              - kubectl-read-only
-              - helm
+              - k8s-default-tools
             # -- Notification sources configuration for a given channel.
             sources:
               - k8s-err-events
@@ -617,8 +622,7 @@ communications:
       bindings:
         # -- Executor bindings apply to all MS Teams channels where Botkube has access to.
         executors:
-          - kubectl-read-only
-          - helm
+          - k8s-default-tools
         # -- Source bindings apply to all channels which have notification turned on with `@Botkube enable notifications` command.
         sources:
           - k8s-err-events
@@ -650,8 +654,7 @@ communications:
           bindings:
             # -- Executors configuration for a given channel.
             executors:
-              - kubectl-read-only
-              - helm
+              - k8s-default-tools
             # -- Notification sources configuration for a given channel.
             sources:
               - k8s-err-events
@@ -724,8 +727,7 @@ communications:
             disabled: false
           bindings:
             executors:
-              - kubectl-read-only
-              - helm
+              - k8s-default-tools
             sources:
               - k8s-err-events
               - k8s-recommendation-events

diff --git a/internal/executor/helm/config.go b/internal/executor/helm/config.go
@@ -7,11 +7,14 @@ import (
 	"github.com/kubeshop/botkube/pkg/pluginx"
 )
 
+const defaultNamespace = "default"
+
 // Config holds Helm plugin configuration parameters.
 type Config struct {
-	HelmDriver    string `yaml:"helmDriver,omitempty"`
-	HelmCacheDir  string `yaml:"helmCacheDir,omitempty"`
-	HelmConfigDir string `yaml:"helmConfigDir,omitempty"`
+	HelmDriver       string `yaml:"helmDriver,omitempty"`
+	HelmCacheDir     string `yaml:"helmCacheDir,omitempty"`
+	HelmConfigDir    string `yaml:"helmConfigDir,omitempty"`
+	DefaultNamespace string `yaml:"defaultNamespace,omitempty"`
 }
 
 // Validate validates the Helm configuration parameters.
@@ -27,9 +30,10 @@ func (c *Config) Validate() error {
 // MergeConfigs merges the Helm configuration.
 func MergeConfigs(configs []*executor.Config) (Config, error) {
 	defaults := Config{
-		HelmDriver:    "secret",
-		HelmCacheDir:  "/tmp/helm/.cache",
-		HelmConfigDir: "/tmp/helm/",
+		HelmDriver:       "secret",
+		HelmCacheDir:     "/tmp/helm/.cache",
+		HelmConfigDir:    "/tmp/helm/",
+		DefaultNamespace: defaultNamespace,
 	}
 
 	var out Config

diff --git a/internal/executor/helm/executor.go b/internal/executor/helm/executor.go
@@ -14,10 +14,9 @@ import (
 
 const (
 	// PluginName is the name of the Helm Botkube plugin.
-	PluginName       = "helm"
-	helmBinaryName   = "helm"
-	defaultNamespace = "default"
-	description      = "Helm is the Botkube executor plugin that allows you to run the Helm CLI commands directly from any communication platform."
+	PluginName     = "helm"
+	helmBinaryName = "helm"
+	description    = "Helm is the Botkube executor plugin that allows you to run the Helm CLI commands directly from any communication platform."
 )
 
 // Links source: https://github.com/helm/helm/releases/tag/v3.6.3
@@ -102,7 +101,7 @@ func (e *Executor) Execute(ctx context.Context, in executor.ExecuteInput) (execu
 	}
 
 	if helmCmd.Namespace == "" { // use 'default' namespace, instead of namespace where botkube was installed
-		in.Command = fmt.Sprintf("%s -n %s", in.Command, defaultNamespace)
+		in.Command = fmt.Sprintf("%s -n %s", in.Command, cfg.DefaultNamespace)
 	}
 
 	switch {

diff --git a/internal/executor/kubectl/review/review.go → ...l/executor/kubectl/accessreview/review.go b/internal/executor/kubectl/review/review.go → ...l/executor/kubectl/accessreview/review.go
@@ -1,4 +1,4 @@
-package review
+package accessreview
 
 import (
 	"context"
@@ -25,10 +25,14 @@ func NewK8sAuth(cli v1.AuthorizationV1Interface) *K8sAuth {
 // CheckUserAccess returns error if a given verbs are not supported.
 func (c *K8sAuth) CheckUserAccess(ns, verb, resource, name string) error {
 	var subresource string
+
+	// kubectl logs/pods [NAME] should be translated into 'get logs pod [NAME]'
+	// as the `log` is a subresource, same as scale, etc.
+	//
+	// TODO: only logs are supported by interactive builder. We don't support scale, exec, apply, etc.
+	// Once we will add support for them, we need to add dedicated cases here.
 	switch verb {
 	case "logs", "log":
-		// kubectl logs/pods [NAME] should be translated into 'get logs pod [NAME]'
-		// as the `log` is a subresource, same as scale, etc.
 		verb = "get"
 		subresource = "log"
 	}

diff --git a/internal/executor/kubectl/builder/config.go b/internal/executor/kubectl/builder/config.go
@@ -24,7 +24,7 @@ func DefaultConfig() Config {
 				"api-resources", "api-versions", "cluster-info", "describe", "explain", "get", "logs", "top",
 			},
 			Resources: []string{
-				"deployments", "pods", "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes", "configmaps", "services", "ingresses",
+				"deployments", "pods", "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes", "configmaps", "services", "ingresses", "replicasets", "secrets", "cronjobs", "jobs",
 			},
 		},
 	}

diff --git a/internal/executor/kubectl/builder/strings.go b/internal/executor/kubectl/builder/strings.go
@@ -8,7 +8,7 @@ func overflowSentence(in []string) []string {
 			continue
 		}
 
-		in[idx] = in[idx][:72] + "..."
+		in[idx] = in[idx][:72] + "…"
 	}
 	return in
 }

diff --git a/internal/executor/kubectl/executor.go b/internal/executor/kubectl/executor.go
@@ -7,12 +7,11 @@ import (
 
 	"github.com/sirupsen/logrus"
 	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/discovery/cached/memory"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
 
+	"github.com/kubeshop/botkube/internal/executor/kubectl/accessreview"
 	"github.com/kubeshop/botkube/internal/executor/kubectl/builder"
-	"github.com/kubeshop/botkube/internal/executor/kubectl/review"
 	"github.com/kubeshop/botkube/internal/loggerx"
 	"github.com/kubeshop/botkube/pkg/api"
 	"github.com/kubeshop/botkube/pkg/api/executor"
@@ -97,7 +96,7 @@ func (e *Executor) Execute(ctx context.Context, in executor.ExecuteInput) (execu
 			return executor.ExecuteOutput{}, fmt.Errorf("while creating builder dependecies: %w", err)
 		}
 
-		kcBuilder := builder.NewKubectl(e.kcRunner, cfg.InteractiveBuilder, log, guard, cfg.DefaultNamespace, k8sCli.CoreV1().Namespaces(), review.NewK8sAuth(k8sCli.AuthorizationV1()))
+		kcBuilder := builder.NewKubectl(e.kcRunner, cfg.InteractiveBuilder, log, guard, cfg.DefaultNamespace, k8sCli.CoreV1().Namespaces(), accessreview.NewK8sAuth(k8sCli.AuthorizationV1()))
 		msg, err := kcBuilder.Handle(ctx, cmd, in.Context.IsInteractivitySupported, in.Context.SlackState)
 		if err != nil {
 			return executor.ExecuteOutput{}, fmt.Errorf("while running command builder: %w", err)
@@ -132,8 +131,7 @@ func getBuilderDependencies(log logrus.FieldLogger, kubeconfig string) (*kubectl
 	if err != nil {
 		return nil, nil, fmt.Errorf("while creating discovery client: %w", err)
 	}
-	discoCacheClient := memory.NewMemCacheClient(discoveryClient)
-	guard := kubectl.NewCommandGuard(log, discoCacheClient)
+	guard := kubectl.NewCommandGuard(log, discoveryClient)
 	k8sCli, err := kubernetes.NewForConfig(kubeConfig)
 	if err != nil {
 		return nil, nil, fmt.Errorf("while creating typed k8s client: %w", err)