From bb0c839bb6baee1e749433a129166d80df32bc63 Mon Sep 17 00:00:00 2001 From: Mateusz Szostok Date: Wed, 29 Mar 2023 12:02:04 +0200 Subject: [PATCH] Apply suggestions after review --- .gitignore | 1 + CONTRIBUTING.md | 39 +- comm_config.yaml.tpl | 121 ------ global_config.yaml.tpl | 395 ------------------ helm/botkube/e2e-test-values.yaml | 218 +++++----- pkg/bot/interactive/help.go | 2 +- ...m_headers_and_default_new_lines.golden.txt | 2 +- ...m_new_lines_and_default_headers.golden.txt | 2 +- ...stInteractiveMessageToPlaintext.golden.txt | 2 +- pkg/execute/plugin_discovery.go | 4 +- 10 files changed, 144 insertions(+), 642 deletions(-) delete mode 100644 comm_config.yaml.tpl delete mode 100644 global_config.yaml.tpl diff --git a/.gitignore b/.gitignore index 8461feb7c..7f630b783 100644 --- a/.gitignore +++ b/.gitignore @@ -33,6 +33,7 @@ tags /analytics.yaml /resource_config.yaml /comm_config.yaml +/local_config.yaml /bin diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1f05af89a..1c5a3dcba 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -92,19 +92,36 @@ For faster development, you can also build and run Botkube outside K8s cluster. go build ./cmd/botkube/ ``` -2. Use templates to create configuration files: - - ```sh - cp global_config.yaml.tpl resource_config.yaml - cp comm_config.yaml.tpl comm_config.yaml +2. Create a local configuration file to override default values. For example, set communication credentials, specify cluster name, and disable analytics: + + ```yaml + cat < local_config.yaml + communications: + default-group: + socketSlack: + enabled: true + channels: + default: + name: random + appToken: "xapp-xxxx" + botToken: "xoxb-xxxx" + configWatcher: + enabled: false + settings: + clusterName: "labs" + analytics: + # -- If true, sending anonymous analytics is disabled. To learn what date we collect, + # see [Privacy Policy](https://botkube.io/privacy#privacy-policy). + disable: true + EOF ``` - Edit the newly created `resource_config.yaml` and `comm_config.yaml` files to configure resource and set communication credentials. - -3. Export the path to directory of `config.yaml` + To learn more about configuration, visit https://docs.botkube.io/configuration/. +3. Export paths to configuration files. The priority will be given to the last (right-most) file specified. + ```sh - export BOTKUBE_CONFIG_PATHS="$(pwd)/resource_config.yaml,$(pwd)/comm_config.yaml" + export BOTKUBE_CONFIG_PATHS="$(pwd)/helm/botkube/values.yaml,$(pwd)/local_config.yaml" ``` 4. Export the path to Kubeconfig: @@ -145,8 +162,8 @@ For faster development, you can also build and run Botkube outside K8s cluster. go run test/helpers/plugin_server.go ``` - > **Note** - > If Botkube runs inside the k3d cluster, export the `PLUGIN_SERVER_HOST=http://host.k3d.internal` environment variable. + > **Note** + > If Botkube runs inside the k3d cluster, export the `PLUGIN_SERVER_HOST=http://host.k3d.internal` environment variable. 2. Export Botkube plugins cache directory: diff --git a/comm_config.yaml.tpl b/comm_config.yaml.tpl deleted file mode 100644 index fe243d1bf..000000000 --- a/comm_config.yaml.tpl +++ /dev/null @@ -1,121 +0,0 @@ -# Map of enabled communication mediums. The `communications` property name is an alias for a given configuration. -# -# Format: communications.{alias} -communications: - 'default-group': - # Settings for Slack with Socket Mode - socketSlack: - enabled: false - channels: - 'alias': - name: 'SLACK_CHANNEL' - bindings: - executors: - - 'kubectl-read-only' - sources: - - 'k8s-events' - botToken: "" # SLACK_BOT_TOKEN - appToken: "" # SLACK_APP_TOKEN - notification: - type: short # Change notification type short/long you want to receive. Type is optional and default is short. - - # Settings for Mattermost - mattermost: - enabled: false - url: 'MATTERMOST_SERVER_URL' # URL where Mattermost is running. e.g https://example.com:9243 - token: 'MATTERMOST_TOKEN' # Personal Access token generated by Botkube user - team: 'MATTERMOST_TEAM' # Mattermost Team to configure with Botkube - botName: 'Botkube' # Bot name - channels: - 'alias': - name: 'MATTERMOST_CHANNEL' # Mattermost Channel for receiving Botkube alerts: - notification: - # -- If true, the notifications are not sent to the channel. They can be enabled with `@Botkube` command anytime. - disabled: false - bindings: - executors: - - kubectl-read-only - sources: - - k8s-events - notification: - type: short # Change notification type short/long you want to receive. Type is optional and default is short. - - # Settings for MS Teams - teams: - enabled: false - appID: 'APPLICATION_ID' - appPassword: 'APPLICATION_PASSWORD' - botName: 'Botkube' - notification: - type: short - port: 3978 - - # Settings for Discord - discord: - enabled: false - token: 'DISCORD_TOKEN' # Botkube Bot Token - botID: 'DISCORD_BOT_ID' # Botkube Application Client ID - channels: - 'alias': - id: 'DISCORD_CHANNEL_ID' # Discord Channel id for receiving Botkube alerts: - notification: - # -- If true, the notifications are not sent to the channel. They can be enabled with `@Botkube` command anytime. - disabled: false - bindings: - executors: - - kubectl-read-only - sources: - - k8s-events - notification: - type: short # Change notification type short/long you want to receive. Type is optional and default is short. - - - # Settings for ELS - elasticsearch: - enabled: false - awsSigning: - enabled: false # enable awsSigning using IAM for Elastisearch hosted on AWS, if true make sure AWS environment variables are set. Refer https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html - awsRegion: 'us-east-1' # AWS region where Elasticsearch is deployed - roleArn: '' # AWS IAM Role arn to assume for credentials, use this only if you dont want to use the EC2 instance role or not running on AWS instance - server: 'ELASTICSEARCH_ADDRESS' # e.g https://example.com:9243 - username: 'ELASTICSEARCH_USERNAME' # Basic Auth - password: 'ELASTICSEARCH_PASSWORD' - skipTLSVerify: false # toggle verification of TLS certificate of the Elastic nodes. Verification is skipped when option is true. Enable to connect to clusters with self-signed certs - # ELS index settings - indices: - 'alias': - name: botkube - type: botkube-event - shards: 1 - bindings: - sources: - - "k8s-events" - # executors - not allowed in this case, ES is "sink" only. - # Settings for Webhook - webhook: - enabled: false - url: 'WEBHOOK_URL' # e.g https://example.com:80 - bindings: - # -- Notification sources configuration for the webhook. - sources: - - k8s-events - - # Settings for deprecated Slack integration. - # DEPRECATED: Legacy Slack integration has been deprecated and removed from the Slack App Directory. - # Use `socketSlack` instead. Read more here: https://docs.botkube.io/installation/slack/ - # This object will be removed as a part of https://github.com/kubeshop/botkube/issues/865. - slack: - enabled: false - channels: - 'alias': - name: 'SLACK_CHANNEL' - notification: - disabled: false - bindings: - executors: - - 'kubectl-read-only' - sources: - - 'k8s-events' - token: "" # SLACK_API_TOKEN - notification: - type: short diff --git a/global_config.yaml.tpl b/global_config.yaml.tpl deleted file mode 100644 index c23cf147c..000000000 --- a/global_config.yaml.tpl +++ /dev/null @@ -1,395 +0,0 @@ -# Format: actions.{alias} -actions: - # kubectl based action. - 'show-created-resource': - # If true, enables the action. - enabled: false - - # Action display name posted in the channels bound to the same source bindings. - displayName: "Display created resource" - # A text value denoting the command run by this action, may contain even based templated values. - # The executor is inferred directly from the command, e.g. here we require a kubectl executor - command: "kubectl describe {{ .Event.TypeMeta.Kind | lower }}{{ if .Event.Namespace }} -n {{ .Event.Namespace }}{{ end }} {{ .Event.Name }}" - - # Bindings for a given action. - bindings: - # Sources of events that trigger a given action. - sources: - - k8s-create-events - # Executors configuration for a given automation. - executors: - - kubectl-read-only - 'show-logs-on-error': - # If true, enables the action. - enabled: false - - # Action display name posted in the channels bound to the same source bindings. - displayName: "Show logs on error" - # A text value denoting the command run by this action, may contain even based templated values. - # The executor is inferred directly from the command, e.g. here we require a kubectl executor - command: "kubectl logs {{ .Event.TypeMeta.Kind | lower }}/{{ .Event.Name }} -n {{ .Event.Namespace }}" - - # Bindings for a given action. - bindings: - # Sources of events that trigger a given action. - sources: - - k8s-err-with-logs-events - # Executors configuration for a given automation. - executors: - - kubectl-read-only - - -# Map of sources. Source contains configuration for Kubernetes events and sending recommendations. -# The property name under `sources` object is an alias for a given configuration. You can define multiple sources configuration with different names. -# Key name is used as a binding reference. -# See the `values.yaml` file for full object. -# -## Format: sources.{alias} -sources: - 'k8s-recommendation-events': - displayName: "Kubernetes Recommendations" - # Describes Kubernetes source configuration. - # See the `values.yaml` file for full object. - kubernetes: - # Describes configuration for various recommendation insights. - recommendations: - # Recommendations for Pod Kubernetes resource. - pod: - # If true, notifies about Pod containers that use `latest` tag for images. - noLatestImageTag: true - # If true, notifies about Pod resources created without labels. - labelsSet: true - # Recommendations for Ingress Kubernetes resource. - ingress: - # If true, notifies about Ingress resources with invalid backend service reference. - backendServiceValid: true - # If true, notifies about Ingress resources with invalid TLS secret reference. - tlsSecretValid: true - - 'k8s-all-events': - displayName: "Kubernetes Info" - # Describes Kubernetes source configuration. - # See the `values.yaml` file for full object. - kubernetes: - # Describes namespaces for every Kubernetes resources you want to watch or exclude. - # These namespaces are applied to every resource specified in the resources list. - # However, every specified resource can override this by using its own namespaces object. - namespaces: &k8s-events-namespaces - # Include contains a list of allowed Namespaces. - # It can also contain regex expressions: - # `- ".*"` - to specify all Namespaces. - include: - - ".*" - # Exclude contains a list of Namespaces to be ignored even if allowed by Include. - # It can also contain regex expressions: - # `- "test-.*"` - to specif all Namespaces with `test-` prefix. - # Exclude list is checked before the Include list. - # exclude: [] - - # Describes event constraints for Kubernetes resources. - # These constraints are applied for every resource specified in the `resources` list, unless they are overridden by the resource's own `events` object. - event: - # Lists all event types to be watched. - types: - - create - - delete - - error - # Optional list of exact values or regex patterns to filter events by event reason. - # Skipped, if both include/exclude lists are empty. - reason: - # Include contains a list of allowed values. It can also contain regex expressions. - include: [] - # Exclude contains a list of values to be ignored even if allowed by Include. It can also contain regex expressions. - # Exclude list is checked before the Include list. - exclude: [] - # Optional list of exact values or regex patterns to filter event by event message. Skipped, if both include/exclude lists are empty. - # If a given event has multiple messages, it is considered a match if any of the messages match the constraints. - message: - # Include contains a list of allowed values. It can also contain regex expressions. - include: [] - # Exclude contains a list of values to be ignored even if allowed by Include. It can also contain regex expressions. - # Exclude list is checked before the Include list. - exclude: [] - - # Filters Kubernetes resources to watch by annotations. Each resource needs to have all the specified annotations. - # Regex expressions are not supported. - annotations: {} - # Filters Kubernetes resources to watch by labels. Each resource needs to have all the specified labels. - # Regex expressions are not supported. - labels: {} - - # Describes the Kubernetes resources to watch. - # Resources are identified by its type in `{group}/{version}/{kind (plural)}` format. Examples: `apps/v1/deployments`, `v1/pods`. - # Each resource can override the namespaces and event configuration by using dedicated `event` and `namespaces` field. - # Also, each resource can specify its own `annotations`, `labels` and `name` regex. - # See the `values.yaml` file for full object. - resources: - - type: v1/pods - namespaces: # Overrides 'source'.kubernetes.namespaces - include: - - ".*" - exclude: [] - annotations: {} # Overrides 'source'.kubernetes.annotations - labels: {} # Overrides 'source'.kubernetes.labels - # Optional resource name constraints. - name: - # Include contains a list of allowed values. It can also contain regex expressions. - include: [] - # Exclude contains a list of values to be ignored even if allowed by Include. It can also contain regex expressions. - # Exclude list is checked before the Include list. - exclude: [] - event: - # Overrides 'source'.kubernetes.event.reason - reason: - include: [] - exclude: [] - # Overrides 'source'.kubernetes.event.message - message: - include: [] - exclude: [] - # Overrides 'source'.kubernetes.event.types - types: - - create - - - type: v1/services - - type: networking.k8s.io/v1/ingresses - - type: v1/nodes - - type: v1/namespaces - - type: v1/persistentvolumes - - type: v1/persistentvolumeclaims - - type: v1/configmaps - - type: rbac.authorization.k8s.io/v1/roles - - type: rbac.authorization.k8s.io/v1/rolebindings - - type: rbac.authorization.k8s.io/v1/clusterrolebindings - - type: rbac.authorization.k8s.io/v1/clusterroles - - type: apps/v1/daemonsets - event: # Overrides 'source'.kubernetes.event - types: - - create - - update - - delete - - error - updateSetting: - includeDiff: true - fields: - - spec.template.spec.containers[*].image - - status.numberReady - - type: batch/v1/jobs - event: # Overrides 'source'.kubernetes.event - types: - - create - - update - - delete - - error - updateSetting: - includeDiff: true - fields: - - spec.template.spec.containers[*].image - - status.conditions[*].type - - type: apps/v1/deployments - event: # Overrides 'source'.kubernetes.event - types: - - create - - update - - delete - - error - updateSetting: - includeDiff: true - fields: - - spec.template.spec.containers[*].image - - status.availableReplicas - - type: apps/v1/statefulsets - event: # Overrides 'source'.kubernetes.event - types: - - create - - update - - delete - - error - updateSetting: - includeDiff: true - fields: - - spec.template.spec.containers[*].image - - status.readyReplicas - ## Custom resource example - # - type: velero.io/v1/backups - # namespaces: - # include: - # - ".*" - # exclude: - # - - # event: - # types: - # - create - # - update - # - delete - # - error - # updateSetting: - # includeDiff: true - # fields: - # - status.phase - - 'k8s-err-events': - displayName: "Kubernetes Errors" - - # Describes Kubernetes source configuration. - # See the `values.yaml` file for full object. - kubernetes: - # Describes namespaces for every Kubernetes resources you want to watch or exclude. - # These namespaces are applied to every resource specified in the resources list. - # However, every specified resource can override this by using its own namespaces object. - namespaces: *k8s-events-namespaces - - # Describes event constraints for Kubernetes resources. - # These constraints are applied for every resource specified in the `resources` list, unless they are overridden by the resource's own `events` object. - event: - # Lists all event types to be watched. - types: - - error - - # Describes the Kubernetes resources you want to watch. - # See the `values.yaml` file for full object. - resources: - - type: v1/pods - - type: v1/services - - type: networking.k8s.io/v1/ingresses - - type: v1/nodes - - type: v1/namespaces - - type: v1/persistentvolumes - - type: v1/persistentvolumeclaims - - type: v1/configmaps - - type: rbac.authorization.k8s.io/v1/roles - - type: rbac.authorization.k8s.io/v1/rolebindings - - type: rbac.authorization.k8s.io/v1/clusterrolebindings - - type: rbac.authorization.k8s.io/v1/clusterroles - - type: apps/v1/deployments - - type: apps/v1/statefulsets - - type: apps/v1/daemonsets - - type: batch/v1/jobs - 'k8s-err-with-logs-events': - displayName: "Kubernetes Errors for resources with logs" - - # Describes Kubernetes source configuration. - # See the `values.yaml` file for full object. - kubernetes: - # Describes namespaces for every Kubernetes resources you want to watch or exclude. - # These namespaces are applied to every resource specified in the resources list. - # However, every specified resource can override this by using its own namespaces object. - namespaces: *k8s-events-namespaces - - # Describes event constraints for Kubernetes resources. - # These constraints are applied for every resource specified in the `resources` list, unless they are overridden by the resource's own `events` object. - event: - # Lists all event types to be watched. - types: - - error - - # Describes the Kubernetes resources you want to watch. - # See the `values.yaml` file for full object. - resources: - - type: v1/pods - - type: apps/v1/deployments - - type: apps/v1/statefulsets - - type: apps/v1/daemonsets - - type: batch/v1/jobs - # `apps/v1/replicasets` excluded on purpose - to not show logs twice for a given higher-level resource (e.g. Deployment) - - 'k8s-create-events': - displayName: "Kubernetes Resource Created Events" - - # Describes Kubernetes source configuration. - # See the `values.yaml` file for full object. - kubernetes: - # Describes namespaces for every Kubernetes resources you want to watch or exclude. - # These namespaces are applied to every resource specified in the resources list. - # However, every specified resource can override this by using its own namespaces object. - namespaces: *k8s-events-namespaces - - # Describes event constraints for Kubernetes resources. - # These constraints are applied for every resource specified in the `resources` list, unless they are overridden by the resource's own `events` object. - event: - # Lists all event types to be watched. - types: - - create - - # Describes the Kubernetes resources you want to watch. - # See the `values.yaml` file for full object. - resources: - - type: v1/pods - - type: v1/services - - type: networking.k8s.io/v1/ingresses - - type: v1/nodes - - type: v1/namespaces - - type: v1/configmaps - - type: apps/v1/deployments - - type: apps/v1/statefulsets - - type: apps/v1/daemonsets - - type: batch/v1/jobs - - 'prometheus': - ## Prometheus source configuration - ## Plugin name syntax: /[@]. If version is not provided, the latest version from repository is used. - botkube/prometheus: - # If true, enables `prometheus` source. - enabled: false - config: - # Prometheus endpoint without api version and resource. - url: "http://localhost:9090" - # If set as true, Prometheus source plugin will not send alerts that is created before plugin start time. - ignoreOldAlerts: true - # Only the alerts that have state provided in this config will be sent as notification. https://pkg.go.dev/github.com/prometheus/prometheus/rules#AlertState - alertStates: ["firing", "pending", "inactive"] - # Logging configuration - log: - # Log level - level: info - -# Filter settings for various sources. -# Currently, all filters are globally enabled or disabled. -# You can enable or disable filters with `@Botkube enable/disable filters` commands. -filters: - kubernetes: - # If true, enables support for `botkube.io/disable` resource annotation. - objectAnnotationChecker: true - # If true, filters out Node-related events that are not important. - nodeEventsChecker: true - -# Setting to support multiple clusters -settings: - # Cluster name to differentiate incoming messages - clusterName: not-configured - # Set true to enable config watcher - # Server configuration which exposes functionality related to the app lifecycle. - lifecycleServer: - deployment: - name: botkube - namespace: botkube - port: "2113" - # Set false to disable upgrade notification - upgradeNotifier: true - -# Parameters for the config watcher container. -configWatcher: - enabled: false # Used only on Kubernetes - -# Map of enabled executors. The `executors` property name is an alias for a given configuration. -# It's used as a binding reference. -# -# Format: executors.{alias} -executors: - 'kubectl-read-only': - # Kubectl executor configs - kubectl: - namespaces: - include: [".*"] - # Set true to enable kubectl commands execution - enabled: false - # List of allowed commands - commands: - # method which are allowed - verbs: [ "api-resources", "api-versions", "cluster-info", "describe", "diff", "explain", "get", "logs", "top", "auth" ] - # resource configuration which is allowed - resources: [ "deployments", "pods" , "namespaces", "daemonsets", "statefulsets", "storageclasses", "nodes" ] - # set Namespace to execute botkube kubectl commands by default - defaultNamespace: default - # Set true to enable commands execution from configured channel only - restrictAccess: false diff --git a/helm/botkube/e2e-test-values.yaml b/helm/botkube/e2e-test-values.yaml index 5ea6be115..2cccf535f 100644 --- a/helm/botkube/e2e-test-values.yaml +++ b/helm/botkube/e2e-test-values.yaml @@ -74,7 +74,7 @@ sources: group: type: Static static: - values: [*static-group-name] # "botkube-plugins-read-only" is the default + values: [ *static-group-name ] # "botkube-plugins-read-only" is the default user: type: Static static: @@ -195,40 +195,40 @@ executors: enabled: true context: rbac: - group: + user: type: Static static: - values: [ "kubectl-first-channel" ] + value: "kubectl-first-channel" 'kubectl-exec-cmd': botkube/kubectl: enabled: false context: rbac: - group: + user: type: Static static: # 'exec' verb perms on 'botkube' and 'default' namespaces - values: [ "kc-exec-only" ] + value: "kc-exec-only" 'kubectl-not-bound-to-any-channel': botkube/kubectl: enabled: true context: rbac: - group: + user: type: Static static: # deployments port-forward across all namespaces - values: [ "kubectl-first-channel" ] + value: "kubectl-first-channel" 'kubectl-with-svc-label-perms': botkube/kubectl: enabled: true context: rbac: - group: + user: type: Static static: # service labeling across all namespaces - values: [ "kc-label-svc-all" ] + value: "kc-label-svc-all" 'other-plugins': botkube/echo@v1.0.1-devel: @@ -303,115 +303,115 @@ extraEnv: extraObjects: -# Group 'kubectl-first-channel': permissions for kubectl for first channel -## namespace scoped permissions -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: &kubectl-wait - name: kubectl-first-channel-namespaced-perms - labels: - app.kubernetes.io/instance: botkube-e2e-test - rules: - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get","watch","list" ] - - apiGroups: [""] - resources: ["configmaps", "pods"] - verbs: ["get", "watch", "list"] -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - <<: *kubectl-wait - namespace: botkube - roleRef: &kubectl-wait-role - apiGroup: rbac.authorization.k8s.io + # Group 'kubectl-first-channel': permissions for kubectl for first channel + ## namespace scoped permissions + - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole - name: kubectl-first-channel-namespaced-perms - subjects: &kubectl-first-channel-subject - - kind: Group - name: kubectl-first-channel + metadata: &kubectl-wait + name: kubectl-first-channel-namespaced-perms + labels: + app.kubernetes.io/instance: botkube-e2e-test + rules: + - apiGroups: [ "apps" ] + resources: [ "deployments" ] + verbs: [ "get","watch","list" ] + - apiGroups: [ "" ] + resources: [ "configmaps", "pods" ] + verbs: [ "get", "watch", "list" ] + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + <<: *kubectl-wait + namespace: botkube + roleRef: &kubectl-wait-role apiGroup: rbac.authorization.k8s.io -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - <<: *kubectl-wait - namespace: default - roleRef: *kubectl-wait-role - subjects: *kubectl-first-channel-subject + kind: ClusterRole + name: kubectl-first-channel-namespaced-perms + subjects: &kubectl-first-channel-subject + - kind: User + name: kubectl-first-channel + apiGroup: rbac.authorization.k8s.io + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + <<: *kubectl-wait + namespace: default + roleRef: *kubectl-wait-role + subjects: *kubectl-first-channel-subject -### cluster permissions -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: &kubectl-deploy-all-meta - name: kc-first-channel-cluster-perms - labels: - app.kubernetes.io/instance: botkube-e2e-test - rules: - - apiGroups: [ "apps" ] - resources: [ "deployments" ] - verbs: [ "get", "list" ] -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: *kubectl-deploy-all-meta - roleRef: - apiGroup: rbac.authorization.k8s.io + ### cluster permissions + - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole - name: kc-first-channel-cluster-perms - subjects: *kubectl-first-channel-subject + metadata: &kubectl-deploy-all-meta + name: kc-first-channel-cluster-perms + labels: + app.kubernetes.io/instance: botkube-e2e-test + rules: + - apiGroups: [ "apps" ] + resources: [ "deployments" ] + verbs: [ "get", "list" ] + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: *kubectl-deploy-all-meta + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kc-first-channel-cluster-perms + subjects: *kubectl-first-channel-subject -# Group 'kc-exec-only' -## exec only for default and botkube namespaces: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: &kc-exec-only-meta - name: kc-exec-only - labels: - app.kubernetes.io/instance: botkube-e2e-test - rules: - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - <<: *kc-exec-only-meta - namespace: botkube - roleRef: &kc-exec-only-role - apiGroup: rbac.authorization.k8s.io + # Group 'kc-exec-only' + ## exec only for default and botkube namespaces: + - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole - name: kc-exec-only - subjects: &kc-exec-only-subject - - kind: Group + metadata: &kc-exec-only-meta name: kc-exec-only + labels: + app.kubernetes.io/instance: botkube-e2e-test + rules: + - apiGroups: [ "" ] + resources: [ "pods/exec" ] + verbs: [ "create" ] + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + <<: *kc-exec-only-meta + namespace: botkube + roleRef: &kc-exec-only-role apiGroup: rbac.authorization.k8s.io -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - <<: *kc-exec-only-meta - namespace: default - roleRef: *kc-exec-only-role - subjects: *kc-exec-only-subject + kind: ClusterRole + name: kc-exec-only + subjects: &kc-exec-only-subject + - kind: User + name: kc-exec-only + apiGroup: rbac.authorization.k8s.io + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + <<: *kc-exec-only-meta + namespace: default + roleRef: *kc-exec-only-role + subjects: *kc-exec-only-subject -# Group 'kc-label-svc-all': -## namespace scoped permissions -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: &kc-label-svc-all-meta - name: kc-label-svc-all - labels: - app.kubernetes.io/instance: botkube-e2e-test - rules: - - apiGroups: [ "" ] - resources: [ "services" ] - verbs: [ "get", "patch" ] -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: *kc-label-svc-all-meta - roleRef: - apiGroup: rbac.authorization.k8s.io + # Group 'kc-label-svc-all': + ## namespace scoped permissions + - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole - name: kc-label-svc-all - subjects: - - kind: Group + metadata: &kc-label-svc-all-meta name: kc-label-svc-all + labels: + app.kubernetes.io/instance: botkube-e2e-test + rules: + - apiGroups: [ "" ] + resources: [ "services" ] + verbs: [ "get", "patch" ] + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: *kc-label-svc-all-meta + roleRef: apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kc-label-svc-all + subjects: + - kind: User + name: kc-label-svc-all + apiGroup: rbac.authorization.k8s.io diff --git a/pkg/bot/interactive/help.go b/pkg/bot/interactive/help.go index f28dd420d..2679cb1bc 100644 --- a/pkg/bot/interactive/help.go +++ b/pkg/bot/interactive/help.go @@ -176,7 +176,7 @@ func (h *HelpMessage) executorSections() []api.Section { return []api.Section{ { Base: api.Base{ - Header: "Manage executors", + Header: "List executors and aliases", }, Buttons: []api.Button{ h.btnBuilder.ForCommandWithDescCmd("List executors", "list executors"), diff --git a/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_headers_and_default_new_lines.golden.txt b/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_headers_and_default_new_lines.golden.txt index 58a19ac15..a6103d621 100644 --- a/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_headers_and_default_new_lines.golden.txt +++ b/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_headers_and_default_new_lines.golden.txt @@ -28,7 +28,7 @@ By default, Botkube will notify only about cluster errors and recommendations. ``` • `@Botkube show config` -*Manage executors* +*List executors and aliases* • `@Botkube list executors` • `@Botkube list aliases` diff --git a/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_new_lines_and_default_headers.golden.txt b/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_new_lines_and_default_headers.golden.txt index 534afb117..0137f22ba 100644 --- a/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_new_lines_and_default_headers.golden.txt +++ b/pkg/bot/interactive/testdata/TestInteractiveMessageToMarkdown/render_with_custom_new_lines_and_default_headers.golden.txt @@ -4,4 +4,4 @@ Botkube is now active for "testing" cluster :rocket:

**Ping your cluster* @Botkube [list|enable|disable] action [action name] ```
• `@Botkube list actions`

**View current Botkube configuration**
``` @Botkube show config -```
• `@Botkube show config`

**Manage executors**
• `@Botkube list executors`
• `@Botkube list aliases`

**Run kubectl commands (if enabled)**
You can run kubectl commands directly from Platform!
• `@Botkube kubectl get services`
• `@Botkube kubectl get pods`
• `@Botkube kubectl get deployments`

**Angry? Amazed?**
Give feedback: https://feedback.botkube.io

Read our docs: https://docs.botkube.io
Join our Slack: https://join.botkube.io
Follow us on Twitter: https://twitter.com/botkube_io
\ No newline at end of file +```
• `@Botkube show config`

**List executors and aliases**
• `@Botkube list executors`
• `@Botkube list aliases`

**Run kubectl commands (if enabled)**
You can run kubectl commands directly from Platform!
• `@Botkube kubectl get services`
• `@Botkube kubectl get pods`
• `@Botkube kubectl get deployments`

**Angry? Amazed?**
Give feedback: https://feedback.botkube.io

Read our docs: https://docs.botkube.io
Join our Slack: https://join.botkube.io
Follow us on Twitter: https://twitter.com/botkube_io
\ No newline at end of file diff --git a/pkg/bot/interactive/testdata/TestInteractiveMessageToPlaintext.golden.txt b/pkg/bot/interactive/testdata/TestInteractiveMessageToPlaintext.golden.txt index dfd79ee68..ab53c7e26 100644 --- a/pkg/bot/interactive/testdata/TestInteractiveMessageToPlaintext.golden.txt +++ b/pkg/bot/interactive/testdata/TestInteractiveMessageToPlaintext.golden.txt @@ -23,7 +23,7 @@ View current Botkube configuration • @Botkube show config -Manage executors +List executors and aliases • @Botkube list executors • @Botkube list aliases diff --git a/pkg/execute/plugin_discovery.go b/pkg/execute/plugin_discovery.go index 8f52163c3..2bbd2ea7e 100644 --- a/pkg/execute/plugin_discovery.go +++ b/pkg/execute/plugin_discovery.go @@ -1,8 +1,8 @@ package execute var staticPluginDiscovery = map[string]string{ - "kubectl": "No `kubectl` commands are enabled in this channel. To learn how to enable them, visit https://docs.botkube.io/configuration/executor/kubectl", - "helm": "No `helm` commands are enabled in this channel. To learn how to enable them, visit https://docs.botkube.io/configuration/executor/helm", + "kubectl": "`kubectl` commands are disabled for this channel. To learn how to enable Kubectl executor, visit https://docs.botkube.io/configuration/executor/kubectl", + "helm": "`helm` commands are disabled for this channel. To learn how to enable Helm executor, visit https://docs.botkube.io/configuration/executor/helm", } // GetInstallHelpForKnownPlugin returns install help for a known plugin.