Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated actions don't work with the ChannelName RBAC #1045

Closed
mszostok opened this issue Apr 17, 2023 · 0 comments · Fixed by kubeshop/botkube-docs#227
Closed

Automated actions don't work with the ChannelName RBAC #1045

mszostok opened this issue Apr 17, 2023 · 0 comments · Fixed by kubeshop/botkube-docs#227
Assignees
@josefkarasek
Labels
enhancement New feature or request
Milestone
v1.1.0

Comments

@mszostok
Copy link
Collaborator

mszostok commented Apr 17, 2023
edited
Loading

Overview

With such example configuration:

executors:
  k8s-cli-tools:
    botkube/helm:
      enabled: true
      context:
        rbac:
          group:
            type: ChannelName

actions:
  'check-helm-release':
    enabled: true
    displayName: Display Helm release notes
    command: helm get notes {{ trimPrefix "sh.helm.release.v1." (trimSuffix ".v1"  .Event.Name) }} -n {{.Event.Namespace}}
    bindings:
      sources:
        - detect-helm-release
      executors:
        - k8s-cli-tools

You will observe that the action was rendered and executed. However, you will see that you don't have permissions to run it.

Acceptance Criteria

  1. Detect and block ChannelName usage in executor configuration.
  • return human-readable error with suggestion how to fix it.
  1. Update documentation to describe our RBAC policy for actions.

Later

Wait for user feedback and if requested add support for the ChannelName RBAC is used for executor under actions. Maybe it would be worth to get the channel name directly from triggered source. However, let's wait for real use-cases.

Reason

Improve UX.
@mszostok mszostok added enhancement New feature or request needs-triage Relates to issues that should be refined labels Apr 17, 2023
@mszostok mszostok added this to Botkube Apr 17, 2023
@mszostok mszostok moved this to Todo in Botkube Apr 17, 2023
@mszostok mszostok added this to the v1.1.0 milestone Apr 17, 2023
@mszostok mszostok removed the needs-triage Relates to issues that should be refined label Apr 21, 2023
@josefkarasek josefkarasek self-assigned this Apr 26, 2023
@josefkarasek josefkarasek moved this from Todo to In Progress in Botkube May 10, 2023
@pkosiec pkosiec modified the milestones: v1.0.1, v1.1.0 May 15, 2023
This was referenced May 15, 2023
Merged
Merged
@github-project-automation github-project-automation bot moved this from In Progress to To Release in Botkube May 16, 2023
@pkosiec pkosiec moved this from To Release to Done in Botkube May 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josefkarasek josefkarasek

Labels
enhancement New feature or request
Projects
Botkube
Status: Done
Milestone
v1.1.0
Development

Successfully merging a pull request may close this issue.

block actions with ChannelName rbac josefkarasek/botkube-docs
3 participants
@josefkarasek @pkosiec @mszostok