MG-34: Add oc cli like must-gather collection with ServerPrompt#51
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@harche @ardaguclu referring to #38 (comment), should we move this into |
My thoughts are we should probably be making one or more OpenShift specific toolgroups eventually |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
yes. maybe a |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
swghosh
force-pushed
the
plan-mg-tool
branch
2 times, most recently
from
c9616ae to
f2b231f
Compare
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
I guess we never did this, but the "core" here is also just one file: |
openshift-merge-robot
added
the
needs-rebase
|
There is a test failing - also it would be nice to do a rebase |
swghosh
changed the title
swghosh
force-pushed
the
plan-mg-tool
branch
from
9d601d4 to
d87e167
Compare
swghosh
force-pushed
the
plan-mg-tool
branch
from
d87e167 to
672273b
Compare
| clusterRoleBindingName := fmt.Sprintf("%s-must-gather-collector", namespace) | ||
| clusterRoleBinding := &rbacv1.ClusterRoleBinding{ | ||
| TypeMeta: metav1.TypeMeta{ | ||
| APIVersion: "rbac.authorization.k8s.io/v1", | ||
| Kind: "ClusterRoleBinding", | ||
| }, | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| Name: clusterRoleBindingName, | ||
| }, | ||
| RoleRef: rbacv1.RoleRef{ | ||
| APIGroup: "rbac.authorization.k8s.io", | ||
| Kind: "ClusterRole", | ||
| Name: "cluster-admin", | ||
| }, | ||
| Subjects: []rbacv1.Subject{ | ||
| { | ||
| Kind: "ServiceAccount", | ||
| Name: serviceAccountName, | ||
| Namespace: namespace, | ||
| }, | ||
| }, | ||
| } |
There was a problem hiding this comment.
I get that this is normal for must gather, but binding to cluster admin on a command that is AI-triggerable is a little scary 😅
let's make sure we validate exactly what is being run by the agent when this rolebinding is present, otherwise this seems like a huge security vuln
There was a problem hiding this comment.
@Prashanth684 too, any thoughts?
The way this works right now is a prompt and user has to still approve the tool call for the resources_create_or_update before proceeding with adding the RBAC binding.
There was a problem hiding this comment.
@Cali0707 an alternative approach is to have a fine-grained RBAC that has only "GET" kinda RBAC more fine-grained, more suitable for must-gather (since it's essentially just a collection tool) but we do require nodes/exec to run some performance analysis (which is part of the default must-gather collection). An eg. role for reference.
The downside with the granular RBAC being that users cannot trigger custom must-gather images like a must-gather image specifically targetted by an operator (implemented in all_images flow), because that'll require some other privileges.
There was a problem hiding this comment.
My main concern is that the must gather command (which runs in the pod with all these privileges) is currently something that the agent can set. So, the agent could in theory get around any RBAC/resource protections that are in place through this
There was a problem hiding this comment.
agree with these concerns. what we can do here:
- add an allowlist of commands
- add registry allow list (for non custom images - for custom images, it is upto the user, but we still need to check that the desired image is used)
- interactive confirmation
- explicitly show security warnings
- restrict this functionality to cluster admins
There was a problem hiding this comment.
Updated to use validation that checks for a well known allow list for:
- gather commands specified by user
- Red Hat approved registries for container images specified by user
We already raise a warning if the current user is not privileged enough to perform the action through SARC checks.
swghosh
force-pushed
the
plan-mg-tool
branch
from
672273b to
9e4e875
Compare
swghosh
force-pushed
the
plan-mg-tool
branch
2 times, most recently
from
9cea02a to
bac885f
Compare
| gatherCmd[0] = defaultGatherCmd | ||
| } | ||
|
|
||
| if !isAllowedGatherCommand(gatherCmd[0]) { |
There was a problem hiding this comment.
is there a way for the user to override this if needed? maybe something through elicitation? we have the server initiate whether the user wants to use this image and is willing to undertake the risk
There was a problem hiding this comment.
Elicitation support is something I am looking into upstream, but it is not there yet...
Do you think we should wait for that in this PR, or add code using that as a follow up?
There was a problem hiding this comment.
Yes, no need to block the PR on that - we can follow up
openshift-ci
bot
added
lgtm
Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
swghosh
force-pushed
the
plan-mg-tool
branch
from
bac885f to
7652ca9
Compare
|
@swghosh: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/override "Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request" |
|
@matzew: Overrode contexts on behalf of matzew: Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Cali0707, matzew, swghosh The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@swghosh: This pull request references MG-34 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-merge-bot
bot
merged commit c8655b7
into
openshift:main
6 participants
plan_mustgatherdynamic prompt for collecting must-gather(s) from OpenShift clusterDetails
[MCP inspector](https://modelcontextprotocol.io/docs/tools/inspector):Input (inferred defaults):
{ "gather_command": "/usr/bin/gather", "source_dir": "/must-gather" }Output:
The generated plan contains YAML manifests for must-gather pods and required resources (namespace, serviceaccount, clusterrolebinding). Suggest how the user can apply the manifest and copy results locally (
oc cp/kubectl cp).Ask the user if they want to apply the plan
oc apply/kubectl applyinstead.Once the must-gather collection is completed, the user may which to cleanup the created resources.
kubectl delete.