✨ Add interactive cmd prompt for permission claims #2309
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
varshaprasad96
requested review from
sttts
and removed request for
davidfestal and
stevekuznetsov
varshaprasad96
force-pushed
the
claims/edit
branch
3 times, most recently
from
552cc9d
to
25c8ff6
Compare
pkg/cliplugins/claims/cmd/cmd.go
Outdated
| %[1]s claims get apibinding cert-manager | ||
|
|
||
| # Edit the permission claims' status for all APIBindings in current workspace with an interactive prompt. | ||
| %[1]s claims get apibinding |
There was a problem hiding this comment.
| %[1]s claims get apibinding | |
| %[1]s claims edit apibinding |
There was a problem hiding this comment.
This reads weird - maybe require --all or something?
There was a problem hiding this comment.
The idea was to just to list all the open claims for all bindings in case a specific binding wasn't given. It follows a similar format to the get command. If we add --all flag then we should probably do so for get too.
| } | ||
| } | ||
|
|
||
| func readInput(reader *bufio.Reader) string { |
There was a problem hiding this comment.
How is this different from readLine()?
There was a problem hiding this comment.
We could make both the methods into one. The reason for having it different was in future we can extend this to parse an array or process string with a different delimiter. Say,
func readArray(reader *bufio.Reader) []string {
arr := make([]string, 0)
text := readLine(reader)
for _, words := range strings.Split(text, ",") {
arr = append(arr, strings.TrimSpace(words))
}
return arr
}This is just to make post processing of string separate for future use cases.
| return strings.ToLower(strings.Trim(strings.TrimSpace(text), "`'\"")) | ||
| } | ||
|
|
||
| func inferText(input string, wr io.Writer) (ClaimAction, error) { |
There was a problem hiding this comment.
Is there any library to do this for us? I imagine there are other permutations as well.
There was a problem hiding this comment.
I tried digging into some available options like go-prompt and prompt-ui. These are shell libraries which have more advanced features like auto-complete/suggestions or selections . And for creating simple prompts as we have done, they follow a similar approach as here. And then also looked into some upstream repos, like kubectl (https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/util/editor/editoptions.go#L889) and kubebuilder (https://pkg.go.dev/sigs.k8s.io/kubebuilder/v3/pkg/plugin/util#YesNo), which seemed to follow a similar approach. For (Y)es|(N)o|(S)kip case, the available possibilities are less (precisely 6 - given that we are converting all inputs into a single case for inferring it).
|
A question I don't see addressed in the design doc - will there be a way for users to programmatically accept permission claims? I know there's danger there and we might not want to make it too easy, but I'm anticipating someone asking. |
varshaprasad96
force-pushed
the
claims/edit
branch
from
25c8ff6
to
60fd0da
Compare
Agreed, for now my understanding was anyone who can access the workspace where APIBinding was created can change the state of the claim. Or maybe the right wording is, any user who can edit the apibinding can accept/reject respective claim. Are we looking to add another layer of rbac, wherein a user can view the binding, edit the export reference but not permission claim? (more like claims can be modified only be admins?) |
varshaprasad96
force-pushed
the
claims/edit
branch
from
60fd0da
to
1671008
Compare
That's probably sufficient; if someone wants to automate things, they can use Go or wrappers around |
openshift-merge-robot
added
the
needs-rebase
|
@varshaprasad96: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@varshaprasad96 so sorry for losing sight of this PR! Are you still available to work on it, or would you be interested in trying to find someone to take it over for you? |
|
@ncdc I can work on this sometime this week and rebase with the latest changes. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
kcp-ci-bot
added
the
lifecycle/stale
|
I still think we want this / something like this. /remove-lifecycle stale |
kcp-ci-bot
removed
the
lifecycle/stale
Summary
This PR introduces an interactive command prompt to edit the status of open claims for apibindings. The user can provide - Yes/No/Skip to accept/reject/skip any action on a permission claim respectively.
Use cases:
What happens after editing?
spec.AcceptablePermssionClaimgets updated based on the user input. For example:PS: With the updates added to the permission claims spec (like sub-resources, verbs), the prompt's UI will need to change accordingly.
Design doc: https://docs.google.com/document/d/1J31wXY1-2aCyyGFjUlusKoHDzV-zktAmRdIMjMf4OR0/edit
Related issue(s)
Fixes #