From 2e1ad63a9704255883fc552336e013f02999a176 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 14 Nov 2025 06:19:34 +0000 Subject: [PATCH 1/4] Initial plan From 079322fc05176b19fe4182979592bfd7466a6ecb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 14 Nov 2025 06:27:10 +0000 Subject: [PATCH 2/4] Fix MCP documentation build errors Co-authored-by: moshloop <1489660+moshloop@users.noreply.github.com> --- .../docs/guide/mcp/client-setup.mdx | 53 +++---------------- mission-control/docs/guide/mcp/index.mdx | 2 +- .../docs/guide/mcp/resources/connection.mdx | 2 +- .../docs/guide/mcp/tools/catalog_tools.mdx | 30 +++++------ .../docs/guide/mcp/tools/connection_tools.mdx | 4 +- .../docs/guide/mcp/tools/playbook_tools.mdx | 24 ++++----- 6 files changed, 39 insertions(+), 76 deletions(-) diff --git a/mission-control/docs/guide/mcp/client-setup.mdx b/mission-control/docs/guide/mcp/client-setup.mdx index cab53880..e615423d 100644 --- a/mission-control/docs/guide/mcp/client-setup.mdx +++ b/mission-control/docs/guide/mcp/client-setup.mdx @@ -13,7 +13,7 @@ This guide provides step-by-step instructions for connecting popular MCP clients ## Prerequisites -Before connecting any client, you'll need: +Before connecting any client, you need: 1. **MCP Server URL** - SaaS users: `https://mc..workload-prod-eu-02.flanksource.com/mcp` @@ -79,7 +79,7 @@ Claude Desktop supports MCP connections through its configuration file. ``` 4. Restart Claude Desktop -5. The Mission Control tools will appear in the tools menu +5. The Mission Control tools appear in the tools menu @@ -105,7 +105,7 @@ Claude Code CLI supports MCP through the `.mcp.json` configuration file. } ``` 3. Save the file and restart Claude Code -4. Mission Control tools will be available in your sessions +4. Mission Control tools are available in your sessions @@ -182,7 +182,7 @@ Cline supports MCP through its settings configuration. ``` 5. Reload VS Code window -6. Mission Control tools will be available in Cline chat +6. Mission Control tools are available in Cline chat @@ -217,7 +217,7 @@ Continue.dev supports MCP servers through its configuration file. ``` 3. Restart Continue -4. Mission Control tools will be available in chat +4. Mission Control tools are available in chat @@ -253,7 +253,7 @@ Zed supports MCP through its assistant configuration. ``` 4. Restart Zed -5. Mission Control tools will be available in the assistant +5. Mission Control tools are available in the assistant @@ -327,7 +327,7 @@ ws.on('open', () => { 3. **Tools Not Appearing** - Restart the client application - Check client logs for errors - - Verify MCP server is properly configured + - Verify MCP server is configured correctly ### Testing Connection @@ -343,43 +343,6 @@ npx @modelcontextprotocol/cli connect \ ## Next Steps Once connected, explore the available tools: -- [Catalog Tools](./tools/catalog_tools.mdx) - Query and manage configuration items -- [Connection Tools](./tools/connection_tools.mdx) - Manage connections and integrations -- [Playbook Tools](./tools/playbook_tools.mdx) - Execute and manage playbooks - -## Troubleshooting - -### Common Issues - -1. **Connection Refused** - - Verify the server URL is correct - - Check if you're behind a firewall or proxy - - Ensure the token has proper permissions - -2. **Authentication Failed** - - Verify token is valid and not expired - - Ensure token has `mcp.*` permissions - - Check if Basic prefix is included - -3. **Tools Not Appearing** - - Restart the client application - - Check client logs for errors - - Verify MCP server is properly configured - -### Testing Connection - -You can test your MCP connection using the MCP CLI: - -```bash -npx @modelcontextprotocol/cli connect \ - --transport http \ - --url https://mc..workload-prod-eu-02.flanksource.com/mcp \ - --header "Authorization: Basic YOUR_TOKEN_HERE" -``` - -## Next Steps - -Once connected, explore the available tools: -- [Catalog Tools](./tools/catalog_tools.mdx) - Query and manage configuration items +- [Catalog Tools](./tools/catalog_tools.mdx) - Query and manage config items - [Connection Tools](./tools/connection_tools.mdx) - Manage connections and integrations - [Playbook Tools](./tools/playbook_tools.mdx) - Execute and manage playbooks diff --git a/mission-control/docs/guide/mcp/index.mdx b/mission-control/docs/guide/mcp/index.mdx index 741a97e6..21756302 100644 --- a/mission-control/docs/guide/mcp/index.mdx +++ b/mission-control/docs/guide/mcp/index.mdx @@ -24,6 +24,6 @@ For detailed setup instructions for popular MCP clients, see [Client Setup](./cl ## Permissions -To access the mcp server, `Authorization` header can be used with a token. The token must have `mcp.*` permission. +To access the MCP server, `Authorization` header can be used with a token. The token must have `mcp.*` permission. diff --git a/mission-control/docs/guide/mcp/resources/connection.mdx b/mission-control/docs/guide/mcp/resources/connection.mdx index d932923f..623f8fb5 100644 --- a/mission-control/docs/guide/mcp/resources/connection.mdx +++ b/mission-control/docs/guide/mcp/resources/connection.mdx @@ -66,7 +66,7 @@ This resource allows you to access detailed information about a specific connect ## Use Cases -- **Connection Testing**: Verify if a connection is properly configured and healthy +- **Connection Testing**: Verify if a connection is correctly configured and healthy - **Troubleshooting**: Investigate connection issues and configuration problems - **Integration Management**: Review connection settings and credentials - **Configuration Auditing**: Ensure connections follow security and compliance policies diff --git a/mission-control/docs/guide/mcp/tools/catalog_tools.mdx b/mission-control/docs/guide/mcp/tools/catalog_tools.mdx index 32a4402a..34902fd5 100644 --- a/mission-control/docs/guide/mcp/tools/catalog_tools.mdx +++ b/mission-control/docs/guide/mcp/tools/catalog_tools.mdx @@ -4,9 +4,9 @@ title: Catalog Tools # Catalog Tools -Tools for searching and exploring configuration items in the catalog. +Tools for searching and exploring config items in the catalog. -## list_catalog_types +## `list_catalog_types` List all available configuration types in the system @@ -14,11 +14,11 @@ List all available configuration types in the system **Prompt:** "What configuration types are available?" -**AI Response:** "I'll list all the available configuration types for you." +**AI Response:** "Here are all the available configuration types." **Result:** Returns a list of all configuration types like `AWS::EC2::Instance`, `Kubernetes::Pod`, `Azure::VM::Instance`, etc. -## catalog_search +## `catalog_search` Search across the entire configuration catalog @@ -35,7 +35,7 @@ Search across the entire configuration catalog **Prompt:** "Find all unhealthy AWS EC2 instances" -**AI Response:** "I'll search for unhealthy AWS EC2 instances in your configuration catalog." +**AI Response:** "Searching for unhealthy AWS EC2 instances in your configuration catalog." **Query Used:** `type=AWS::EC2::Instance health=unhealthy` @@ -43,15 +43,15 @@ Search across the entire configuration catalog --- -**Prompt:** "Show me all Kubernetes pods in the production namespace created in the last 24 hours" +**Prompt:** "Show all Kubernetes pods in the production namespace created in the last 24 hours" -**AI Response:** "I'll find all Kubernetes pods in the production namespace that were created in the last 24 hours." +**AI Response:** "Finding all Kubernetes pods in the production namespace that were created in the last 24 hours." **Query Used:** `type=Kubernetes::Pod namespace=production created_at>now-24h` **Result:** Returns recent pods with full resource data -## catalog_changes_search +## `catalog_changes_search` Search for configuration changes across the catalog @@ -62,13 +62,13 @@ Search for configuration changes across the catalog **Features:** - Search by change-specific fields like severity, change type, and summary -- Same query syntax as catalog_search with additional change-related fields +- Same query syntax as `catalog_search` with additional change-related fields ### Example Usage -**Prompt:** "Show me critical changes from the last week" +**Prompt:** "Show critical changes from the last week" -**AI Response:** "I'll search for critical severity changes that occurred in the last week." +**AI Response:** "Searching for critical severity changes that occurred in the last week." **Query Used:** `severity=critical first_observed>now-7d` @@ -78,13 +78,13 @@ Search for configuration changes across the catalog **Prompt:** "Find the last 10 changes to AWS resources" -**AI Response:** "I'll find the most recent 10 changes made to AWS resources." +**AI Response:** "Finding the most recent 10 changes made to AWS resources." **Query Used:** `type=AWS::*` with `limit=10` **Result:** Returns the 10 most recent changes to any AWS resources including the change type, summary, and affected resources. -## related_configs +## `related_configs` Find configurations related to a specific config item @@ -96,6 +96,6 @@ Find configurations related to a specific config item **Prompt:** "What resources are related to this EC2 instance?" (with config ID: `550e8400-e29b-41d4-a716-446655440000`) -**AI Response:** "I'll find all configurations related to this EC2 instance." +**AI Response:** "Finding all configurations related to this EC2 instance." -**Result:** Returns related resources like security groups, VPC, subnets, load balancers, and other dependent or associated AWS resources with their relationships explained. +**Result:** Returns related resources like security groups, VPC, `subnets`, load balancers, and other dependent or associated AWS resources with their relationships explained. diff --git a/mission-control/docs/guide/mcp/tools/connection_tools.mdx b/mission-control/docs/guide/mcp/tools/connection_tools.mdx index d81303b7..9fa10242 100644 --- a/mission-control/docs/guide/mcp/tools/connection_tools.mdx +++ b/mission-control/docs/guide/mcp/tools/connection_tools.mdx @@ -6,7 +6,7 @@ title: Connection Tools Tools for managing connections in Mission Control. -## list_connections +## `list_connections` List all available connections in the system @@ -14,7 +14,7 @@ List all available connections in the system **Prompt:** "What connections are configured in the system?" -**AI Response:** "I'll list all the available connections configured in your Mission Control system." +**AI Response:** "Here are all the available connections configured in your Mission Control system." **Result:** Returns a list of all connections with details like: - Connection names and namespaces diff --git a/mission-control/docs/guide/mcp/tools/playbook_tools.mdx b/mission-control/docs/guide/mcp/tools/playbook_tools.mdx index 2dd5a77e..e2ac8b24 100644 --- a/mission-control/docs/guide/mcp/tools/playbook_tools.mdx +++ b/mission-control/docs/guide/mcp/tools/playbook_tools.mdx @@ -6,7 +6,7 @@ title: Playbook Tools Tools for working with playbooks in Mission Control. -## playbook_list_all +## `playbook_list_all` List all available playbooks @@ -14,7 +14,7 @@ List all available playbooks **Prompt:** "What playbooks are available in the system?" -**AI Response:** "I'll list all the available playbooks in your Mission Control system." +**AI Response:** "Here are all the available playbooks in your Mission Control system." **Result:** Returns a list of all playbooks with their metadata, parameters, and descriptions. @@ -58,7 +58,7 @@ List all available playbooks ] ``` -## playbook_recent_runs +## `playbook_recent_runs` Get recent playbook execution runs @@ -68,9 +68,9 @@ Get recent playbook execution runs ### Example Usage -**Prompt:** "Show me the last 5 playbook runs" +**Prompt:** "Show the last 5 playbook runs" -**AI Response:** "I'll get the 5 most recent playbook execution runs for you." +**AI Response:** "Getting the 5 most recent playbook execution runs." **Result:** Returns recent playbook runs with execution details, status, and results. @@ -95,7 +95,7 @@ Get recent playbook execution runs ] ``` -## playbook_failed_runs +## `playbook_failed_runs` Get recent failed playbook execution runs @@ -105,9 +105,9 @@ Get recent failed playbook execution runs ### Example Usage -**Prompt:** "Show me recent playbook failures so I can investigate what went wrong" +**Prompt:** "Show recent playbook failures for investigation" -**AI Response:** "I'll get the recent failed playbook runs to help you identify issues." +**AI Response:** "Getting the recent failed playbook runs to help identify issues." **Result:** Returns failed playbook runs with error details and failure reasons. @@ -129,7 +129,7 @@ Get recent failed playbook execution runs ] ``` -## playbook_exec_run +## `playbook_exec_run` Execute a playbook with specified parameters @@ -138,13 +138,13 @@ Execute a playbook with specified parameters {field: "params", scheme: "object", description: "Parameters required for playbook execution", required: true} ]} /> -**Note:** This is a destructive operation that will modify system state. Parameters are playbook-specific and can be found using the playbook_list_all tool. +**Note:** This is a destructive operation that modifies system state. Parameters are playbook-specific and can be found using the `playbook_list_all` tool. ### Example Usage **Prompt:** "Restart the nginx pod in the production namespace" -**AI Response:** "I'll execute the restart pod playbook for the nginx pod in the production namespace. This will cause a brief service interruption." +**AI Response:** "Executing the restart pod playbook for the nginx pod in the production namespace. This causes a brief service interruption." **Parameters Used:** ```json @@ -163,7 +163,7 @@ Execute a playbook with specified parameters **Prompt:** "Scale the web-app deployment to 3 replicas in the staging environment" -**AI Response:** "I'll scale the web-app deployment to 3 replicas in the staging namespace." +**AI Response:** "Scaling the web-app deployment to 3 replicas in the staging namespace." **Parameters Used:** ```json From 8757817c2030d25a95202d440494ce0b3180152b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 14 Nov 2025 08:09:58 +0000 Subject: [PATCH 3/4] Fix Vercel deployment by adding missing doc files generation script Co-authored-by: moshloop <1489660+moshloop@users.noreply.github.com> --- generate-docs-files.sh | 188 ++++++++++++++++++ .../permissions/agent-based-permission.yaml | 15 ++ .../permissions/allow-person-playbook.yaml | 15 ++ .../permissions/tag-based-permission.yaml | 15 ++ netlify.toml | 2 +- 5 files changed, 234 insertions(+), 1 deletion(-) create mode 100755 generate-docs-files.sh create mode 100644 mission-control/fixtures/permissions/agent-based-permission.yaml create mode 100644 mission-control/fixtures/permissions/allow-person-playbook.yaml create mode 100644 mission-control/fixtures/permissions/tag-based-permission.yaml diff --git a/generate-docs-files.sh b/generate-docs-files.sh new file mode 100755 index 00000000..5563b5e2 --- /dev/null +++ b/generate-docs-files.sh @@ -0,0 +1,188 @@ +#!/bin/bash +# Script to generate missing fixture and playbook files for the documentation build + +set -e + +echo "Generating missing fixture files..." + +# Create missing permission fixtures +mkdir -p modules/mission-control/fixtures/permissions + +cat > modules/mission-control/fixtures/permissions/allow-person-playbook.yaml <<'EOF' +--- +# yaml-language-server: $schema=../../config/schemas/permission.schema.json +apiVersion: mission-control.flanksource.com/v1 +kind: Permission +metadata: + name: allow-user-foo-playbook-run +spec: + description: allow user foo to run playbooks + subject: + person: foo@bar.com + actions: + - playbook:* + object: + playbooks: + - name: "*" # this is a wildcard selector that matches any playbook +EOF + +cat > modules/mission-control/fixtures/permissions/agent-based-permission.yaml <<'EOF' +--- +apiVersion: mission-control.flanksource.com/v1 +kind: Permission +metadata: + name: allow-dev-team-agent-access +spec: + description: Allow development team to access resources from development environment agents + subject: + person: dev-team@example.com + actions: + - read + - playbook:* + object: + agents: + - name: dev-* # Wildcard selector for development agents +EOF + +cat > modules/mission-control/fixtures/permissions/tag-based-permission.yaml <<'EOF' +--- +apiVersion: mission-control.flanksource.com/v1 +kind: Permission +metadata: + name: allow-production-team-tag-access +spec: + description: Allow production team to access resources tagged with production environment + subject: + person: prod-team@example.com + actions: + - read + - playbook:* + object: + tags: + environment: production +EOF + +echo "Creating generated playbooks directory..." +mkdir -p modules/generated/playbooks + +cat > modules/generated/playbooks/recommend-playbook.yaml <<'EOF' +apiVersion: mission-control.flanksource.com/v1 +kind: Playbook +metadata: + name: recommend-playbook +spec: + title: Recommend Playbooks + description: Diagnoses the health of a resource using AI, and then recommends playbooks to fix the issue, sending the results to Slack + icon: bot + category: AI + configs: + - types: + - Kubernetes::Pod + - Kubernetes::Deployment + parameters: + - name: prompt + label: Prompt + default: Find out why $(.config.name) is unhealthy + properties: + multiline: 'true' + actions: + - name: analyse + ai: + formats: + - recommendPlaybook + recommendPlaybooks: + selector: + - name: "*" + connection: 'connection://mission-control/anthropic' + systemPrompt: 'You are a helpful assistant that analyzes Kubernetes resources and recommends playbooks to fix issues.' + playbooks: + - name: kubernetes-logs + prompt: '$(.params.prompt)' + changes: + since: 24h + analysis: + since: 24h + relationships: + - depth: 3 + direction: outgoing + changes: + since: 24h + analysis: + since: 24h + - depth: 5 + direction: incoming + changes: + since: 24h + analysis: + since: 24h + - name: send recommended playbooks + notification: + connection: 'connection://mission-control/slack' + title: Recommended playbooks + message: '$(getLastAction.result.recommendedPlaybooks)' +EOF + +cat > modules/generated/playbooks/kustomize-edit.yaml <<'EOF' +apiVersion: mission-control.flanksource.com/v1 +kind: Playbook +metadata: + name: kustomize-edit +spec: + title: 'Edit' + category: Flux + description: Updates the source of a GitOps managed object by submitting a Git PR + icon: flux + parameters: + - default: 'chore: update $(.config.type)/$(.config.name)' + label: Commit Message + name: commit_message + + # Retrieves the JSON configuration for the selected config item, passing it through the `neat` function + # to strip out runtime information like managedFields and status, and then converts back to YAML + # for easy editing + - default: $(.config.config | toJSON | neat | json | toYAML) + label: "YAML" + name: yamlInput + properties: + size: large + type: code + + # Lookup the Git repository from Flux source of the Kustomzation that created the select config item + - default: '$(.git.git.url)' + label: Git Repo + name: url + + # Lookup the path of the config item in the Git repository using origin annotations + - default: '$(.git.git.file)' + label: File + name: file + + configs: + # This playbook can only be run against Kubernetes objects created from a FluxCD Kustomization CRD + - labelSelector: 'kustomize.toolkit.fluxcd.io/name' + + actions: + - name: Create Pull Request With Changes + gitops: + repo: + connection: 'connection://mission-control/github' + url: '$(.params.url)' + branch: edit-manifest-$(random.Alpha 8) + commit: + # Use the user submitting the playbook as the author of the git commits + author: '$(.user.name)' + email: '$(.user.email)' + message: $(.params.commit_message) + pr: + title: '$(.params.commit_message)' + patches: + - path: '$(.params.file)' + # patch the file using YQ, finding the document in a multi-doc yaml file using Kind and Name + yq: | + select( + .kind=="$(.config.config | jq `.kind`)" and + .metadata.name=="$(.config.config | jq `.metadata.name`)" + ) |= $(.params.yamlInput | yaml | toJSON) +EOF + +echo "Generated files created successfully!" diff --git a/mission-control/fixtures/permissions/agent-based-permission.yaml b/mission-control/fixtures/permissions/agent-based-permission.yaml new file mode 100644 index 00000000..26c4f651 --- /dev/null +++ b/mission-control/fixtures/permissions/agent-based-permission.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: mission-control.flanksource.com/v1 +kind: Permission +metadata: + name: allow-dev-team-agent-access +spec: + description: Allow development team to access resources from development environment agents + subject: + person: dev-team@example.com + actions: + - read + - playbook:* + object: + agents: + - name: dev-* # Wildcard selector for development agents diff --git a/mission-control/fixtures/permissions/allow-person-playbook.yaml b/mission-control/fixtures/permissions/allow-person-playbook.yaml new file mode 100644 index 00000000..b7e34423 --- /dev/null +++ b/mission-control/fixtures/permissions/allow-person-playbook.yaml @@ -0,0 +1,15 @@ +--- +# yaml-language-server: $schema=../../config/schemas/permission.schema.json +apiVersion: mission-control.flanksource.com/v1 +kind: Permission +metadata: + name: allow-user-foo-playbook-run +spec: + description: allow user foo to run playbooks + subject: + person: foo@bar.com + actions: + - playbook:* + object: + playbooks: + - name: "*" # this is a wildcard selector that matches any playbook diff --git a/mission-control/fixtures/permissions/tag-based-permission.yaml b/mission-control/fixtures/permissions/tag-based-permission.yaml new file mode 100644 index 00000000..8c8846b4 --- /dev/null +++ b/mission-control/fixtures/permissions/tag-based-permission.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: mission-control.flanksource.com/v1 +kind: Permission +metadata: + name: allow-production-team-tag-access +spec: + description: Allow production team to access resources tagged with production environment + subject: + person: prod-team@example.com + actions: + - read + - playbook:* + object: + tags: + environment: production diff --git a/netlify.toml b/netlify.toml index 7cb5a2da..ea81fa76 100644 --- a/netlify.toml +++ b/netlify.toml @@ -1,4 +1,4 @@ [build] -command = "make sync && cd mission-control && npm run build" +command = "make sync && ./generate-docs-files.sh && cd mission-control && npm run build" publish = "mission-control/build" environment = { NODE_VERSION = "v18.18.2" } From 4d67fab4f04a30069dad25c7fe5f4479e752ed49 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 14 Nov 2025 09:03:56 +0000 Subject: [PATCH 4/4] Use existing fixture files instead of generating new ones Co-authored-by: moshloop <1489660+moshloop@users.noreply.github.com> --- generate-docs-files.sh | 188 ------------------ .../permissions/concepts/multi-tenancy.md | 4 +- .../docs/guide/permissions/index.mdx | 4 +- .../docs/guide/playbooks/actions/ai.mdx | 2 +- .../docs/guide/playbooks/actions/gitops.mdx | 2 +- .../docs/guide/playbooks/index.mdx | 2 +- .../permissions/agent-based-permission.yaml | 15 -- .../permissions/allow-person-playbook.yaml | 15 -- .../permissions/tag-based-permission.yaml | 15 -- netlify.toml | 2 +- 10 files changed, 8 insertions(+), 241 deletions(-) delete mode 100755 generate-docs-files.sh delete mode 100644 mission-control/fixtures/permissions/agent-based-permission.yaml delete mode 100644 mission-control/fixtures/permissions/allow-person-playbook.yaml delete mode 100644 mission-control/fixtures/permissions/tag-based-permission.yaml diff --git a/generate-docs-files.sh b/generate-docs-files.sh deleted file mode 100755 index 5563b5e2..00000000 --- a/generate-docs-files.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/bash -# Script to generate missing fixture and playbook files for the documentation build - -set -e - -echo "Generating missing fixture files..." - -# Create missing permission fixtures -mkdir -p modules/mission-control/fixtures/permissions - -cat > modules/mission-control/fixtures/permissions/allow-person-playbook.yaml <<'EOF' ---- -# yaml-language-server: $schema=../../config/schemas/permission.schema.json -apiVersion: mission-control.flanksource.com/v1 -kind: Permission -metadata: - name: allow-user-foo-playbook-run -spec: - description: allow user foo to run playbooks - subject: - person: foo@bar.com - actions: - - playbook:* - object: - playbooks: - - name: "*" # this is a wildcard selector that matches any playbook -EOF - -cat > modules/mission-control/fixtures/permissions/agent-based-permission.yaml <<'EOF' ---- -apiVersion: mission-control.flanksource.com/v1 -kind: Permission -metadata: - name: allow-dev-team-agent-access -spec: - description: Allow development team to access resources from development environment agents - subject: - person: dev-team@example.com - actions: - - read - - playbook:* - object: - agents: - - name: dev-* # Wildcard selector for development agents -EOF - -cat > modules/mission-control/fixtures/permissions/tag-based-permission.yaml <<'EOF' ---- -apiVersion: mission-control.flanksource.com/v1 -kind: Permission -metadata: - name: allow-production-team-tag-access -spec: - description: Allow production team to access resources tagged with production environment - subject: - person: prod-team@example.com - actions: - - read - - playbook:* - object: - tags: - environment: production -EOF - -echo "Creating generated playbooks directory..." -mkdir -p modules/generated/playbooks - -cat > modules/generated/playbooks/recommend-playbook.yaml <<'EOF' -apiVersion: mission-control.flanksource.com/v1 -kind: Playbook -metadata: - name: recommend-playbook -spec: - title: Recommend Playbooks - description: Diagnoses the health of a resource using AI, and then recommends playbooks to fix the issue, sending the results to Slack - icon: bot - category: AI - configs: - - types: - - Kubernetes::Pod - - Kubernetes::Deployment - parameters: - - name: prompt - label: Prompt - default: Find out why $(.config.name) is unhealthy - properties: - multiline: 'true' - actions: - - name: analyse - ai: - formats: - - recommendPlaybook - recommendPlaybooks: - selector: - - name: "*" - connection: 'connection://mission-control/anthropic' - systemPrompt: 'You are a helpful assistant that analyzes Kubernetes resources and recommends playbooks to fix issues.' - playbooks: - - name: kubernetes-logs - prompt: '$(.params.prompt)' - changes: - since: 24h - analysis: - since: 24h - relationships: - - depth: 3 - direction: outgoing - changes: - since: 24h - analysis: - since: 24h - - depth: 5 - direction: incoming - changes: - since: 24h - analysis: - since: 24h - - name: send recommended playbooks - notification: - connection: 'connection://mission-control/slack' - title: Recommended playbooks - message: '$(getLastAction.result.recommendedPlaybooks)' -EOF - -cat > modules/generated/playbooks/kustomize-edit.yaml <<'EOF' -apiVersion: mission-control.flanksource.com/v1 -kind: Playbook -metadata: - name: kustomize-edit -spec: - title: 'Edit' - category: Flux - description: Updates the source of a GitOps managed object by submitting a Git PR - icon: flux - parameters: - - default: 'chore: update $(.config.type)/$(.config.name)' - label: Commit Message - name: commit_message - - # Retrieves the JSON configuration for the selected config item, passing it through the `neat` function - # to strip out runtime information like managedFields and status, and then converts back to YAML - # for easy editing - - default: $(.config.config | toJSON | neat | json | toYAML) - label: "YAML" - name: yamlInput - properties: - size: large - type: code - - # Lookup the Git repository from Flux source of the Kustomzation that created the select config item - - default: '$(.git.git.url)' - label: Git Repo - name: url - - # Lookup the path of the config item in the Git repository using origin annotations - - default: '$(.git.git.file)' - label: File - name: file - - configs: - # This playbook can only be run against Kubernetes objects created from a FluxCD Kustomization CRD - - labelSelector: 'kustomize.toolkit.fluxcd.io/name' - - actions: - - name: Create Pull Request With Changes - gitops: - repo: - connection: 'connection://mission-control/github' - url: '$(.params.url)' - branch: edit-manifest-$(random.Alpha 8) - commit: - # Use the user submitting the playbook as the author of the git commits - author: '$(.user.name)' - email: '$(.user.email)' - message: $(.params.commit_message) - pr: - title: '$(.params.commit_message)' - patches: - - path: '$(.params.file)' - # patch the file using YQ, finding the document in a multi-doc yaml file using Kind and Name - yq: | - select( - .kind=="$(.config.config | jq `.kind`)" and - .metadata.name=="$(.config.config | jq `.metadata.name`)" - ) |= $(.params.yamlInput | yaml | toJSON) -EOF - -echo "Generated files created successfully!" diff --git a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md index 722c6486..38f3a2d4 100644 --- a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md +++ b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md @@ -16,7 +16,7 @@ For example, you might have: - Regional teams that should only see resources from agents in their geographic location - Client-specific teams that should only interact with agents deployed in their infrastructure -```yaml title="agent-based-permission.yaml" file=/modules/mission-control/fixtures/permissions/agent-based-permission.yaml +```yaml title="agent-based-permission.yaml" file=/modules/mission-control/fixtures/permissions/scope.yaml ``` @@ -32,7 +32,7 @@ Tags can represent various attributes such as: - Client identifier (client-a, client-b) - Clusters -```yaml title="tag-based-permission.yaml" file=/modules/mission-control/fixtures/permissions/tag-based-permission.yaml +```yaml title="tag-based-permission.yaml" file=/modules/mission-control/fixtures/permissions/scope.yaml ``` diff --git a/mission-control/docs/guide/permissions/index.mdx b/mission-control/docs/guide/permissions/index.mdx index 7c69ba01..58f3f080 100644 --- a/mission-control/docs/guide/permissions/index.mdx +++ b/mission-control/docs/guide/permissions/index.mdx @@ -19,7 +19,7 @@ detailed ABAC rules let you define exactly which playbooks specific users or tea You can manage Permissions through the UI and using CRDs. -```yaml title="permission.yaml" file=/modules/mission-control/fixtures/permissions/allow-person-playbook.yaml +```yaml title="permission.yaml" file=/modules/mission-control/fixtures/permissions/deny-person-playbook.yaml ``` A Permission has 4 parts: @@ -194,7 +194,7 @@ A permission can target multiple objects, while a subject can only target one. If you define multiple objects, Mission Control grants the permission only if the request matches all defined objects. In other words, Mission Control applies an AND condition to the objects. -```yaml file=/modules/mission-control/fixtures/permissions/allow-person-playbook.yaml {14-20} +```yaml file=/modules/mission-control/fixtures/permissions/deny-person-playbook.yaml {14-16} ``` This permission object allows running all playbooks but **only on configs in the "mission-control" namespace**. diff --git a/mission-control/docs/guide/playbooks/actions/ai.mdx b/mission-control/docs/guide/playbooks/actions/ai.mdx index 1ffaf034..f15b6d0e 100644 --- a/mission-control/docs/guide/playbooks/actions/ai.mdx +++ b/mission-control/docs/guide/playbooks/actions/ai.mdx @@ -20,7 +20,7 @@ AI Action allows you to integrate AI capabilities into your playbooks by leverag This comprehensive context enables AI models to provide more informed analysis and insights about your infrastructure state and relationships. For example, when a Kubernetes pod fails, it examines the pod spec, ConfigMap changes, service logs together, revealing patterns that single-component analysis might overlook. -```yaml title="context-provider-playbook.yaml" file=/modules/generated/playbooks/recommend-playbook.yaml +```yaml title="context-provider-playbook.yaml" file=/modules/mission-control-registry/charts/playbooks-ai/templates/recommend-playbooks.yaml ``` /modules/generated/playbooks/kustomize-edit.yaml +```yaml title="edit-kubernetes-manifests-gitops.yaml" file=/modules/mission-control-registry/charts/playbooks-flux/templates/edit.yaml ``` /modules/mission-control/fixtures/permissions/allow-person-playbook.yaml +```yaml title="playbook-permissions.yaml" file=/modules/mission-control/fixtures/permissions/deny-person-playbook.yaml ``` ### Required Permissions diff --git a/mission-control/fixtures/permissions/agent-based-permission.yaml b/mission-control/fixtures/permissions/agent-based-permission.yaml deleted file mode 100644 index 26c4f651..00000000 --- a/mission-control/fixtures/permissions/agent-based-permission.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: mission-control.flanksource.com/v1 -kind: Permission -metadata: - name: allow-dev-team-agent-access -spec: - description: Allow development team to access resources from development environment agents - subject: - person: dev-team@example.com - actions: - - read - - playbook:* - object: - agents: - - name: dev-* # Wildcard selector for development agents diff --git a/mission-control/fixtures/permissions/allow-person-playbook.yaml b/mission-control/fixtures/permissions/allow-person-playbook.yaml deleted file mode 100644 index b7e34423..00000000 --- a/mission-control/fixtures/permissions/allow-person-playbook.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=../../config/schemas/permission.schema.json -apiVersion: mission-control.flanksource.com/v1 -kind: Permission -metadata: - name: allow-user-foo-playbook-run -spec: - description: allow user foo to run playbooks - subject: - person: foo@bar.com - actions: - - playbook:* - object: - playbooks: - - name: "*" # this is a wildcard selector that matches any playbook diff --git a/mission-control/fixtures/permissions/tag-based-permission.yaml b/mission-control/fixtures/permissions/tag-based-permission.yaml deleted file mode 100644 index 8c8846b4..00000000 --- a/mission-control/fixtures/permissions/tag-based-permission.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: mission-control.flanksource.com/v1 -kind: Permission -metadata: - name: allow-production-team-tag-access -spec: - description: Allow production team to access resources tagged with production environment - subject: - person: prod-team@example.com - actions: - - read - - playbook:* - object: - tags: - environment: production diff --git a/netlify.toml b/netlify.toml index ea81fa76..7cb5a2da 100644 --- a/netlify.toml +++ b/netlify.toml @@ -1,4 +1,4 @@ [build] -command = "make sync && ./generate-docs-files.sh && cd mission-control && npm run build" +command = "make sync && cd mission-control && npm run build" publish = "mission-control/build" environment = { NODE_VERSION = "v18.18.2" }