Add kubectl-grafana Plugin (#53)

Author: ricoberger

.github/workflows/kubectl-grafana.yml

@@ -0,0 +1,55 @@
+---
+name: Continuous Delivery
+
+on:
+  pull_request:
+  release:
+    types:
+      - published
+
+jobs:
+  kubectl-grafana:
+    name: kubectl-grafana
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+          cache-dependency-path: go.sum
+
+      - name: Install Dependencies
+        run: |
+          go mod download
+
+      - name: Build
+        run: |
+          go tool mage -v buildAllKubectl
+
+          cd ./dist/kubectl-grafana
+          tar -czf ../../kubectl-grafana.tar.gz *
+
+      - name: Upload Artifact (PR)
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: kubectl-grafana.tar.gz
+          path: kubectl-grafana.tar.gz
+          if-no-files-found: error
+
+      - name: Upload Artifact (Release)
+        uses: shogo82148/actions-upload-release-asset@v1
+        if:
+          ${{ github.event_name == 'release' && github.event.action ==
+          'published' }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: kubectl-grafana.tar.gz

Magefile.go

@@ -4,9 +4,129 @@
 package main
 
 import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"os/exec"
+	"os/user"
+	"path/filepath"
+	"time"
+
 	// mage:import
 	build "github.com/grafana/grafana-plugin-sdk-go/build"
+	"github.com/magefile/mage/mg"
+	"github.com/magefile/mage/sh"
 )
 
 // Default configures the default target.
 var Default = build.BuildAll
+
+// Config holds the setup variables required for a build
+type Config struct {
+	OS   string // GOOS
+	Arch string // GOOS
+}
+
+// BeforeBuildCallback hooks into the build process
+type BeforeBuildCallback func(cfg Config) (Config, error)
+
+func newBuildConfig(os string, arch string) Config {
+	return Config{
+		OS:   os,
+		Arch: arch,
+	}
+}
+
+func getVersion() string {
+	packageJson := make(map[string]any)
+
+	packageJsonFile, err := os.Open("package.json")
+	if err != nil {
+		return ""
+	}
+
+	jsonParser := json.NewDecoder(packageJsonFile)
+	if err = jsonParser.Decode(&packageJson); err != nil {
+		return ""
+	}
+
+	return packageJson["version"].(string)
+}
+
+func getGitInfo(args ...string) string {
+	out, err := exec.CommandContext(context.Background(), "git", args...).Output()
+	if err != nil {
+		return ""
+	}
+
+	return string(out)
+}
+
+func buildBackend(cfg Config) error {
+	env := map[string]string{
+		"GOARCH":      cfg.Arch,
+		"GOOS":        cfg.OS,
+		"CGO_ENABLED": "0",
+	}
+
+	version := getVersion()
+	revision := getGitInfo("rev-parse", "HEAD")
+	branch := getGitInfo("rev-parse", "--abbrev-ref", "HEAD")
+	buildDate := time.Now().Format(time.RFC3339)
+
+	buildUser := ""
+	user, _ := user.Current()
+	if user != nil {
+		buildUser = user.Username
+	}
+
+	args := []string{
+		"build",
+		"-o",
+		filepath.Join("dist", "kubectl-grafana", fmt.Sprintf("kubectl-grafana-%s-%s", cfg.OS, cfg.Arch)),
+		"-ldflags",
+		fmt.Sprintf(`-w -s -extldflags "-static" -X github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/version.Version=%s -X github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/version.Revision=%s -X github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/version.Branch=%s -X github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/version.BuildUser=%s -X github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/version.BuildDate=%s`, version, revision, branch, buildUser, buildDate),
+		"./cmd/kubectl-grafana",
+	}
+
+	return sh.RunWithV(env, "go", args...)
+}
+
+// BuildKubectl is a namespace.
+type BuildKubectl mg.Namespace
+
+// Linux builds the kubectl plugin for Linux.
+func (BuildKubectl) Linux() error {
+	return buildBackend(newBuildConfig("linux", "amd64"))
+}
+
+// LinuxARM builds the kubectl plugin for Linux on ARM.
+func (BuildKubectl) LinuxARM() error {
+	return buildBackend(newBuildConfig("linux", "arm"))
+}
+
+// LinuxARM64 builds the kubectl plugin for Linux on ARM64.
+func (BuildKubectl) LinuxARM64() error {
+	return buildBackend(newBuildConfig("linux", "arm64"))
+}
+
+// Windows builds the kubectl plugin for Windows.
+func (BuildKubectl) Windows() error {
+	return buildBackend(newBuildConfig("windows", "amd64"))
+}
+
+// Darwin builds the kubectl plugin for OSX on AMD64.
+func (BuildKubectl) Darwin() error {
+	return buildBackend(newBuildConfig("darwin", "amd64"))
+}
+
+// DarwinARM64 builds the kubectl plugin for OSX on ARM (M1/M2).
+func (BuildKubectl) DarwinARM64() error {
+	return buildBackend(newBuildConfig("darwin", "arm64"))
+}
+
+func BuildAllKubectl() {
+	b := BuildKubectl{}
+	mg.Deps(b.Linux, b.Windows, b.Darwin, b.DarwinARM64, b.LinuxARM64, b.LinuxARM)
+}

cmd/kubectl-grafana/kubeconfig/kubeconfig.go

@@ -0,0 +1,116 @@
+package kubeconfig
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+
+	"github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/utils"
+
+	k8sruntime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdlatest "k8s.io/client-go/tools/clientcmd/api/latest"
+	"sigs.k8s.io/yaml"
+)
+
+type Cmd struct {
+	Url        string `default:"" help:"Url of the Grafana instance, e.g. \"https://grafana.ricoberger.de/\"."`
+	Datasource string `default:"kubernetes" help:"Uid of the Kubernetes datasource."`
+	Kubeconfig string `default:"$HOME/.kube/config" help:"The file to which the Kubeconfig should be written."`
+}
+
+func (r *Cmd) Run() error {
+	// Validate that all required command-line flags are set. If a flag is
+	// missing return an error.
+	if r.Url == "" {
+		return fmt.Errorf("url is required")
+	}
+	if r.Datasource == "" {
+		return fmt.Errorf("datasource is required")
+	}
+	if r.Kubeconfig == "" {
+		return fmt.Errorf("kubeconfig is required")
+	}
+
+	// Create the url, which can be used to download the Kubeconfig from the
+	// Grafana instance. It is important to set the "type=exec" and
+	// "redirect=http://localhost:11716" query parameters, so that Grafana
+	// redirects the Kubeconfig to our local HTTP server.
+	kubeconfigUrl := fmt.Sprintf("%sapi/datasources/uid/%s/resources/kubernetes/kubeconfig?type=exec&redirect=%s", r.Url, r.Datasource, url.QueryEscape("http://localhost:11716"))
+	kubeconfigFile := utils.ExpandEnv(r.Kubeconfig)
+	doneChannel := make(chan error)
+
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		// When the function is done, send the error (if any) to the
+		// "doneChannel", so that the main function can exit.
+		var err error
+
+		defer func() {
+			doneChannel <- err
+		}()
+
+		// Extrace the "kubeconfig" query parameter from the redirect request
+		// and return an error if it is missing.
+		kubeconfigParam := r.URL.Query().Get("kubeconfig")
+		if kubeconfigParam == "" {
+			err = fmt.Errorf("kubeconfig parameter is missing in redirect")
+			return
+		}
+
+		// Create a temporary file, which contains the Kubeconfig downloaded
+		// from Grafana in YAML format.
+		tmpKubeconfig, err := yaml.JSONToYAML([]byte(kubeconfigParam))
+		if err != nil {
+			return
+		}
+
+		f, err := os.CreateTemp("", "tmp-kubeconfig.yaml")
+		if err != nil {
+			return
+		}
+		defer os.Remove(f.Name())
+
+		if _, err := f.Write(tmpKubeconfig); err != nil {
+			return
+		}
+		defer f.Close()
+
+		// Load the temporary Kubeconfig file and merge it with the existing
+		// Kubeconfig file (if it exists). The merged Kubeconfig is then
+		// written back to the original Kubeconfig file.
+		loadingRules := clientcmd.ClientConfigLoadingRules{
+			Precedence: []string{f.Name(), kubeconfigFile},
+		}
+		mergedConfig, err := loadingRules.Load()
+		if err != nil {
+			return
+		}
+
+		json, err := k8sruntime.Encode(clientcmdlatest.Codec, mergedConfig)
+		if err != nil {
+			return
+		}
+		output, err := yaml.JSONToYAML(json)
+		if err != nil {
+			return
+		}
+
+		if err := os.WriteFile(kubeconfigFile, output, 0600); err != nil {
+			return
+		}
+
+		fmt.Fprintf(w, "Kubeconfig was saved to %s", kubeconfigFile)
+	})
+
+	// Start the HTTP server, which listens for the redirect from Grafana on
+	// port 11716.
+	// #nosec G114
+	go http.ListenAndServe(":11716", nil)
+
+	// Open the url in the users default browser and wait until Grafana
+	// redirects the user to our local HTTP server.
+	utils.OpenUrl(kubeconfigUrl)
+	err := <-doneChannel
+	return err
+}

cmd/kubectl-grafana/main.go

@@ -0,0 +1,28 @@
+package main
+
+import (
+	"log/slog"
+	"os"
+
+	"github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/kubeconfig"
+	"github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/token"
+	"github.com/ricoberger/grafana-kubernetes-plugin/cmd/kubectl-grafana/version"
+
+	"github.com/alecthomas/kong"
+	_ "github.com/joho/godotenv/autoload"
+)
+
+var cli struct {
+	Kubeconfig kubeconfig.Cmd `cmd:"kubeconfig" help:"Download a Kubeconfig from a Grafana instance with the \"Grafana Kubernetes Plugin\" installed."`
+	Token      token.Cmd      `cmd:"token" help:"Generate \"ExecCredential\" for a Kubeconfig downloaded via the \"kubeconfig\" command."`
+	Version    version.Cmd    `cmd:"version" help:"Show version information."`
+}
+
+func main() {
+	ctx := kong.Parse(&cli, kong.Name("kubectl grafana"))
+	err := ctx.Run()
+	if err != nil {
+		slog.Error("Failed to run command", slog.Any("error", err))
+		os.Exit(1)
+	}
+}

cmd/kubectl-grafana/token/cache.go

@@ -0,0 +1,61 @@
+package token
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"time"
+
+	clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1"
+)
+
+type Cache struct {
+	cacheFile string
+}
+
+func NewCache(name string) (*Cache, error) {
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		return nil, err
+	}
+
+	cacheDir := filepath.Join(homeDir, ".kube", "cache", "kubectl-grafana")
+	if err := os.MkdirAll(cacheDir, 0700); err != nil {
+		return nil, err
+	}
+
+	return &Cache{
+		cacheFile: filepath.Join(cacheDir, name),
+	}, nil
+}
+
+func (c *Cache) Get() (*clientauthenticationv1.ExecCredential, error) {
+	data, err := os.ReadFile(c.cacheFile)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, nil
+		}
+		return nil, err
+	}
+
+	var execCredential clientauthenticationv1.ExecCredential
+	if err := json.Unmarshal(data, &execCredential); err != nil {
+		return nil, err
+	}
+
+	if execCredential.Status != nil && execCredential.Status.ExpirationTimestamp != nil {
+		if time.Now().After(execCredential.Status.ExpirationTimestamp.Time) {
+			return nil, nil
+		}
+	}
+
+	return &execCredential, nil
+}
+
+func (c *Cache) Set(credentials string) error {
+	if err := os.WriteFile(c.cacheFile, []byte(credentials), 0600); err != nil {
+		return err
+	}
+
+	return nil
+}