PyPI - kubectl-mcp-server - Versions diffs - 1.23.0__py3-none-any.whl → 1.23.1__py3-none-any.whl - Mend

kubectl-mcp-server 1.23.0py3-none-any.whl → 1.23.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

{kubectl_mcp_server-1.23.0.dist-info → kubectl_mcp_server-1.23.1.dist-info}/METADATA +1 -1
{kubectl_mcp_server-1.23.0.dist-info → kubectl_mcp_server-1.23.1.dist-info}/RECORD +28 -27
kubectl_mcp_tool/__init__.py +1 -1
kubectl_mcp_tool/mcp_server.py +8 -24
kubectl_mcp_tool/providers.py +0 -1
kubectl_mcp_tool/safety.py +1 -53
kubectl_mcp_tool/tools/_cli_utils.py +75 -0
kubectl_mcp_tool/tools/cluster.py +2 -8
kubectl_mcp_tool/tools/core.py +2 -8
kubectl_mcp_tool/tools/cost.py +5 -12
kubectl_mcp_tool/tools/deployments.py +2 -8
kubectl_mcp_tool/tools/diagnostics.py +2 -9
kubectl_mcp_tool/tools/helm.py +44 -44
kubectl_mcp_tool/tools/kind.py +4 -8
kubectl_mcp_tool/tools/networking.py +18 -14
kubectl_mcp_tool/tools/operations.py +39 -13
kubectl_mcp_tool/tools/pods.py +9 -12
kubectl_mcp_tool/tools/vind.py +2 -7
tests/test_browser.py +2 -3
tests/test_ecosystem.py +2 -4
tests/test_mcp_integration.py +4 -26
tests/test_safety.py +0 -120
tests/test_server.py +4 -5
tests/test_tools.py +48 -40
{kubectl_mcp_server-1.23.0.dist-info → kubectl_mcp_server-1.23.1.dist-info}/WHEEL +0 -0
{kubectl_mcp_server-1.23.0.dist-info → kubectl_mcp_server-1.23.1.dist-info}/entry_points.txt +0 -0
{kubectl_mcp_server-1.23.0.dist-info → kubectl_mcp_server-1.23.1.dist-info}/licenses/LICENSE +0 -0
{kubectl_mcp_server-1.23.0.dist-info → kubectl_mcp_server-1.23.1.dist-info}/top_level.txt +0 -0

kubectl_mcp_tool/tools/networking.py CHANGED Viewed

@@ -4,19 +4,12 @@ from typing import Any, Dict, List, Optional
 from mcp.types import ToolAnnotations
-from ..k8s_config import get_k8s_client, get_networking_client
+from ..k8s_config import get_k8s_client, get_networking_client, _get_kubectl_context_args
 logger = logging.getLogger("mcp-server")
-def _get_kubectl_context_args(context: str) -> List[str]:
-    """Get kubectl context arguments if context is specified."""
-    if context:
-        return ["--context", context]
-    return []
-def register_networking_tools(server, non_destructive: bool):
+def register_networking_tools(server: "FastMCP", non_destructive: bool):
     """Register networking-related tools."""
     @server.tool(
@@ -271,7 +264,7 @@ def register_networking_tools(server, non_destructive: bool):
             # Get endpoints
             try:
                 endpoints = v1.read_namespaced_endpoints(service_name, namespace)
-            except:
+            except Exception:
                 endpoints = None
             # Get pods matching selector
@@ -354,11 +347,22 @@ def register_networking_tools(server, non_destructive: bool):
             namespace: Namespace of the pod
             context: Kubernetes context to use (uses current context if not specified)
         """
+        if non_destructive:
+            return {
+                "success": False,
+                "error": "port_forward is not allowed in non-destructive mode"
+            }
         try:
-            import os
-            ctx_args = " ".join(_get_kubectl_context_args(context))
-            cmd = f"kubectl {ctx_args} port-forward {pod_name} {local_port}:{pod_port} -n {namespace} &"
-            os.system(cmd)
+            cmd = ["kubectl"] + _get_kubectl_context_args(context) + [
+                "port-forward", pod_name,
+                f"{int(local_port)}:{int(pod_port)}",
+                "-n", namespace
+            ]
+            subprocess.Popen(
+                cmd,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+            )
             return {
                 "success": True,
                 "context": context or "current",

kubectl_mcp_tool/tools/operations.py CHANGED Viewed

@@ -7,17 +7,12 @@ from typing import Any, Dict, List, Optional
 from mcp.types import ToolAnnotations
-logger = logging.getLogger("mcp-server")
+from kubectl_mcp_tool.k8s_config import _get_kubectl_context_args
-def _get_kubectl_context_args(context: str) -> List[str]:
-    """Get kubectl context arguments if context is specified."""
-    if context:
-        return ["--context", context]
-    return []
+logger = logging.getLogger("mcp-server")
-def register_operations_tools(server, non_destructive: bool):
+def register_operations_tools(server: "FastMCP", non_destructive: bool):
     """Register kubectl operations tools (apply, describe, patch, etc.)."""
     def check_destructive():
@@ -43,6 +38,7 @@ def register_operations_tools(server, non_destructive: bool):
         blocked = check_destructive()
         if blocked:
             return blocked
+        temp_path = None
         try:
             with tempfile.NamedTemporaryFile(mode='w', suffix='.yaml', delete=False) as f:
                 f.write(manifest)
@@ -51,8 +47,6 @@ def register_operations_tools(server, non_destructive: bool):
             cmd = ["kubectl"] + _get_kubectl_context_args(context) + ["apply", "-f", temp_path, "-n", namespace]
             result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
-            os.unlink(temp_path)
             if result.returncode == 0:
                 return {"success": True, "context": context or "current", "output": result.stdout.strip()}
             else:
@@ -60,6 +54,12 @@ def register_operations_tools(server, non_destructive: bool):
         except Exception as e:
             logger.error(f"Error applying manifest: {e}")
             return {"success": False, "error": str(e)}
+        finally:
+            if temp_path:
+                try:
+                    os.unlink(temp_path)
+                except OSError:
+                    pass
     @server.tool(
         annotations=ToolAnnotations(
@@ -105,7 +105,12 @@ def register_operations_tools(server, non_destructive: bool):
             # Security: validate command starts with allowed operations
             allowed_prefixes = [
                 "get", "describe", "logs", "top", "explain", "api-resources",
-                "config", "version", "cluster-info", "auth"
+                "version", "cluster-info"
+            ]
+            allowed_auth_subcommands = ["can-i"]
+            allowed_config_subcommands = [
+                "config view", "config current-context", "config get-contexts",
+                "config get-clusters", "config use-context"
             ]
             cmd_parts = shlex.split(command)
             if not cmd_parts:
@@ -115,10 +120,31 @@ def register_operations_tools(server, non_destructive: bool):
             if cmd_parts[0] == "kubectl":
                 cmd_parts = cmd_parts[1:]
-            if not cmd_parts or cmd_parts[0] not in allowed_prefixes:
+            if not cmd_parts:
+                return {"success": False, "error": "Empty command"}
+            if cmd_parts[0] == "config":
+                cmd_prefix = " ".join(cmd_parts[:2])
+                if cmd_prefix not in allowed_config_subcommands:
+                    return {
+                        "success": False,
+                        "error": f"Config subcommand not allowed. Allowed: {', '.join(allowed_config_subcommands)}"
+                    }
+                if "--raw" in cmd_parts:
+                    return {
+                        "success": False,
+                        "error": "config view --raw is not allowed (may expose secrets)"
+                    }
+            elif cmd_parts[0] == "auth":
+                if len(cmd_parts) < 2 or cmd_parts[1] not in allowed_auth_subcommands:
+                    return {
+                        "success": False,
+                        "error": f"Auth subcommand not allowed. Allowed: {', '.join(allowed_auth_subcommands)}"
+                    }
+            elif cmd_parts[0] not in allowed_prefixes:
                 return {
                     "success": False,
-                    "error": f"Command not allowed. Allowed: {', '.join(allowed_prefixes)}"
+                    "error": f"Command not allowed. Allowed: {', '.join(allowed_prefixes + ['config', 'auth can-i'])}"
                 }
             full_cmd = ["kubectl"] + _get_kubectl_context_args(context) + cmd_parts

kubectl_mcp_tool/tools/pods.py CHANGED Viewed

@@ -8,24 +8,17 @@ import json
 import logging
 import shlex
 import subprocess
-from typing import Any, Callable, Dict, List, Optional
+from typing import Any, Dict, List, Optional
 from mcp.types import ToolAnnotations
-from kubectl_mcp_tool.k8s_config import get_k8s_client
+from kubectl_mcp_tool.k8s_config import get_k8s_client, _get_kubectl_context_args
 logger = logging.getLogger("mcp-server")
-def _get_kubectl_context_args(context: str = "") -> List[str]:
-    """Get kubectl context arguments."""
-    if context:
-        return ["--context", context]
-    return []
 def register_pod_tools(
-    server,
+    server: "FastMCP",
     non_destructive: bool
 ):
     """Register all Pod-related tools with the MCP server.
@@ -210,6 +203,8 @@ def register_pod_tools(
             container: Container name (for multi-container pods)
             context: Kubernetes context to use (uses current context if not specified)
         """
+        if non_destructive:
+            return {"success": False, "error": "Blocked: non-destructive mode"}
         try:
             cmd = ["kubectl"] + _get_kubectl_context_args(context) + [
                 "exec", pod_name, "-n", namespace
@@ -778,8 +773,10 @@ def register_pod_tools(
                 },
                 "evictedPods": evicted,
                 "recommendations": [
-                    "DiskPressure: Clean up disk space or increase ephemeral-storage limits" if "DiskPressure" in by_reason else None,
-                    "MemoryPressure: Increase memory limits or add more nodes" if "MemoryPressure" in by_reason else None
+                    rec for rec in [
+                        "DiskPressure: Clean up disk space or increase ephemeral-storage limits" if "DiskPressure" in by_reason else None,
+                        "MemoryPressure: Increase memory limits or add more nodes" if "MemoryPressure" in by_reason else None
+                    ] if rec is not None
                 ]
             }
         except Exception as e:

kubectl_mcp_tool/tools/vind.py CHANGED Viewed

@@ -9,12 +9,7 @@ import json
 import re
 from typing import Dict, Any, List, Optional
-try:
-    from fastmcp import FastMCP
-    from fastmcp.tools import ToolAnnotations
-except ImportError:
-    from mcp.server.fastmcp import FastMCP
-    from mcp.types import ToolAnnotations
+from mcp.types import ToolAnnotations
 def _vcluster_available() -> bool:
@@ -584,7 +579,7 @@ def vind_platform_start(
     return result
-def register_vind_tools(mcp: FastMCP, non_destructive: bool = False):
+def register_vind_tools(mcp: "FastMCP", non_destructive: bool = False):
     """Register vind (vCluster in Docker) tools with the MCP server."""
     @mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))

tests/test_browser.py CHANGED Viewed

@@ -501,11 +501,10 @@ class TestServerIntegration:
                         tools = asyncio.run(server.server.list_tools())
                         tool_names = [t.name for t in tools]
-                        # Should have browser tools (224 + 26 = 250)
                         assert "browser_open" in tool_names
                         assert "browser_screenshot" in tool_names
-                        assert "browser_connect_cdp" in tool_names  # v0.7 tool
-                        assert len(tools) == 250, f"Expected 250 tools (224 + 26), got {len(tools)}"
+                        assert "browser_connect_cdp" in tool_names
+                        assert len(tools) == 301, f"Expected 301 tools (275 + 26), got {len(tools)}"
 import asyncio

tests/test_ecosystem.py CHANGED Viewed

@@ -153,9 +153,8 @@ class TestGitOpsTools:
         from kubectl_mcp_tool.mcp_server import MCPServer
         with patch("kubectl_mcp_tool.mcp_server.MCPServer._check_dependencies", return_value=True):
-            server = MCPServer(name="test", non_destructive=True)
+            server = MCPServer(name="test", disable_destructive=True)
-        # Server should initialize with non_destructive=True
         assert server.non_destructive is True
@@ -263,9 +262,8 @@ class TestBackupTools:
         from kubectl_mcp_tool.mcp_server import MCPServer
         with patch("kubectl_mcp_tool.mcp_server.MCPServer._check_dependencies", return_value=True):
-            server = MCPServer(name="test", non_destructive=True)
+            server = MCPServer(name="test", disable_destructive=True)
-        # Server should initialize with non_destructive=True
         assert server.non_destructive is True

tests/test_mcp_integration.py CHANGED Viewed

@@ -205,7 +205,7 @@ class TestMCPServerSafety:
     """Test safety mode integration in MCP server."""
     def test_safety_mode_info(self):
-        """Test safety mode info retrieval."""
+        """Test safety mode info for all modes."""
         from kubectl_mcp_tool.safety import (
             SafetyMode,
             set_safety_mode,
@@ -223,29 +223,7 @@ class TestMCPServerSafety:
         assert info["mode"] == "read_only"
         assert len(info["blocked_operations"]) > 0
-    def test_operation_allowed_check(self):
-        """Test operation allowed check."""
-        from kubectl_mcp_tool.safety import (
-            SafetyMode,
-            set_safety_mode,
-            is_operation_allowed,
-        )
-        set_safety_mode(SafetyMode.NORMAL)
-        allowed, reason = is_operation_allowed("delete_pod")
-        assert allowed is True
-        assert reason == ""
-        set_safety_mode(SafetyMode.READ_ONLY)
-        allowed, reason = is_operation_allowed("delete_pod")
-        assert allowed is False
-        assert "blocked" in reason.lower()
         set_safety_mode(SafetyMode.DISABLE_DESTRUCTIVE)
-        allowed, reason = is_operation_allowed("delete_pod")
-        assert allowed is False
-        assert "blocked" in reason.lower()
-        # Non-destructive write should be allowed
-        allowed, reason = is_operation_allowed("create_deployment")
-        assert allowed is True
+        info = get_mode_info()
+        assert info["mode"] == "disable_destructive"
+        assert "delete_pod" in info["blocked_operations"]

tests/test_safety.py CHANGED Viewed

@@ -5,8 +5,6 @@ from kubectl_mcp_tool.safety import (
     SafetyMode,
     get_safety_mode,
     set_safety_mode,
-    is_operation_allowed,
-    check_safety_mode,
     get_mode_info,
     WRITE_OPERATIONS,
     DESTRUCTIVE_OPERATIONS,
@@ -35,124 +33,6 @@ class TestSafetyMode:
         assert get_safety_mode() == SafetyMode.DISABLE_DESTRUCTIVE
-class TestOperationAllowed:
-    """Test is_operation_allowed function."""
-    def setup_method(self):
-        """Reset safety mode to NORMAL before each test."""
-        set_safety_mode(SafetyMode.NORMAL)
-    def test_all_operations_allowed_in_normal_mode(self):
-        """Test that all operations are allowed in NORMAL mode."""
-        for op in WRITE_OPERATIONS | DESTRUCTIVE_OPERATIONS:
-            allowed, reason = is_operation_allowed(op)
-            assert allowed is True
-            assert reason == ""
-    def test_read_operations_allowed_in_all_modes(self):
-        """Test that read operations are allowed in all modes."""
-        read_ops = ["get_pods", "list_namespaces", "describe_deployment", "get_logs"]
-        for mode in SafetyMode:
-            set_safety_mode(mode)
-            for op in read_ops:
-                allowed, reason = is_operation_allowed(op)
-                assert allowed is True
-    def test_write_operations_blocked_in_read_only_mode(self):
-        """Test that write operations are blocked in READ_ONLY mode."""
-        set_safety_mode(SafetyMode.READ_ONLY)
-        for op in WRITE_OPERATIONS:
-            allowed, reason = is_operation_allowed(op)
-            assert allowed is False
-            assert "read-only mode" in reason
-    def test_destructive_operations_blocked_in_read_only_mode(self):
-        """Test that destructive operations are blocked in READ_ONLY mode."""
-        set_safety_mode(SafetyMode.READ_ONLY)
-        for op in DESTRUCTIVE_OPERATIONS:
-            allowed, reason = is_operation_allowed(op)
-            assert allowed is False
-            assert "read-only mode" in reason
-    def test_write_operations_allowed_in_disable_destructive_mode(self):
-        """Test that non-destructive write operations are allowed in DISABLE_DESTRUCTIVE mode."""
-        set_safety_mode(SafetyMode.DISABLE_DESTRUCTIVE)
-        # Operations that are write but not destructive
-        non_destructive_writes = WRITE_OPERATIONS - DESTRUCTIVE_OPERATIONS
-        for op in non_destructive_writes:
-            allowed, reason = is_operation_allowed(op)
-            assert allowed is True
-    def test_destructive_operations_blocked_in_disable_destructive_mode(self):
-        """Test that destructive operations are blocked in DISABLE_DESTRUCTIVE mode."""
-        set_safety_mode(SafetyMode.DISABLE_DESTRUCTIVE)
-        for op in DESTRUCTIVE_OPERATIONS:
-            allowed, reason = is_operation_allowed(op)
-            assert allowed is False
-            assert "destructive operations are disabled" in reason
-class TestCheckSafetyModeDecorator:
-    """Test the check_safety_mode decorator."""
-    def setup_method(self):
-        """Reset safety mode to NORMAL before each test."""
-        set_safety_mode(SafetyMode.NORMAL)
-    def test_decorator_allows_in_normal_mode(self):
-        """Test that decorated function executes in NORMAL mode."""
-        @check_safety_mode
-        def delete_pod():
-            return {"success": True, "message": "Pod deleted"}
-        result = delete_pod()
-        assert result["success"] is True
-        assert result["message"] == "Pod deleted"
-    def test_decorator_blocks_write_in_read_only_mode(self):
-        """Test that decorated function is blocked in READ_ONLY mode."""
-        set_safety_mode(SafetyMode.READ_ONLY)
-        @check_safety_mode
-        def run_pod():
-            return {"success": True, "message": "Pod created"}
-        result = run_pod()
-        assert result["success"] is False
-        assert "blocked" in result["error"]
-        assert result["blocked_by"] == "read_only"
-        assert result["operation"] == "run_pod"
-    def test_decorator_blocks_destructive_in_disable_destructive_mode(self):
-        """Test that destructive operations are blocked."""
-        set_safety_mode(SafetyMode.DISABLE_DESTRUCTIVE)
-        @check_safety_mode
-        def delete_deployment():
-            return {"success": True, "message": "Deployment deleted"}
-        result = delete_deployment()
-        assert result["success"] is False
-        assert "blocked" in result["error"]
-        assert result["blocked_by"] == "disable_destructive"
-    def test_decorator_allows_non_destructive_write_in_disable_destructive_mode(self):
-        """Test that non-destructive writes are allowed in DISABLE_DESTRUCTIVE mode."""
-        set_safety_mode(SafetyMode.DISABLE_DESTRUCTIVE)
-        @check_safety_mode
-        def scale_deployment():
-            return {"success": True, "message": "Deployment scaled"}
-        result = scale_deployment()
-        assert result["success"] is True
 class TestGetModeInfo:
     """Test get_mode_info function."""

tests/test_server.py CHANGED Viewed

@@ -57,7 +57,7 @@ class TestServerInitialization:
         with patch("kubectl_mcp_tool.mcp_server.MCPServer._check_dependencies", return_value=True):
             with patch("kubernetes.config.load_kube_config"):
-                server = MCPServer(name="test", non_destructive=True)
+                server = MCPServer(name="test", disable_destructive=True)
         assert server.non_destructive is True
@@ -215,7 +215,7 @@ class TestNonDestructiveMode:
         with patch("kubectl_mcp_tool.mcp_server.MCPServer._check_dependencies", return_value=True):
             with patch("kubernetes.config.load_kube_config"):
-                server = MCPServer(name="test", non_destructive=False)
+                server = MCPServer(name="test")
         result = server._check_destructive()
         assert result is None
@@ -227,12 +227,11 @@ class TestNonDestructiveMode:
         with patch("kubectl_mcp_tool.mcp_server.MCPServer._check_dependencies", return_value=True):
             with patch("kubernetes.config.load_kube_config"):
-                server = MCPServer(name="test", non_destructive=True)
+                server = MCPServer(name="test", disable_destructive=True)
         result = server._check_destructive()
         assert result is not None
         assert result["success"] is False
-        assert "non-destructive mode" in result["error"]
 class TestSecretMasking:
@@ -349,7 +348,7 @@ class TestServerConfiguration:
             with patch("kubernetes.config.load_kube_config"):
                 server = MCPServer(
                     name="custom-server",
-                    non_destructive=True
+                    disable_destructive=True
                 )
         assert server.name == "custom-server"

kubectl-mcp-server 1.23.0__py3-none-any.whl → 1.23.1__py3-none-any.whl

kubectl-mcp-server 1.23.0py3-none-any.whl → 1.23.1py3-none-any.whl