feat(kubevirt): add tool for QEMU guest agent access#811
feat(kubevirt): add tool for QEMU guest agent access#811codingben wants to merge 1 commit intocontainers:mainfrom
Conversation
Implements vm_guest_info tool to retrieve information from inside running VMs via QEMU guest agent without requiring SSH credentials. This addresses a critical gap in KubeVirt management by enabling: - Network troubleshooting (find IP addresses without SSH) - Disk space monitoring (prevent outages before they happen) - Security auditing (list logged-in users for compliance) - VM inventory collection (OS versions for patch management) Assisted-By: Claude <[email protected]> Signed-off-by: Ben Oukhanov <[email protected]>
| description: "Use vm_guest_info to audit which users are currently logged into VMs for security compliance" | ||
| steps: | ||
| setup: | ||
| inline: |- |
There was a problem hiding this comment.
can you please use new format of tasks as e.g. we are using here: #756?
lyarwood
left a comment
lyarwood
left a comment
There was a problem hiding this comment.
Lets start with the evals, the use cases here are far too high level and model dependant for now. Can you simplify these and break them out into their own commits before any tooling is introduced.
| echo " - User 'admin' logged in at 2024-02-25 14:30 ✓" | ||
| echo " - User 'unknown_user' logged in at 2024-02-25 03:00 ⚠ Investigate!" | ||
| echo "" | ||
| echo "✓ Security audit eval complete" |
There was a problem hiding this comment.
Does the judge actually use this? If not it's just slop output that's not asserting anything.
| kubectl delete namespace "$NS" --ignore-not-found | ||
| prompt: | ||
| inline: | | ||
| As part of a security compliance audit, you need to check who is currently logged into the production VirtualMachine "prod-app" in the ${EVAL_NAMESPACE:-vm-test} namespace. |
There was a problem hiding this comment.
I like idea of eventually testing use cases like this but we really need to start with simple building blocks. Something like "list defined users in the VM" and asserting the returned list etc given the image used.
| kubectl delete namespace "$NS" --ignore-not-found | ||
| prompt: | ||
| inline: | | ||
| A user reports that they cannot connect to the web server running inside the VirtualMachine named "web-server" in the ${EVAL_NAMESPACE:-vm-test} namespace. |
There was a problem hiding this comment.
Again just simplify and fetch and assert the IP?
3 participants
Implements vm_guest_info tool to retrieve information from inside running VMs via QEMU guest agent without requiring SSH credentials. This addresses a critical gap in KubeVirt management by enabling:
Assisted-By: Claude [email protected]