Given that one starts from a literal string, might as well use the final result here rather than have all the reflection-y camelcase and period interpretation, i.e.

env = env.append(env, makePair(prefix + "NAME", p.Plugin.Name))
env = env.append(env, makePair(prefix + "SHORT_DESC", p.Plugin.ShortDesc))

that way one can find this code with a code search on SHORT_DESC.

As it is the code has the complexity of reflection without actually reading from variables.

Plus, if FieldToEnvName doesn't exist, it doesn't need test coverage.

well, this looks clever! if you want to add code for subtrees, please also add test coverage.

command trees and env var propagation are orthogonal. RPs that don't mix orthogonal things are easier to review, right? :)

I have subtrees covered in test-cmd, will also add some unit tests.

kthnks.

I have them in 2 separate commits here, but I'll remember that for the next ones. ;)

This enables a world of perl scripts passing around passwords, certs etc, building libraries that attempt to make restful calls without the benefit of apimachinery client libs.

Wouldn't it be better to fire up a proxy within kubectl, then make that available to the plugin? Pass the (local) port via an env var, and simplify the the job of the plugin author. Maybe hold off on this particular provider?

I'd like to provide plugin authors a way to access the api (other that invoking kubectl through the KUBECTL_PLUGINS_CALLER env we are introducing here), so both ideas work for me. I agree with the concerns of these sensitive data passing around and the proxy is definitely easier for plugin authors, but do you think it would be easier to get approved? If so, that was part of my original plugins R&D and should not be too hard to adjust/improve be added here or in a follow-up PR.

@pwittrock might weigh in. Personally I'd rather approve a PR that set up the proxy for the plugin and fed the plugin what it needed to know about the proxy via env vars, than the above code which is simple but enables bad behavior. A proxy would encourage simpler plugins that followed a particular recognizable pattern.

as you say - you did a bunch of research on the proxy idea already... just dust it off in a separate PR.

Nice job on the env provider interface and various impls! Very clear.

One nit: at this level it makes sense to create an array of pair struct {n, v string} and push the

fmt.Sprintf("%s=%s",

(which occurs several times here) down into runner.Run, converting to the format exec.Command seems to need just before it is invoked. That odd detail shouldn't leak up this high.

I'm +1 about a struct pair, the caveat is that os.Environ() already returns []string and it's used in one of the env providers. I'd need to iterate over it and split to make the pairs that would be returned in the provider list. Do you think it's worth?

Sigh - didn't see that. Up to you. Seems a bit silly to unpack os.Environ.
OTHO, is osEnviron needed? I'd think a plugin running in subprocess has access to exported vars present in the parent process.

Setting os.Environ is needed, the subprocess only takes what you set there.