Comments (2)
Given that kubectl can-i --list
does not support json/yaml output this sounds like a reasonable request. I'm not entirely sure what the schema should be though. This seems ok-ish for rakkess for pods
:
{
"resource": "pods",
"description": "maybe describe what this is",
"rules": [
{
"name": "job-controller",
"kind": "ServiceAccount",
"sa-namespace": "kube-system",
"verbs": {
"get": true,
"update": false,
}
},
]
}
Does that make sense? Or am I missing something?
Similarly for rakkess
:
{
"role": "self",
"description": "maybe describe what this is",
"rules": [
{
"resource": "pods",
"verbs": {
"get": true,
"update": false,
}
},
]
}
from rakkess.
Thanks for the quick response!
My use case for this is to take the output from rakkess for $resource
, specifically the service accounts, to then search for pods assigned those service accounts. Basically asking which pods in the cluster have permission to do something with$resource
. So for my use case the schema you proposed is great.
Other use cases may benefit from a more detailed schema that includes the rolebindings and clusterrolebindinges that grant the searched privileges, so it could be nice to include them if rakkess already has that info.
{
"resource": "pods",
"description": "maybe describe what this is",
"rules": [
{
"name": "job-controller",
"kind": "ServiceAccount",
"sa-namespace": "kube-system",
"verbs": {
"get": true,
"update": false,
},
"rolebindings": [
{<rolebinding object>}, # or perhaps just the rolebindings names?
],
"clusterrolebindings": [
{<clusterrolebinding object>}, # or perhaps just the clusterrolebindings names?
],
},
]
}
from rakkess.
Related Issues (20)
- Documentation does not match plugin capabilities HOT 1
- Dependabot can't resolve your Go dependency files
- More powerful resource matching (ERRO[0005] determine requested resource: no matches for ...) HOT 2
- Dependabot can't resolve your Go dependency files
- Apple M1 Support HOT 1
- [FEAT] Comparison for different users or service accounts HOT 4
- Rakkess displays extra lines with no resource name and no permissons HOT 9
- inconsistency between access-matrix and "oc who-can"
- Missing assets for v0.5.1 HOT 1
- Krew is not able to install latest v0.5.1 version HOT 1
- What is "n/a" means in result matrix
- Support authorization based on `resourceNames`
- Add support for use verb HOT 4
- nothing is displayed for a service-account HOT 10
- Install failure via krew HOT 2
- Installation with Curl is failing "not in gzip format" HOT 2
- `rakkess version` is not printing version information HOT 1
- Rakkess gets very slow when latency goes up HOT 2
- 0.4.5 darwin archive is empty HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rakkess.