• Kubernetes Submit Queue's avatar
    Merge pull request #41077 from deads2k/cli-01-cani · a1490926
    Kubernetes Submit Queue authored
    Automatic merge from submit-queue (batch tested with PRs 41814, 41922, 41957, 41406, 41077)
    
    add kubectl can-i to see if you can perform an action
    
    Adds `kubectl auth can-i <verb> <resource> [<name>]` so that a user can see if they are allowed to perform an action.
    
    @kubernetes/sig-cli-pr-reviews @fabianofranz 
    
    This particular command satisfies the immediate need of knowing if you can perform an action without trying that action.  When using RBAC in a script that is adding permissions, there is a lag between adding the permission and the permission being realized in the RBAC cache.  As a user on the CLI, you almost never see it, but as a script adding a binding and then using that new power, you hit it quite often.
    
    There are natural follow-ons to the same area (hence the `auth` subcommand) to figure out if someone else can perform an action, what actions you can perform in total, and who can perform a given action.  Someone else is an API we have already, what-can-i-do was a proposed API a while back and a very useful one for interfaces, and who-can is common question if someone is administering a namespace.
    a1490926
Name
Last commit
Last update
..
admin Loading commit data...
api-reference Loading commit data...
design Loading commit data...
devel Loading commit data...
getting-started-guides Loading commit data...
images Loading commit data...
man/man1 Loading commit data...
proposals Loading commit data...
user-guide Loading commit data...
yaml/kubectl Loading commit data...
.generated_docs Loading commit data...
BUILD Loading commit data...
OWNERS Loading commit data...
README.md Loading commit data...
api.md Loading commit data...
reporting-security-issues.md Loading commit data...