Kubernetes version: 1.13 - 1.19 (and likely 1.20)
I noticed that
kubectl api-resources -o wide gives a comprehensive list of RBAC verbs for each resource type.
- it is missing a few “specialized verbs” like
uses, etc mentioned briefly in the Determine the Request Verb section of Authorization Overview
- users and groups are not resources in kubernetes but there are at least 2 verbs associated, so user and group should be rows in that output (with empty in api column), or there ought to be a proper command to get all the RBAC verbs that exist
- the docs mentioned above says “Kubernetes sometimes checks authorization for additional permissions using specialized verbs. For example:…” which indicates there may be more than the half dozen examples.
Seems to me that a command to get an exhaustive list of all verbs relevant to RBAC would be really useful. Eg
kubernetes auth verbs NAME would show all verbs for
NAME (pod, user, role etc), similar table format to
api-resources but its focus would be auth.
Is this the right place to propose/discuss such improvement? Assuming it is not too big a job, would it be a good first PR to contribute to kubernetes?