What is the equivalent of: kubectl auth can-i prune <resource_type>?

L1ghtman2k · September 16, 2021, 5:50pm

Is there a way for me to determine if the current user has access to prune a given resource?

My initial thought process was that prune is internally subdivided into delete/list operations, but I am not sure if that is actually the case, any thoughts?

protosam · September 18, 2021, 4:55am

Probably right. You could just test it out by giving a user only get and delete access, without list being available.

List

github.com

kubernetes/kubectl/blob/48e9da0ebe744b372589aa38591e85e61f818452/pkg/cmd/apply/prune.go#L96-L101

    
      
          	objList, err := p.dynamicClient.Resource(mapping.Resource).
          		Namespace(namespace).
          		List(context.TODO(), metav1.ListOptions{
          			LabelSelector: p.labelSelector,
          			FieldSelector: p.fieldSelector,
          		})

Delete

github.com

kubernetes/kubectl/blob/48e9da0ebe744b372589aa38591e85e61f818452/pkg/cmd/apply/prune.go#L126-L130

    
      
          		if p.dryRunStrategy != cmdutil.DryRunClient {
          			if err := p.delete(namespace, name, mapping); err != nil {
          				return err
          			}
          		}

Topic		Replies	Views
List of all available resources for RBAC roles General Discussions docs , security	1	1582	January 13, 2023
List of RBAC resources, sub resources and verbs General Discussions	1	2364	March 3, 2019
RBAC role verbs missing from output General Discussions	0	1352	December 13, 2020
Explanation of different RBAC Verbs General Discussions	2	2709	November 7, 2024
Restrict who can issue kubectl command General Discussions	1	661	November 28, 2019

What is the equivalent of: kubectl auth can-i prune <resource_type>?

Related topics