Allow to combine multiple subject in the same command

[agaudreault]

Is your feature request related to a problem? Please describe. We want to get a summary of the permission that can be done for a user. I am not sure if this is the goal of the project or if you are aware of another project that would fit more our needs.

It would be nice if we would be able to do something like kubectl rolesum -K User <username> -K Group <group1> -K Group <group2> to combine the results of different groups. We use OIDC to authenticate to our cluster and users have multiple groups.

Describe the solution you'd like New parameters for group and user could be used instead of a global kind.

• kubectl rolesum -G <group1,group2> -U <[email protected]> to get groups and/or user
• Only -G would allow for a list since 2 users does not make sense
• -G and -U cannot be combined with ServiceAccount
• kubectl rolesum <serviceAccount> can still be used to query SA.
• -K <kind> parameter can still be used for backward, but cannot be combined with -G or -U

Describe alternatives you've considered Use another tool for that usecase if you know one!