rbac-tool
rbac-tool copied to clipboard
alcideio
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
**What would you like to be added**: Add the option to add subcommands like `pods/exec` into generated RBAC files **Why is this needed**: Sometimes you want to give people more...
**What would you like to be added**: For each rule violations, provide the list of resources (Pod, Deployment, Job,...) that use that service account. **Why is this needed**: It enables...
The first 3 rules should can be collapsed into 1 rule ``` TYPE | SUBJECT | VERBS | NAMESPACE | API GROUP | KIND | NAMES | NONRESOURCEURI | ORIGINATED...
Added fetching subresources. The filtering mechanism is unchanged since the syntax is: ``` rbac-tool gen --deny-resources=clusterrolebindings.rbac.authorization.k8s.io,clusterroles.rbac.authorization.k8s.io,pods/exec. --allowed-verbs=get,list,watch ```
**What would you like to be added**: Add flags to customize: - Metadata.Name - Metadata.Namespace - Metadata.Annotations **Why is this needed**: For the `rbac-tool gen` and `rbac-tool show` commands it...
This pull request is in reference to the following issue: https://github.com/alcideio/rbac-tool/issues/92 - Adds flag for `metadata.name` to `rbac-tool gen|show` - Adds flag for `metadata.namespace` to `rbac-tool gen|show` - Adds flag...
**What would you like to be added**: I'd like `rbac-tool analyze' warn about (Cluster)Rolebindings for accounts that don't or no longer exist in the cluster. **Why is this needed**: Unnecessary...
**What happened**: Running the following command within a k8s container fails: ``` $ rbac-tool who-can create mysqlinstances.database.orange.com [...] Failed to run program - memory budget exceeded (6:24) | { .Verb ...
**What would you like to be added**: It would be nice to add subresources support to RBAC generation fuctional. **Why is this needed**: It can make generation rules useful =)...
This MR provides the following additional functionality. 1. Enables the use of an additional flag for the gen command named `--useSubresouces.` When this is defined, then the gen command also...
