krane icon indicating copy to clipboard operation
krane copied to clipboard

Published 20 hours ago verified publisher icon appvia

[EPIC] Expand base commands set

Open marcinc opened this issue 4 years ago • 0 comments

This is to cover further RBAC inspection. The list below is just an indicator and some ideas around how to make it come complete (individual commands will link to separate issues):

  • unused - #11 - Unused ClusterRole, ClusterRoleBinding, Role, RoleBinding
  • multi-binding - #12 - Show all roles for given subject and highlight those with multiple bindings for the same role.
  • risky-roles - #13 - List Roles/ClusterRoles for Subject (user, group or service account) with a SCOPE (Cluster-Wide/NS)
  • risky-subjects - #14 - Identify risky Subjects (Users, Groups and ServiceAccounts)
  • roles - #15 - List Roles/ClusterRoles for Subject (user, group or service account) with a SCOPE (Cluster-Wide/NS). Alternatively split command into users/serviceaccounts/groups?
  • permissions - #16 - List Rules (compiled permissions) for given Subject (user, group, sa) in scanned Kubernetes cluster - scoped by Cluster-Wide/NS?

marcinc avatar Mar 09 '20 14:03 marcinc