Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add -o wide flag to print the ROLE column #79

Merged
merged 4 commits into from
Aug 21, 2020
Merged

feat: Add -o wide flag to print the ROLE column #79

merged 4 commits into from
Aug 21, 2020

Conversation

danielpacak
Copy link
Contributor

@danielpacak danielpacak commented Aug 20, 2020
edited
Loading

This PR adds a new flag -o wide to print the [Cluster]Role referred to by the [Cluster]RoleBinding:

$ kubectl who-can get pods -n webinar
ROLEBINDING            NAMESPACE  SUBJECT           TYPE            SA-NAMESPACE
webinar-ns-admin-view  webinar    webinar-ns-admin  ServiceAccount  webinar

CLUSTERROLEBINDING                           SUBJECT                                 TYPE            SA-NAMESPACE
cluster-admin                                system:masters                          Group
local-path-provisioner-bind                  local-path-provisioner-service-account  ServiceAccount  local-path-storage
system:controller:deployment-controller      deployment-controller                   ServiceAccount  kube-system
system:controller:endpoint-controller        endpoint-controller                     ServiceAccount  kube-system
system:controller:endpointslice-controller   endpointslice-controller                ServiceAccount  kube-system
system:controller:generic-garbage-collector  generic-garbage-collector               ServiceAccount  kube-system
system:controller:namespace-controller       namespace-controller                    ServiceAccount  kube-system
system:controller:persistent-volume-binder   persistent-volume-binder                ServiceAccount  kube-system
system:controller:pvc-protection-controller  pvc-protection-controller               ServiceAccount  kube-system
system:controller:statefulset-controller     statefulset-controller                  ServiceAccount  kube-system
system:kube-scheduler                        system:kube-scheduler                   User

$ kubectl who-can get pods -n webinar -o wide
ROLEBINDING            ROLE              NAMESPACE  SUBJECT           TYPE            SA-NAMESPACE
webinar-ns-admin-view  ClusterRole/view  webinar    webinar-ns-admin  ServiceAccount  webinar

CLUSTERROLEBINDING                           ROLE                                                     SUBJECT                                 TYPE            SA-NAMESPACE
cluster-admin                                ClusterRole/cluster-admin                                system:masters                          Group
local-path-provisioner-bind                  ClusterRole/local-path-provisioner-role                  local-path-provisioner-service-account  ServiceAccount  local-path-storage
system:controller:deployment-controller      ClusterRole/system:controller:deployment-controller      deployment-controller                   ServiceAccount  kube-system
system:controller:endpoint-controller        ClusterRole/system:controller:endpoint-controller        endpoint-controller                     ServiceAccount  kube-system
system:controller:endpointslice-controller   ClusterRole/system:controller:endpointslice-controller   endpointslice-controller                ServiceAccount  kube-system
system:controller:generic-garbage-collector  ClusterRole/system:controller:generic-garbage-collector  generic-garbage-collector               ServiceAccount  kube-system
system:controller:namespace-controller       ClusterRole/system:controller:namespace-controller       namespace-controller                    ServiceAccount  kube-system
system:controller:persistent-volume-binder   ClusterRole/system:controller:persistent-volume-binder   persistent-volume-binder                ServiceAccount  kube-system
system:controller:pvc-protection-controller  ClusterRole/system:controller:pvc-protection-controller  pvc-protection-controller               ServiceAccount  kube-system
system:controller:statefulset-controller     ClusterRole/system:controller:statefulset-controller     statefulset-controller                  ServiceAccount  kube-system
system:kube-scheduler                        ClusterRole/system:kube-scheduler                        system:kube-scheduler                   User

Signed-off-by: Daniel Pacak pacak.daniel@gmail.com

@codecov
Copy link

codecov bot commented Aug 20, 2020
edited
Loading

Codecov Report

Merging #79 into master will increase coverage by 1.75%.
The diff coverage is 90.14%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #79      +/-   ##
==========================================
+ Coverage   70.80%   72.55%   +1.75%     
==========================================
  Files           5        6       +1     
  Lines         387      430      +43     
==========================================
+ Hits          274      312      +38     
- Misses         98      103       +5     
  Partials       15       15
Impacted Files Coverage Δ
pkg/cmd/list.go 49.50% <0.00%> (-6.94%) ⬇️
pkg/cmd/printer.go 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5d0f3d1...b35b5ee. Read the comment docs.

@danielpacak
feat: Add -o wide flag to print the ROLE column
2d128c0 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
@danielpacak danielpacak changed the title feat: Add -o wide flag to print the Role feat: Add -o wide flag to print the ROLE column Aug 20, 2020
lizrice
lizrice approved these changes Aug 21, 2020
View reviewed changes
Copy link
Contributor

@lizrice lizrice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made two picky suggestions for very slightly neater code, but LGTM

cmd/kubectl-who-can/main.go Outdated Show resolved Hide resolved
pkg/cmd/list.go Outdated Show resolved Hide resolved
danielpacak and others added 3 commits August 21, 2020 16:31
@danielpacak @lizrice
refactor: Do not assign ignored return values
08b74a6 
Co-authored-by: Liz Rice <liz@lizrice.com>
@danielpacak @lizrice
refactor: Simplify parsing the output flag
f30e9e3 
Co-authored-by: Liz Rice <liz@lizrice.com>
@danielpacak
refactor: Do not use wide var
b35b5ee 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
@danielpacak danielpacak merged commit bb71880 into aquasecurity:master Aug 21, 2020
@danielpacak danielpacak deleted the feat_add_role_to_wide_output branch August 21, 2020 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lizrice lizrice lizrice approved these changes

Assignees

@lizrice lizrice

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danielpacak @lizrice