Create tag v0.4.0

corneliusweig · Apr 26, 2019 · b851b19 · b851b19
1 parent e0e71ba
commit b851b19
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ It is also useful to find out who can hamper with some server resource.
 Check out the sub-command `rakkess resource` [below](#show-subjects-with-access-to-a-given-resource).
 
 ## Demo
-![rakkess demo](doc/demo-user-smaller.png "rakkess demo")
+![rakkess demo](doc/demo-user-smaller.png "rakkess --namespace default")
 
 ## Examples
 #### Show access for all resources
@@ -52,7 +52,7 @@ Check out the sub-command `rakkess resource` [below](#show-subjects-with-access-
   ```
 
 #### Show subjects with access to a given resource
-![rakkess demo](doc/demo-resource-smaller.png "rakkess resource demo")
+![rakkess demo](doc/demo-resource-smaller.png "rakkess resource configmaps --namespace default")
 - ...globally in all namespaces (only considers `ClusterRoleBindings`)
   ```bash
   rakkess resource configmaps
@@ -76,11 +76,9 @@ Check out the sub-command `rakkess resource` [below](#show-subjects-with-access-
 ##### Name-restricted roles
 Some roles only apply to resources with a specific name.
 To review such configurations, provide the resource name as additional argument.
-For example, show access rights for the `ConfigMap` called `ingress-controller-leader-nginx` in namespace `ingress-nginx`:
+For example, show access rights for the `ConfigMap` called `ingress-controller-leader-nginx` in namespace `ingress-nginx` (note the subtle difference for `nginx-ingress-serviceaccount` to the previous example):
 
-```bash
-rakkess r cm ingress-controller-leader-nginx -n ingress-nginx --verbs=all
-```
+![rakkess demo](doc/demo-named-resource-smaller.png "rakkess resource configmap ingress-controller-leader-nginx --namespace ingress-nginx")
 
 As `rakkess resource` needs to query `Roles`, `ClusterRoles`, and their bindings, it usually requires administrative cluster access.
 
@@ -103,18 +101,18 @@ When using the binaries for installation, also have a look at [doc/USAGE](doc/US
 
 #### Linux
 ```bash
-curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-linux-amd64.gz && \
+curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-linux-amd64.gz && \
   gunzip rakkess.gz && chmod +x rakkess && mv rakkess $GOPATH/bin/
 ```
 
 #### OSX
 ```bash
-curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-darwin-amd64.gz && \
+curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-darwin-amd64.gz && \
   gunzip rakkess.gz && chmod +x rakkess && mv rakkess $GOPATH/bin/
 ```
 
 #### Windows
-[https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-windows-amd64.zip](https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-windows-amd64.zip)
+[https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-windows-amd64.zip](https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-windows-amd64.zip)
 
 ### From source
 

diff --git a/cmd/resource.go b/cmd/resource.go
@@ -36,7 +36,7 @@ matrix with verbs in the horizontal and subjects in the vertical direction.
 Note that the effective access right may differ from the shown results due to
 group membership such as 'system:unauthenticated'.
 
-More on https://github.com/corneliusweig/rakkess/blob/v0.3.0/doc/USAGE.md#usage
+More on https://github.com/corneliusweig/rakkess/blob/v0.4.0/doc/USAGE.md#usage
 `
 
 	rakkessSubjectExamples = `

diff --git a/cmd/root.go b/cmd/root.go
@@ -46,7 +46,7 @@ the current user with the given verbs, and prints the result as a matrix.
 This complements the usual "kubectl auth can-i" command, which works for
 a single resource and a single verb.
 
-More on https://github.com/corneliusweig/rakkess/blob/v0.3.0/doc/USAGE.md#usage
+More on https://github.com/corneliusweig/rakkess/blob/v0.4.0/doc/USAGE.md#usage
 `
 
 	rakkessExamples = `

diff --git a/doc/demo-named-resource-smaller.png b/doc/demo-named-resource-smaller.png
diff --git a/doc/demo-resource-smaller.png b/doc/demo-resource-smaller.png
diff --git a/doc/releases/v0.4.0.md b/doc/releases/v0.4.0.md
@@ -0,0 +1,15 @@
+v0.4.0 - 26/4/2019
+==
+
+This release adds a named mode for sub-command `rakkess resource`.
+Instead of showing all subjects who have access to a given resource kind, it shows the access for a particular resource _instance_.
+See it in action [here](https://github.com/corneliusweig/rakkess/tree/v0.4.0#name-restricted-roles).
+
+![rakess resource](https://github.com/corneliusweig/rakkess/blob/v0.4.0/doc/demo-named-resource-smaller.png)
+
+---
+
+### Merged pull requests
+
+* Increase test coverage [#29](https://github.com/corneliusweig/rakkess/pull/29)
+* Extend the `resource` sub-command to select a particular object [#28](https://github.com/corneliusweig/rakkess/pull/28)
diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
-	github.com/googleapis/gnostic v0.2.0 // indirect
+	github.com/googleapis/gnostic v0.2.0
 	github.com/gophercloud/gophercloud v0.0.0-20190226183117-490361a9a1c1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
 	github.com/imdario/mergo v0.3.7 // indirect