From b851b199ec7f14bad3b4f7ddec27aa72a6258f31 Mon Sep 17 00:00:00 2001
From: Cornelius Weig <cornelius.weig@tngtech.com>
Date: Fri, 26 Apr 2019 18:33:21 +0200
Subject: [PATCH] Create tag v0.4.0

---
 README.md                           | 16 +++++++---------
 cmd/resource.go                     |  2 +-
 cmd/root.go                         |  2 +-
 doc/demo-named-resource-smaller.png |  3 +++
 doc/demo-resource-smaller.png       |  4 ++--
 doc/releases/v0.4.0.md              | 15 +++++++++++++++
 go.mod                              |  2 +-
 7 files changed, 30 insertions(+), 14 deletions(-)
 create mode 100644 doc/demo-named-resource-smaller.png
 create mode 100644 doc/releases/v0.4.0.md

diff --git a/README.md b/README.md
index 072f5fd..ff21e07 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ It is also useful to find out who can hamper with some server resource.
 Check out the sub-command `rakkess resource` [below](#show-subjects-with-access-to-a-given-resource).
 
 ## Demo
-![rakkess demo](doc/demo-user-smaller.png "rakkess demo")
+![rakkess demo](doc/demo-user-smaller.png "rakkess --namespace default")
 
 ## Examples
 #### Show access for all resources
@@ -52,7 +52,7 @@ Check out the sub-command `rakkess resource` [below](#show-subjects-with-access-
   ```
   
 #### Show subjects with access to a given resource
-![rakkess demo](doc/demo-resource-smaller.png "rakkess resource demo")
+![rakkess demo](doc/demo-resource-smaller.png "rakkess resource configmaps --namespace default")
 - ...globally in all namespaces (only considers `ClusterRoleBindings`)
   ```bash
   rakkess resource configmaps
@@ -76,11 +76,9 @@ Check out the sub-command `rakkess resource` [below](#show-subjects-with-access-
 ##### Name-restricted roles
 Some roles only apply to resources with a specific name.
 To review such configurations, provide the resource name as additional argument.
-For example, show access rights for the `ConfigMap` called `ingress-controller-leader-nginx` in namespace `ingress-nginx`:
+For example, show access rights for the `ConfigMap` called `ingress-controller-leader-nginx` in namespace `ingress-nginx` (note the subtle difference for `nginx-ingress-serviceaccount` to the previous example):
 
-```bash
-rakkess r cm ingress-controller-leader-nginx -n ingress-nginx --verbs=all
-```
+![rakkess demo](doc/demo-named-resource-smaller.png "rakkess resource configmap ingress-controller-leader-nginx --namespace ingress-nginx")
   
 As `rakkess resource` needs to query `Roles`, `ClusterRoles`, and their bindings, it usually requires administrative cluster access.
 
@@ -103,18 +101,18 @@ When using the binaries for installation, also have a look at [doc/USAGE](doc/US
 
 #### Linux
 ```bash
-curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-linux-amd64.gz && \
+curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-linux-amd64.gz && \
   gunzip rakkess.gz && chmod +x rakkess && mv rakkess $GOPATH/bin/
 ```
 
 #### OSX
 ```bash
-curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-darwin-amd64.gz && \
+curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-darwin-amd64.gz && \
   gunzip rakkess.gz && chmod +x rakkess && mv rakkess $GOPATH/bin/
 ```
 
 #### Windows
-[https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-windows-amd64.zip](https://github.com/corneliusweig/rakkess/releases/download/v0.3.0/rakkess-windows-amd64.zip)
+[https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-windows-amd64.zip](https://github.com/corneliusweig/rakkess/releases/download/v0.4.0/rakkess-windows-amd64.zip)
 
 ### From source
 
diff --git a/cmd/resource.go b/cmd/resource.go
index 28e51fb..4aa5bf6 100644
--- a/cmd/resource.go
+++ b/cmd/resource.go
@@ -36,7 +36,7 @@ matrix with verbs in the horizontal and subjects in the vertical direction.
 Note that the effective access right may differ from the shown results due to
 group membership such as 'system:unauthenticated'.
 
-More on https://github.com/corneliusweig/rakkess/blob/v0.3.0/doc/USAGE.md#usage
+More on https://github.com/corneliusweig/rakkess/blob/v0.4.0/doc/USAGE.md#usage
 `
 
 	rakkessSubjectExamples = `
diff --git a/cmd/root.go b/cmd/root.go
index ab6204d..d7e79e6 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -46,7 +46,7 @@ the current user with the given verbs, and prints the result as a matrix.
 This complements the usual "kubectl auth can-i" command, which works for
 a single resource and a single verb.
 
-More on https://github.com/corneliusweig/rakkess/blob/v0.3.0/doc/USAGE.md#usage
+More on https://github.com/corneliusweig/rakkess/blob/v0.4.0/doc/USAGE.md#usage
 `
 
 	rakkessExamples = `
diff --git a/doc/demo-named-resource-smaller.png b/doc/demo-named-resource-smaller.png
new file mode 100644
index 0000000..339a346
--- /dev/null
+++ b/doc/demo-named-resource-smaller.png
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b00c4377c374b201b4d0339b3aa8c3b1c77b879342d3aa11ddbccc664e78163b
+size 60934
diff --git a/doc/demo-resource-smaller.png b/doc/demo-resource-smaller.png
index 0c739bb..5a6bb66 100644
--- a/doc/demo-resource-smaller.png
+++ b/doc/demo-resource-smaller.png
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bc1b57e8f00964fd66fcf562749e5b2c82de38d22f0950fd93c5ebe46adaed9b
-size 62518
+oid sha256:82ed08e3b8e29441810357b4307cfc84841e6309341ea390c2700795741cf5b7
+size 59705
diff --git a/doc/releases/v0.4.0.md b/doc/releases/v0.4.0.md
new file mode 100644
index 0000000..9c152bd
--- /dev/null
+++ b/doc/releases/v0.4.0.md
@@ -0,0 +1,15 @@
+v0.4.0 - 26/4/2019
+==
+
+This release adds a named mode for sub-command `rakkess resource`.
+Instead of showing all subjects who have access to a given resource kind, it shows the access for a particular resource _instance_.
+See it in action [here](https://github.com/corneliusweig/rakkess/tree/v0.4.0#name-restricted-roles).
+
+![rakess resource](https://github.com/corneliusweig/rakkess/blob/v0.4.0/doc/demo-named-resource-smaller.png)
+
+---
+
+### Merged pull requests
+
+* Increase test coverage [#29](https://github.com/corneliusweig/rakkess/pull/29)
+* Extend the `resource` sub-command to select a particular object [#28](https://github.com/corneliusweig/rakkess/pull/28)
diff --git a/go.mod b/go.mod
index 988fc1d..80b3848 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
-	github.com/googleapis/gnostic v0.2.0 // indirect
+	github.com/googleapis/gnostic v0.2.0
 	github.com/gophercloud/gophercloud v0.0.0-20190226183117-490361a9a1c1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
 	github.com/imdario/mergo v0.3.7 // indirect