Home > Enterprise >  Problem testing RBAC permissions, using optional resourceName
Problem testing RBAC permissions, using optional resourceName

Time:06-15

I am trying to check if I set permissions correctly in a role developer to get a specific pod called dark-blue-app. The role is:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: "2022-06-13T00:24:53Z"
  name: developer
  namespace: blue
  resourceVersion: "4099"
  uid: ac280f91-da44-4a33-aa5e-3b4176f8a3a6
rules:
- apiGroups:
  - ""
  resourceNames:
  - dark-blue-app
  resources:
  - pods
  verbs:
  - list
  - create
  - delete

And I have a rolebinding set to it (dev-user-binding).

Testing to see if I have right permissions I executed:

kubectl auth can-i get pod -n=blue --as developer

Which returned YES

But, if I try to run to check specifically for dark-blue-app:

kubectl auth can-i get pod dark-blue-app -n=blue --as dev-user

Returns:

error: you must specify two or three arguments: verb, resource, and optional resourceName

EDIT:

This is dev-user-binding

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  creationTimestamp: "2022-06-13T01:14:15Z"
  name: dev-user-binding
  namespace: default
  resourceVersion: "1522"
  uid: 29d2092e-fbb6-454c-8a7e-b83f3158abb2
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: developer
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: dev-user

CodePudding user response:

As suggested by @fg78nc it was fixed by changing the command:

kubectl auth can-i get pod dark-blue-app -n=blue --as dev-user

To:

kubectl auth can-i get pod/dark-blue-app -n=blue --as dev-user

Page link:https//www.codepudding.com/Enterprise/442669.html

Prev:Unable to make request to service running in Minikube tunnel
Next:How to get the URL in webpack - react application
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding