Auth CLI: Make it easier to create a role for a set of resources and actions #3804
Comments
|
@deads2k fyi |
Resources and actions are simply strings, but I think we might want to make this command enforce only known resources and actions. It would still be possible to do more complicated things using json, but this is about the 90% case. Also, do you have suggestions for names? We probably want a full set of crud, right? |
|
+1 on enforcing (possibly with --force override, I guess). It's too easy to mix up pluralization or typos otherwise |
create-role ? :-) The create role is the hard part... editing roles is much easier. So not sure that a full set of crud would be needed (at least not right away), and it actually might make the command unnecessarily complex. |
|
@csrwng please, close the issue if a new command fulfill your needs. |
|
unfortunately, this creates a kube rbac.authorization.k8s.io clusterrole, not an origin clusterrole :-/ we'll collapse the storage for the two types eventually (probably around 3.7-3.8 timeframe), but it'll be confusing until then |
Does it mean that we should alter its behavior to create origin cluster roles instead? Or do we have a use case when openshift user needs k8s cluster role? |
Switching it and then switching it back will be really confusing. It's annoying now, but I'd say we either leave it alone or hide it entirely, not change it. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
I guess this is fixed now. |
Ideally provide a command that takes in a list of resources, a list of actions and creates a new role
The text was updated successfully, but these errors were encountered: