I am trying to list permissions associated to a service account 'foobar-user' applied to my cluster in namespace 'kube-system':
kubectl auth can-i --list --as=system:serviceaccount:kube-system:foobar-user --namespace=kube-system
Resources Non-Resource URLs Resource Names Verbs
clusterroles [] [] [create list update watch get]
deployments [] [] [create list update watch get]
endpoints [] [] [create list update watch get]
pods [] [] [create list update watch get]
rolebindings [] [] [create list update watch get]
roles [] [] [create list update watch get]
secrets [] [] [create list update watch get]
services [] [] [create list update watch get]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
[/.well-known/openid-configuration] [] [get]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz] [] [get]
[/healthz] [] [get]
[/livez] [] [get]
[/livez] [] [get]
[/openapi/*] [] [get]
[/openapi] [] [get]
[/openid/v1/jwks] [] [get]
[/readyz] [] [get]
[/readyz] [] [get]
[/version/] [] [get]
[/version/] [] [get]
[/version] [] [get]
[/version] [] [get]
nodes [] [] [list watch get]
What is an equivalent API to do this through Python client for kubernetes to list permissions associated to a service account? Appreciate your help, thanks!
The equivalent API to do this through Python client for kubernetes is:
AuthorizationV1Api - create a SelfSubjectRulesReview
The official Kubernetes docs is as follows:
SelfSubjectRulesReview: A review which returns the set of actions a user can perform within a namespace. Useful for users to quickly summarize their own access, or for UIs to hide/show actions.Checking API Access