Closed olivierlemasle closed 2 years ago
many thanks for the PR. i will try this out once and merge as soon as i verify.
at this moment, the plugin prints only the username and not the groups for any other auth type. so I think printing just the CN should be enough to be consistent.
what do you think?
what do you think?
I think it's time to print the groups for all authentication types where it's possible :smiley:
More seriously, yes, printing the username only is more consistent with the other authentication types. If you want, I'll update the PR.
It all depends on what you cant kubectl-whoami
to be; which use case(s) you want to address. For me, listing the groups you belong to is very important because if you need to request more permissions to your cluster administrator, he will want to add a [Cluster]RoleBinding to one of your groups.
What use case did you have in mind when creating this plugin?
Also, it is possible to keep the existing (print the username only, including for x509), and have a new flag to enable group printing. What do you think of that?
it was supposed to be like linux whoami when i was implementing this plugin.
the reason i am thinking to keep this at just userinfo is because it can get really complicated for other auth types, and there are other awesome kubectl plugins to visualize that e.g. https://github.com/corneliusweig/rakkess
Ok, I've updated the PR to print only the username.
However, I still think it would be great to optionally print the groups as well, at least for authentication types where it's simple (x509 certificates, OIDC, Webhook):
chown $(whoami) foo
or cd /home/$(whoami)
; I don't find any equivalent use case in Kubernetes.foo
. But If I want to ask my cluster administrator to give me this permission (by adding a RoleBinding to one of the groups I belong), I won't be able to tell him my groups.@rajatjindal Any news?
thank for the PR.
Thanks for merging!
Print subject in case of x509 client cert auth, instead of
kubecfg:certauth:admin
.Fixes #9
As an example, I chose to simply print the client certificate subject.
Example
But I'm ok with any other format; please tell me your preference.