Hi everyone,
There is a tool that I built couple of months ago called: “kubetok”.
Within a given credentials (like JWT token), it checks what permissions you have.
It uses the API selfsubjectrulesreviews to do it.
It can be good if you found a token and you want to see what permissions you have.
In case the token doesn’t have the permissions to call selfsubjectrulesreviews, I created a module that bruteforce the API to guess what permissions the token have.
One issue, this option already exist (except from the bruteforce module) in kubectl by using: kubectl auth can-i --list --token=...
I wanted to publish it but I am not sure it is good to do it from the CyberArk github because then will be a question like:
what is the idea? this functionality is already exist…
What do you think?
I thought maybe just to publish it from my private account and preventing us from looking no professional by not checking this functionality first before creating it.
If I will publish it as private, I can present it just as another option, maybe more nicer to view permissions.
I am not sure if https://twitter.com/nfFrenchie or the conf have recorded the talk, but I think their medium post covers some of it (the live demos were really cool though ):
@g0ku if you post it privately on your personal GitHub it’d be great if you could edit the original post with the link. I’m interested in seeing it when it’s up
):