There is a tool that I built couple of months ago called: “kubetok”.
Within a given credentials (like JWT token), it checks what permissions you have.
It uses the API selfsubjectrulesreviews to do it.
It can be good if you found a token and you want to see what permissions you have.
In case the token doesn’t have the permissions to call selfsubjectrulesreviews, I created a module that bruteforce the API to guess what permissions the token have.
One issue, this option already exist (except from the bruteforce module) in kubectl by using:
kubectl auth can-i --list --token=...
I wanted to publish it but I am not sure it is good to do it from the CyberArk github because then will be a question like:
what is the idea? this functionality is already exist…
What do you think?
I thought maybe just to publish it from my private account and preventing us from looking no professional by not checking this functionality first before creating it.
If I will publish it as private, I can present it just as another option, maybe more nicer to view permissions.