Optional ability to check if client has permissions to perform CRUD actions before trying them

Question

Optional ability to check if client has permissions to perform CRUD actions before trying them

ncdc opened this issue 8 months ago · comments

Describe the problem/challenge you have
When deploying an app, if/when kapp encounters an error, it stops immediately. This can leave the content on the cluster in some intermediate or unknown state.

Describe the solution you'd like
Add an optional setting for kapp to check if the client has permissions to perform every operation needed before executing any of them. If any of the checks fails, kapp makes no modifications to the cluster and returns an error.

Anything else you would like to add:
The SubjectAccessReview API can be used for these checks.

The related kapp-controller issue is carvel-dev/kapp-controller#1381.

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

Hergy Fongue · Answer 1 · Wed Nov 01 2023 17:07:47 GMT+0800 (China Standard Time)

hey @ncdc and @praveenrewar i would like to work on this task.

Hergy Fongue · Answer 2 · Tue Dec 05 2023 02:07:13 GMT+0800 (China Standard Time)

Hey @praveenrewar @ciriarte what about this ticket?

Praveen Rewar · Answer 3 · Tue Dec 05 2023 15:20:02 GMT+0800 (China Standard Time)

@rjtch Apologies, I missed the notification on this one. Feel free work on and create a PR for this and let me know if you need any help with it.