Skip to content

alpha authorize improvements #2790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
musztardem wants to merge 4 commits into
base: main
Choose a base branch
from
Open

alpha authorize improvements #2790

musztardem wants to merge 4 commits into from

Conversation

@musztardem
Copy link
Contributor

@musztardem musztardem commented Dec 15, 2025

Description

Changes proposed in this pull request:

  • Moved user, group and serviceaccount authorization targets to their specialized commands. They are no longer arguments for the authorize cmd.
  • authorize command now is only a command group instead of a separate command.
  • Added namespace presence validation
  • Added resource name validations
  • Added binding-name parameter that allows for a custom binding resource name
  • Added warning message and confirmation requirement in a scenario when binding with the same name already exists

Related issue(s)

#2654

@musztardem musztardem requested a review from a team as a code owner December 15, 2025 11:13
@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

✅ Proposed changes verification passed

This pull request comes with up-to-date documentation and no illegal standard output usages.

Find more detailed information in the verify / standards (pull_request_target) action.

@musztardem musztardem requested a review from a team as a code owner December 15, 2025 11:16
@musztardem musztardem force-pushed the 2654/authorize-cmd-improvements branch from b16cb97 to ee1caac Compare December 15, 2025 11:39
@musztardem musztardem changed the title 2654/authorize cmd improvements alpha authorize improvements Dec 15, 2025
@musztardem musztardem enabled auto-merge (squash) December 15, 2025 13:08
@anoipm anoipm assigned anoipm and unassigned anoipm Dec 16, 2025
@pPrecel pPrecel self-assigned this Dec 17, 2025
pPrecel
pPrecel previously approved these changes Dec 17, 2025
View reviewed changes
grego952
grego952 reviewed Dec 22, 2025
View reviewed changes
docs/user/gen-docs/kyma_alpha_authorize.md Outdated

# Generate JSON for a cluster-wide binding
kyma alpha authorize user --name ci-bot --clusterrole kyma-admin --cluster-wide -o json
group - Authorize a Group with Kyma RBAC resources
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
group - Authorize a Group with Kyma RBAC resources
group - Authorizes a group with Kyma RBAC resources

docs/user/gen-docs/kyma_alpha_authorize.md Outdated
# Generate JSON for a cluster-wide binding
kyma alpha authorize user --name ci-bot --clusterrole kyma-admin --cluster-wide -o json
group - Authorize a Group with Kyma RBAC resources
repository - Configure trust between a Kyma cluster and a GitHub repository
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
repository - Configure trust between a Kyma cluster and a GitHub repository
repository - Configures a trust between a Kyma cluster and a GitHub repository

docs/user/gen-docs/kyma_alpha_authorize.md Outdated
kyma alpha authorize user --name ci-bot --clusterrole kyma-admin --cluster-wide -o json
group - Authorize a Group with Kyma RBAC resources
repository - Configure trust between a Kyma cluster and a GitHub repository
serviceaccount - Authorize a ServiceAccount with Kyma RBAC resources
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
serviceaccount - Authorize a ServiceAccount with Kyma RBAC resources
serviceaccount - Authorizes a ServiceAccount with Kyma RBAC resources

docs/user/gen-docs/kyma_alpha_authorize.md Outdated
group - Authorize a Group with Kyma RBAC resources
repository - Configure trust between a Kyma cluster and a GitHub repository
serviceaccount - Authorize a ServiceAccount with Kyma RBAC resources
user - Authorize a User with Kyma RBAC resources
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
user - Authorize a User with Kyma RBAC resources
user - Authorizes a user with Kyma RBAC resources

docs/user/gen-docs/kyma_alpha_authorize.md Outdated
* [kyma alpha](kyma_alpha.md) - Groups command prototypes for which the API may still change
* [kyma alpha authorize repository](kyma_alpha_authorize_repository.md) - Configure trust between a Kyma cluster and a GitHub repository
* [kyma alpha](kyma_alpha.md) - Groups command prototypes for which the API may still change
* [kyma alpha authorize group](kyma_alpha_authorize_group.md) - Authorize a Group with Kyma RBAC resources
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [kyma alpha authorize group](kyma_alpha_authorize_group.md) - Authorize a Group with Kyma RBAC resources
* [kyma alpha authorize group](kyma_alpha_authorize_group.md) - Authorizes a group with Kyma RBAC resources

docs/user/gen-docs/kyma_alpha_authorize_user.md Outdated
@@ -0,0 +1,50 @@
# kyma alpha authorize user

Authorize a User with Kyma RBAC resources.
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Authorize a User with Kyma RBAC resources.
Authorizes a user with Kyma RBAC resources.

docs/user/gen-docs/kyma_alpha_authorize_user.md Outdated

```text
--binding-name string Custom name for the RoleBinding or ClusterRoleBinding. If not specified, a name is auto-generated based on the role and subject
--cluster-wide Create a ClusterRoleBinding for cluster-wide access (requires --clusterrole)
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
--cluster-wide Create a ClusterRoleBinding for cluster-wide access (requires --clusterrole)
--cluster-wide Creates a ClusterRoleBinding for cluster-wide access (requires --clusterrole)

docs/user/gen-docs/kyma_alpha_authorize_user.md Outdated
--binding-name string Custom name for the RoleBinding or ClusterRoleBinding. If not specified, a name is auto-generated based on the role and subject
--cluster-wide Create a ClusterRoleBinding for cluster-wide access (requires --clusterrole)
--clusterrole string ClusterRole name to bind (for ClusterRoleBinding with --cluster-wide, or RoleBinding in namespace)
--dry-run Preview the YAML/JSON output without applying resources to the cluster
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
--dry-run Preview the YAML/JSON output without applying resources to the cluster
--dry-run Previews the YAML/JSON output without applying resources to the cluster

docs/user/gen-docs/kyma_alpha_authorize_user.md Outdated
-h, --help Help for the command
--kubeconfig string Path to the Kyma kubeconfig file
--show-extensions-error Prints a possible error when fetching extensions fails
--skip-extensions Skip fetching extensions from the target Kyma environment
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
--skip-extensions Skip fetching extensions from the target Kyma environment
--skip-extensions Skips fetching extensions from the target Kyma environment

docs/user/gen-docs/kyma_alpha_authorize_user.md

## See also

* [kyma alpha authorize](kyma_alpha_authorize.md) - Authorize a subject (user, group, or service account) with Kyma RBAC resources
Copy link
Contributor

@grego952 grego952 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [kyma alpha authorize](kyma_alpha_authorize.md) - Authorize a subject (user, group, or service account) with Kyma RBAC resources
* [kyma alpha authorize](kyma_alpha_authorize.md) - Authorizes a subject (user, group, or service account) with Kyma RBAC resources

@musztardem musztardem force-pushed the 2654/authorize-cmd-improvements branch from 2bd8420 to bef0270 Compare December 23, 2025 12:55
@musztardem musztardem force-pushed the 2654/authorize-cmd-improvements branch from bef0270 to 4a27a78 Compare December 23, 2025 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grego952 grego952 grego952 left review comments

@pPrecel pPrecel pPrecel approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@pPrecel pPrecel

@grego952 grego952

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@musztardem @pPrecel @grego952 @anoipm