Optional ability to check if client has permissions to perform CRUD actions before trying them #1381
Labels
carvel-accepted
This issue should be considered for future work and that the triage process has been completed
enhancement
This issue is a feature request
Describe the problem/challenge you have
When reconciling an App and making changes to a cluster, kapp immediately tries to perform all the CRUD changes. If/when it encounters an error, it stops immediately. This can leave the content on the cluster in some intermediate or unknown state.
Describe the solution you'd like
Add an optional field to the App spec to allow the user to indicate they'd like kapp to check if the client (service account or cluster credentials) has permissions to perform every operation needed before executing any of them. If any of the checks fails, kapp makes no modifications to the cluster and returns an error.
Anything else you would like to add:
The SubjectAccessReview API can be used for these checks.
The related kapp issue is carvel-dev/kapp#855.
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.
The text was updated successfully, but these errors were encountered: