'kubectl auth can-i --list' 有 Python 客户 API

is there Python client API for 'kubectl auth can-i --list'

我正在尝试列出与服务帐户关联的权限 'foobar-user' 应用到命名空间 'kube-system' 中的集群:

kubectl auth can-i --list --as=system:serviceaccount:kube-system:foobar-user --namespace=kube-system

Resources                                       Non-Resource URLs                     Resource Names     Verbs
clusterroles                                    []                                    []                 [create list update watch get]
deployments                                     []                                    []                 [create list update watch get]
endpoints                                       []                                    []                 [create list update watch get]
pods                                            []                                    []                 [create list update watch get]
rolebindings                                    []                                    []                 [create list update watch get]
roles                                           []                                    []                 [create list update watch get]
secrets                                         []                                    []                 [create list update watch get]
services                                        []                                    []                 [create list update watch get]
selfsubjectaccessreviews.authorization.k8s.io   []                                    []                 [create]
selfsubjectrulesreviews.authorization.k8s.io    []                                    []                 [create]
                                                [/.well-known/openid-configuration]   []                 [get]
                                                [/api/*]                              []                 [get]
                                                [/api]                                []                 [get]
                                                [/apis/*]                             []                 [get]
                                                [/apis]                               []                 [get]
                                                [/healthz]                            []                 [get]
                                                [/healthz]                            []                 [get]
                                                [/livez]                              []                 [get]
                                                [/livez]                              []                 [get]
                                                [/openapi/*]                          []                 [get]
                                                [/openapi]                            []                 [get]
                                                [/openid/v1/jwks]                     []                 [get]
                                                [/readyz]                             []                 [get]
                                                [/readyz]                             []                 [get]
                                                [/version/]                           []                 [get]
                                                [/version/]                           []                 [get]
                                                [/version]                            []                 [get]
                                                [/version]                            []                 [get]
nodes                                           []                                    []                 [list watch get]

什么是等效的 API 通过 Python 客户端为 kubernetes 列出与服务帐户关联的权限?感谢您的帮助,谢谢!

通过 Python kubernetes 客户端执行此操作的等效 API 是:

AuthorizationV1Api - create a SelfSubjectRulesReview

Kubernetes官方文档如下:

SelfSubjectRulesReview:审查 returns 用户可以在命名空间内执行的一组操作。对用户快速总结他们自己的访问或对 hide/show 操作的 UI 很有用。

Checking API Access