wf assume
wf assume
Escalates your privileges for a short-lived time
Synopsis
By default users are not assigned long-lived permissions to clusters or to the Wayfinder API. Instead they can assume permissions by requesting access to a plan (set of permissions). Assuming they meet the constraints placed on acquiring the role, their permissions will be acquired for a period of time, after which the permissions roll back.
wf assume [flags]
Examples
# Assume namespace admin in a cluster
$ wf assume namespace.admin
# You skip the prompts by supplying the known parameters
$ wf assume namespace.admin --cluster <name> --namespace <namespace>
# Use the parameter flag to fill in the option
$ wf assume namespace.admin --param=cluster=<name> --param=namespace=<name>
# Policies that target clusters can take a second or so for the policy
# to propagate - the default behaviour is to always wait. This can be changed with
$ wf assume --no-wait
Options
--cluster string Cluster name you wish to assume
--dry-run Shows the resource but does not apply or create
--expire duration Expiration of the role assumption (default 8h0m0s)
-h, --help help for assume
--namespace string Namespace you wish to assume into
Options inherited from parent commands
--debug Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within
SEE ALSO
- wf - wf provides a cli for Wayfinder