Merge pull request #41077 from deads2k/cli-01-cani

Automatic merge from submit-queue (batch tested with PRs 41814, 41922, 41957, 41406, 41077)

add kubectl can-i to see if you can perform an action

Adds `kubectl auth can-i <verb> <resource> [<name>]` so that a user can see if they are allowed to perform an action.

@kubernetes/sig-cli-pr-reviews @fabianofranz 

This particular command satisfies the immediate need of knowing if you can perform an action without trying that action.  When using RBAC in a script that is adding permissions, there is a lag between adding the permission and the permission being realized in the RBAC cache.  As a user on the CLI, you almost never see it, but as a script adding a binding and then using that new power, you hit it quite often.

There are natural follow-ons to the same area (hence the `auth` subcommand) to figure out if someone else can perform an action, what actions you can perform in total, and who can perform a given action.  Someone else is an API we have already, what-can-i-do was a proposed API a while back and a very useful one for interfaces, and who-can is common question if someone is administering a namespace.

docs/.generated_docs

@@ -15,6 +15,8 @@ docs/man/man1/kubectl-api-versions.1
 docs/man/man1/kubectl-apply-view-last-applied.1
 docs/man/man1/kubectl-apply.1
 docs/man/man1/kubectl-attach.1
+docs/man/man1/kubectl-auth-can-i.1
+docs/man/man1/kubectl-auth.1
 docs/man/man1/kubectl-autoscale.1
 docs/man/man1/kubectl-certificate-approve.1
 docs/man/man1/kubectl-certificate-deny.1
@@ -101,6 +103,8 @@ docs/user-guide/kubectl/kubectl_api-versions.md
 docs/user-guide/kubectl/kubectl_apply.md
 docs/user-guide/kubectl/kubectl_apply_view-last-applied.md
 docs/user-guide/kubectl/kubectl_attach.md
+docs/user-guide/kubectl/kubectl_auth.md
+docs/user-guide/kubectl/kubectl_auth_can-i.md
 docs/user-guide/kubectl/kubectl_autoscale.md
 docs/user-guide/kubectl/kubectl_certificate.md
 docs/user-guide/kubectl/kubectl_certificate_approve.md
@@ -183,6 +187,7 @@ docs/yaml/kubectl/kubectl_annotate.yaml
 docs/yaml/kubectl/kubectl_api-versions.yaml
 docs/yaml/kubectl/kubectl_apply.yaml
 docs/yaml/kubectl/kubectl_attach.yaml
+docs/yaml/kubectl/kubectl_auth.yaml
 docs/yaml/kubectl/kubectl_autoscale.yaml
 docs/yaml/kubectl/kubectl_certificate.yaml
 docs/yaml/kubectl/kubectl_cluster-info.yaml

docs/man/man1/kubectl-auth-can-i.1

@@ -0,0 +1,3 @@
+This file is autogenerated, but we've stopped checking such files into the
+repository to reduce the need for rebases. Please run hack/generate-docs.sh to
+populate this file.

docs/man/man1/kubectl-auth.1

@@ -0,0 +1,3 @@
+This file is autogenerated, but we've stopped checking such files into the
+repository to reduce the need for rebases. Please run hack/generate-docs.sh to
+populate this file.

docs/user-guide/kubectl/kubectl_auth.md

@@ -0,0 +1,3 @@
+This file is autogenerated, but we've stopped checking such files into the
+repository to reduce the need for rebases. Please run hack/generate-docs.sh to
+populate this file.

docs/user-guide/kubectl/kubectl_auth_can-i.md

@@ -0,0 +1,3 @@
+This file is autogenerated, but we've stopped checking such files into the
+repository to reduce the need for rebases. Please run hack/generate-docs.sh to
+populate this file.

docs/yaml/kubectl/kubectl_auth.yaml

@@ -0,0 +1,3 @@
+This file is autogenerated, but we've stopped checking such files into the
+repository to reduce the need for rebases. Please run hack/generate-docs.sh to
+populate this file.