* Added documentation

* Move to rbac-tool

.github/release-drafter.yml

@@ -21,14 +21,14 @@ template: |
 
     $CHANGES
 
-    ## rbac-minimize
+    ## rbac-tool
     Generate Role or ClusterRole resource while reducing the use of wildcards.
 
-    `rbac-minimize` read from the Kubernetes discovery API the available API Groups and resources,
+    `rbac-tool` read from the Kubernetes discovery API the available API Groups and resources,
     and based on the command line options, generate an explicit Role/ClusterRole that avoid wildcards
 
     Example:
 
     ```shell script
-    rbac-minimize  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
+    rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
     ```

.github/workflows/releasme.yml

@@ -45,8 +45,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: _dist/rbac-minimize-darwin-amd64.tar.gz
-          asset_name: rbac-minimize-darwin-amd64.tar.gz
+          asset_path: _dist/rbac-tool-darwin-amd64.tar.gz
+          asset_name: rbac-tool-darwin-amd64.tar.gz
           asset_content_type: application/octet-stream
 
       - name: Upload Release Asset (linux-386)
@@ -56,8 +56,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: _dist/rbac-minimize-linux-386.tar.gz
-          asset_name: rbac-minimize-linux-386.tar.gz
+          asset_path: _dist/rbac-tool-linux-386.tar.gz
+          asset_name: rbac-tool-linux-386.tar.gz
           asset_content_type: application/octet-stream
 
       - name: Upload Release Asset (linux-amd64)
@@ -67,8 +67,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: _dist/rbac-minimize-linux-amd64.tar.gz
-          asset_name: rbac-minimize-linux-amd64.tar.gz
+          asset_path: _dist/rbac-tool-linux-amd64.tar.gz
+          asset_name: rbac-tool-linux-amd64.tar.gz
           asset_content_type: application/octet-stream
 
       - name: Upload Release Asset (windows-amd6)
@@ -78,6 +78,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: _dist/rbac-minimize-windows-amd64.tar.gz
-          asset_name: rbac-minimize-windows-amd64.tar.gz
+          asset_path: _dist/rbac-tool-windows-amd64.tar.gz
+          asset_name: rbac-tool-windows-amd64.tar.gz
           asset_content_type: application/octet-stream

Makefile

@@ -7,7 +7,7 @@ DIST_DIRS   := find * -type d -exec
 # Go Targets darwin/amd64 linux/amd64 linux/386 linux/arm linux/arm64 linux/ppc64le linux/s390x windows/amd64
 TARGETS     := darwin/amd64 linux/amd64 linux/386 windows/amd64
 TARGET_OBJS ?= darwin-amd64.tar.gz darwin-amd64.tar.gz.sha256 darwin-amd64.tar.gz.sha256sum linux-amd64.tar.gz linux-amd64.tar.gz.sha256 linux-amd64.tar.gz.sha256sum linux-386.tar.gz linux-386.tar.gz.sha256 linux-386.tar.gz.sha256sum linux-arm.tar.gz linux-arm.tar.gz.sha256 linux-arm.tar.gz.sha256sum linux-arm64.tar.gz linux-arm64.tar.gz.sha256 linux-arm64.tar.gz.sha256sum linux-ppc64le.tar.gz linux-ppc64le.tar.gz.sha256 linux-ppc64le.tar.gz.sha256sum linux-s390x.tar.gz linux-s390x.tar.gz.sha256 linux-s390x.tar.gz.sha256sum windows-amd64.zip windows-amd64.zip.sha256 windows-amd64.zip.sha256sum
-BINNAME     ?= rbac-minimize
+BINNAME     ?= rbac-tool
 
 GOPATH        = $(shell go env GOPATH)
 DEP           = $(GOPATH)/bin/dep

README.md

@@ -1,26 +1,34 @@
-![Build](https://github.com/alcideio/rbac-minimize/workflows/Build/badge.svg)
+[![GitHub release][release-img]][release]
+![Build](https://github.com/alcideio/rbac-tool/workflows/Build/badge.svg)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
-<img src="rbac-minimize.png" alt="rbac-minimize" width="120"/>
+<img src="rbac-tool.png" alt="rbac-tool" width="120"/>
 
-# rbac-minimize
+# rbac-tool
+
+A collection of Kubernetes RBAC tools that complement the Kubernetes native capabilities
+
+- [Install](#install)
+- [The `rbac-tool gen` command](#-rbac-tool-gen-)
+   * [How the command works?](#how--rbac-tool--works-)
+   * [Command Line Examples](#command-line-examples)
+   * [Example Output](#example-output)
+- [Command Line Reference](#command-line-reference)
+- [Contributing](#contributing)
 
 ## Install
 
-From the [release](https://github.com/alcideio/rbac-minimize/releases) page
-```bash
-curl -LJO  https://github.com/alcideio/rbac-minimize/releases/download/v1.0.0/rbac-minimize-linux-amd64.tar.gz
-```
+Download the latest from the [release](https://github.com/alcideio/rbac-tool/releases) page
 
-Build from Source:
+Build from Source (*go 1.13*):
 
 ```shell script
-go get -u github.com/alcideio/rbac-minimize
-cd $(GOPATH)/src/github.com/alcideio/rbac-minimize
+go get -u github.com/alcideio/rbac-tool
+cd $(GOPATH)/src/github.com/alcideio/rbac-tool
 make get-deps build
 ```
 
-# Kubernetes RBAC
+## Kubernetes RBAC
 
 Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.
 RBAC authorization uses the `rbac.authorization.k8s.io` API group to drive authorization decisions, allowing you to dynamically configure policies through the Kubernetes API.
@@ -37,49 +45,49 @@ ClusterRoles have several uses. You can use a ClusterRole to:
 
 If you want to define a role within a namespace, use a Role; if you want to define a role cluster-wide, use a ClusterRole.
 
-**rbac-minimize** simplifies the creation process of RBAC policies and avoiding those wildcards `*` and it adapts to specific Kubernets API server
+**rbac-tool** simplifies the creation process of RBAC policies and avoiding those wildcards `*` and it adapts to specific Kubernets API server
 
 
-# How `rbac-minimize` can help?
+# `rbac-tool gen`
 
-Examples would be simplest way to describe how `rbac-minimize` can help:
+Examples would be simplest way to describe how `rbac-tool gen` can help:
 *  Generate a `ClusterRole` policy that allows to read everything **except** *secrets* and *services*
 *  Generate a `Role` policy that allows create,update,get,list  (read/write) everything **except** *secrets*, *services*, *ingresses*, *networkpolicies*
 *  Generate a `Role` policy that allows create,update,get,list  (read/write) everything **except** *statefulsets*
 
-`rbac-minimize` generate RBAC `Role` or RBAC `ClusterRole` resource while reducing the use of wildcards, and support **deny** semantics for specific Kubernetes clusters.
+`rbac-tool` generate RBAC `Role` or RBAC `ClusterRole` resource while reducing the use of wildcards, and support **deny** semantics for specific Kubernetes clusters.
 
-# How `rbac-minimize` works?
+### How `rbac-tool` works?
 
-`rbac-minimize` reads from the Kubernetes discovery API the available API Groups and resources, 
+`rbac-tool` reads from the Kubernetes discovery API the available API Groups and resources, 
 and based on the command line options, generate an explicit Role/ClusterRole that avoid wildcards.
 
 
-####  Command Line Examples
+###  Command Line Examples
 
 Examples generated against Kubernetes cluster v1.16 deployed using KIND. 
 
 > Generate a `ClusterRole` policy that allows to read everything **except** *secrets* and *services*
 ```bash
-rbac-minimize  gen  --deny-resources=secrets.,services. --allowed-verbs=get,list
+rbac-tool  gen  --deny-resources=secrets.,services. --allowed-verbs=get,list
 ```
 
 >  Generate a `Role` policy that allows create,update,get,list (read/write) everything **except** *secrets*, *services*, *networkpolicies* in *core*,*apps* & *networking.k8s.io* API groups
 ```bash
-rbac-minimize  gen --generated-type=Role --deny-resources=secrets.,services.,networkpolicies.networking.k8s.io --allowed-verbs=* --allowed-groups=,extensions,apps,networking.k8s.io
+rbac-tool  gen --generated-type=Role --deny-resources=secrets.,services.,networkpolicies.networking.k8s.io --allowed-verbs=* --allowed-groups=,extensions,apps,networking.k8s.io
 ```
 
 > Generate a `Role` policy that allows create,update,get,list  (read/write) everything **except** *statefulsets*
 ```bash
-rbac-minimize  gen --generated-type=Role --deny-resources=apps.statefulsets --allowed-verbs=* 
+rbac-tool  gen --generated-type=Role --deny-resources=apps.statefulsets --allowed-verbs=* 
 ```
 
 
-#### Example Output
+### Example Output
 
 >  Generate a `Role` policy that allows create,update,get,list (read/write) everything **except** *secrets*, *services*, *networkpolicies* in *core*,*apps* & *networking.k8s.io* API groups
 ```bash
-rbac-minimize  gen --generated-type=Role --deny-resources=secrets.,services.,networkpolicies.networking.k8s.io --allowed-verbs=* --allowed-groups=,extensions,apps,networking.k8s.io
+rbac-tool  gen --generated-type=Role --deny-resources=secrets.,services.,networkpolicies.networking.k8s.io --allowed-verbs=* --allowed-groups=,extensions,apps,networking.k8s.io
 ```
 
 ```yaml
@@ -139,19 +147,19 @@ rules:
 ```bash
 Generate Role or ClusterRole resource while reducing the use of wildcards.
 
-rbac-minimize read from the Kubernetes discovery API the available API Groups and resources, 
+rbac-tool read from the Kubernetes discovery API the available API Groups and resources, 
 and based on the command line options, generate an explicit Role/ClusterRole that avoid wildcards
 
 Examples:
 
 # Generate a Role with read-only (get,list) excluding secrets (core group) and ingresses (extensions group) 
-rbac-minimize gen --generated-type=Role --deny-resources=secrets.,ingresses.extensions --allowed-verbs=get,list
+rbac-tool gen --generated-type=Role --deny-resources=secrets.,ingresses.extensions --allowed-verbs=get,list
 
 # Generate a Role with read-only (get,list) excluding secrets (core group) from core group, admissionregistration.k8s.io,storage.k8s.io,networking.k8s.io
-rbac-minimize gen --generated-type=ClusterRole --deny-resources=secrets., --allowed-verbs=get,list  --allowed-groups=,admissionregistration.k8s.io,storage.k8s.io,networking.k8s.io
+rbac-tool gen --generated-type=ClusterRole --deny-resources=secrets., --allowed-verbs=get,list  --allowed-groups=,admissionregistration.k8s.io,storage.k8s.io,networking.k8s.io
 
 Usage:
-  rbac-minimize generate [flags]
+  rbac-tool generate [flags]
 
 Aliases:
   generate, gen
@@ -172,13 +180,13 @@ Flags:
 If you think you have found a bug please follow the instructions below.
 
 - Please spend a small amount of time giving due diligence to the issue tracker. Your issue might be a duplicate.
-- Open a [new issue](https://github.com/alcideio/rbac-minimize/issues/new) if a duplicate doesn't already exist.
+- Open a [new issue](https://github.com/alcideio/rbac-tool/issues/new) if a duplicate doesn't already exist.
 
 ### Features
 
-If you have an idea to enhance rbac-minimize follow the steps below.
+If you have an idea to enhance rbac-tool follow the steps below.
 
-- Open a [new issue](https://github.com/alcideio/rbac-minimize/issues/new).
+- Open a [new issue](https://github.com/alcideio/rbac-tool/issues/new).
 - Remember users might be searching for your issue in the future, so please give it a meaningful title to helps others.
 - Clearly define the use case, using concrete examples.
 - Feel free to include any technical design for your feature.

cmd/expand_cmd.go

@@ -16,7 +16,7 @@ package cmd
 //	"k8s.io/apimachinery/pkg/util/errors"
 //	"k8s.io/apimachinery/pkg/util/sets"
 //
-//	"github.com/alcideio/rbac-minimize/kube"
+//	"github.com/alcideio/rbac-tool/kube"
 //)
 //
 //func NewCommandExpandPolicyRules() *cobra.Command {
@@ -41,7 +41,7 @@ package cmd
 //Examples:
 //
 //# Generate a ClusterRole Read Only excluding secrets (core group) and apps (extensions group)
-//rbac-minimize expand -f rbac.yaml --expand-groups=,apps --expand-verbs=false
+//rbac-tool expand -f rbac.yaml --expand-groups=,apps --expand-verbs=false
 //
 //`,
 //		Hidden: false,

cmd/generate_cmd.go

@@ -15,7 +15,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apimachinery/pkg/util/sets"
 
-	"github.com/alcideio/rbac-minimize/kube"
+	"github.com/alcideio/rbac-tool/kube"
 )
 
 func NewCommandGenerateClusterRole() *cobra.Command {
@@ -35,16 +35,16 @@ func NewCommandGenerateClusterRole() *cobra.Command {
 		Long: `
 Generate Role or ClusterRole resource while reducing the use of wildcards.
 
-rbac-minimize read from the Kubernetes discovery API the available API Groups and resources, 
+rbac-tool read from the Kubernetes discovery API the available API Groups and resources, 
 and based on the command line options, generate an explicit Role/ClusterRole that avoid wildcards
 
 Examples:
 
 # Generate a Role with read-only (get,list) excluding secrets (core group) and ingresses (extensions group) 
-rbac-minimize gen --generated-type=Role --deny-resources=secrets.,ingresses.extensions --allowed-verbs=get,list
+rbac-tool gen --generated-type=Role --deny-resources=secrets.,ingresses.extensions --allowed-verbs=get,list
 
 # Generate a Role with read-only (get,list) excluding secrets (core group) from core group, admissionregistration.k8s.io,storage.k8s.io,networking.k8s.io
-rbac-minimize gen --generated-type=ClusterRole --deny-resources=secrets., --allowed-verbs=get,list  --allowed-groups=,admissionregistration.k8s.io,storage.k8s.io,networking.k8s.io
+rbac-tool gen --generated-type=ClusterRole --deny-resources=secrets., --allowed-verbs=get,list  --allowed-groups=,admissionregistration.k8s.io,storage.k8s.io,networking.k8s.io
 
 
 `,

go.mod

@@ -1,4 +1,4 @@
-module github.com/alcideio/rbac-minimize
+module github.com/alcideio/rbac-tool
 
 go 1.13
 

main.go

@@ -5,15 +5,15 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/alcideio/rbac-minimize/cmd"
+	"github.com/alcideio/rbac-tool/cmd"
 	"github.com/spf13/cobra"
 )
 
 func RbacGenCmd() *cobra.Command {
 	var RootCmd = &cobra.Command{
-		Use:   "rbac-minimize",
-		Short: "rbac-minimize",
-		Long:  `rbac-minimize`,
+		Use:   "rbac-tool",
+		Short: "rbac-tool",
+		Long:  `rbac-tool`,
 	}
 
 	var genBashCompletionCmd = &cobra.Command{