Related to checking API access described here.
# parameters (check './main -h')
--dir <path_to_json>
--ns <namespace>
--run-outside-k-cluster true
# admin example
$ ./main --dir template.json --ns kube-system --run-outside-k-cluster true
2019/08/02 16:07:44 Init namespace: kube-system
2019/08/02 16:07:44 K8s version: v1.13.5
2019/08/02 16:07:44 User can /create/ a /deployments/, status: ALLOWED
2019/08/02 16:07:44 User can /create/ a /pods/, status: ALLOWED
2019/08/02 16:07:44 User can /get/ a /deployments/, status: ALLOWED
2019/08/02 16:07:44 User can /get/ a /pods/, status: ALLOWED
$ kubectl apply -f rbac.yml
$ kubectl --as=system:serviceaccount:default:michal -n kube-system get deployments
# test SA permission in the default namespace
$ ./main --dir template.json --run-outside-k-cluster true
2019/08/02 16:09:53 Init namespace: default
2019/08/02 16:09:53 K8s version: v1.13.5
2019/08/02 16:09:53 User can /create/ a /deployments/, status: ALLOWED
2019/08/02 16:09:53 User can /create/ a /pods/, status: NOTALLOWED
2019/08/02 16:09:54 User can /get/ a /deployments/, status: ALLOWED
2019/08/02 16:09:54 User can /get/ a /pods/, status: NOTALLOWED