Bug 1843584

Summary: Specified verb does not exist
Product: OpenShift Container Platform Reporter: akretzsc
Component: DocumentationAssignee: Samantha Fortner <sfortner>
Status: CLOSED CURRENTRELEASE QA Contact: scheng
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.11.0CC: aos-bugs, jokerman
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-01 17:26:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description akretzsc 2020-06-03 15:22:40 UTC 
Document URL: https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#rbac-to-scc

Section Number and Name: Role-based access to SCCs

Describe the issue: Specified verb does not exist 'use'.

Suggestions for improvement: Reference the upstream k8s documentation [1] for a list of valid verbs.

```
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
```

Additional Information: Perhaps also document how users might obtain a list of valid verbs themselves via an API request using oc. This can be achieved using kubectl thus `kubectl get --raw /apis/v1`. As per [2].



- [1] https://kubernetes.io/docs/reference/access-authn-authz/rbac/
- [2] https://www.reddit.com/r/kubernetes/comments/dgf20r/kubernetes_rbac_verb_list/
Comment 1 akretzsc 2020-06-03 19:31:30 UTC 
Found another relevant section of the OCP docs.

- https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#evaluating-authorization
Comment 3 Samantha Fortner 2020-07-31 20:17:16 UTC 
I have corrected the verb list in the docs via the following PR: https://github.com/openshift/openshift-docs/pull/24388

There is a section at the bottom of the authorization docs on how to use "$ oc policy can-i <verb> <resource>" in order to get a list of verbs the user can perform.
https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#authorization-determining-what-you-can-do-as-an-authenticated-user
Comment 4 Samantha Fortner 2020-08-01 17:26:23 UTC 
The doc changes have been merged and verified.
https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#evaluating-authorization

Closing out this bug.