Differentiate between namespaced and cluster-wide access generation

[kwiatekus]

Description

Improve the API of alpha kubeconfig generate for service account based access.
Make it clear when the access will be generated namespaced and when cluster-wide.
For example:

# generate a permanent access (kubeconfig) for a new or existing ServiceAccount and a namespaced binding to a given ClusterRole
  kyma alpha kubeconfig generate --serviceaccount <sa_name> --clusterrole <cr_name> --namespace <ns_name> --permanent

# generate time-constrained access (kubeconfig) for a new or existing ServiceAccount and a cluster-wide binding to a given ClusterRole
  kyma alpha kubeconfig generate --serviceaccount <sa_name> --clusterrole <cr_name> --namespace <ns_name> --cluster-wide --time 2h

Reasons

The intension of alpha kubeconfig generate with namespace flag is confusing as it suggests that the generated access should be limited to the namespace scope.

[ptesny]

@kwiatekus

what about if the rolebinding for a service account user for a given cluster role does already exist in the namespace?
would it hurt to have 2 different role bindings in the namespace with the service count user present in the either with the same role ref ?

let's say there is an existing role binding in the namespace and the service account user is bound there with a different role ref already....a role which maybe the same as the --clusterrole <cr_name> or different, either stronger or weaker...
from what I can see the stronger role will always prevail...

[kwiatekus]

@ptesny the kubeconfig in such case will give the priviliges that is the sum of all bound roles to the given subaccount.
I'm thinking that we could make the role optional.. and do not bind anything extra if not required by the user.
For example, the simplest execution could be like :
kyma alpha kubeconfig generate --serviceaccount <sa_name> --namespace <ns_name>

[kwiatekus]

kyma  kubeconfig generate --serviceaccount <sa_name> [--namespace <ns_name>]  [--with-cluster-role <cr_name>] [--cluster-wide] [--time 2h]