Merge pull request #35 from Abirdcfly/master

Fixed lookup command to also show policy rules coming from clusterroles
alcideio · Aug 29, 2021 · 2beb5f6 · 2beb5f6
2 parents fe9c542 + e88b370
commit 2beb5f6
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/cmd/lookup_cmd.go b/cmd/lookup_cmd.go
@@ -100,14 +100,21 @@ rbac-tool lookup -ne '^system:.*'
 						}
 
 						//Subject match
-						_, exist := perms.Roles[binding.Namespace]
+						roleNamespace := binding.Namespace
+						if binding.RoleRef.Kind == "ClusterRole" {
+							roleNamespace = ""
+						}
+						_, exist := perms.Roles[roleNamespace]
 						if !exist {
 							continue
 						}
 
 						if binding.Namespace == "" {
 							row := []string{subject.Name, subject.Kind, "ClusterRole", "", binding.RoleRef.Name}
 							rows = append(rows, row)
+						} else if binding.Namespace != "" && roleNamespace == "" {
+							row := []string{subject.Name, subject.Kind, "ClusterRole", binding.Namespace, binding.RoleRef.Name}
+							rows = append(rows, row)
 						} else {
 							row := []string{subject.Name, subject.Kind, "Role", binding.Namespace, binding.RoleRef.Name}
 							rows = append(rows, row)