diff --git a/cmd/lookup_cmd.go b/cmd/lookup_cmd.go index 25fd034..1a6aee5 100644 --- a/cmd/lookup_cmd.go +++ b/cmd/lookup_cmd.go @@ -100,7 +100,11 @@ rbac-tool lookup -ne '^system:.*' } //Subject match - _, exist := perms.Roles[binding.Namespace] + roleNamespace := binding.Namespace + if binding.RoleRef.Kind == "ClusterRole" { + roleNamespace = "" + } + _, exist := perms.Roles[roleNamespace] if !exist { continue } @@ -108,6 +112,9 @@ rbac-tool lookup -ne '^system:.*' if binding.Namespace == "" { row := []string{subject.Name, subject.Kind, "ClusterRole", "", binding.RoleRef.Name} rows = append(rows, row) + } else if binding.Namespace != "" && roleNamespace == "" { + row := []string{subject.Name, subject.Kind, "ClusterRole", binding.Namespace, binding.RoleRef.Name} + rows = append(rows, row) } else { row := []string{subject.Name, subject.Kind, "Role", binding.Namespace, binding.RoleRef.Name} rows = append(rows, row)