From e88b370b71a1146e113f9661e5f5fb70c38a8cb9 Mon Sep 17 00:00:00 2001
From: Abirdcfly <fp544037857@gmail.com>
Date: Tue, 24 Aug 2021 23:01:05 +0800
Subject: [PATCH] lookup can find rolebinding with roleRef.kind is Clusterrole

---
 cmd/lookup_cmd.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/lookup_cmd.go b/cmd/lookup_cmd.go
index 25fd034..1a6aee5 100644
--- a/cmd/lookup_cmd.go
+++ b/cmd/lookup_cmd.go
@@ -100,7 +100,11 @@ rbac-tool lookup -ne '^system:.*'
 						}
 
 						//Subject match
-						_, exist := perms.Roles[binding.Namespace]
+						roleNamespace := binding.Namespace
+						if binding.RoleRef.Kind == "ClusterRole" {
+							roleNamespace = ""
+						}
+						_, exist := perms.Roles[roleNamespace]
 						if !exist {
 							continue
 						}
@@ -108,6 +112,9 @@ rbac-tool lookup -ne '^system:.*'
 						if binding.Namespace == "" {
 							row := []string{subject.Name, subject.Kind, "ClusterRole", "", binding.RoleRef.Name}
 							rows = append(rows, row)
+						} else if binding.Namespace != "" && roleNamespace == "" {
+							row := []string{subject.Name, subject.Kind, "ClusterRole", binding.Namespace, binding.RoleRef.Name}
+							rows = append(rows, row)
 						} else {
 							row := []string{subject.Name, subject.Kind, "Role", binding.Namespace, binding.RoleRef.Name}
 							rows = append(rows, row)