Skip to content

Commit

Permalink
Show [Cluster]RoleBinding in rbac-tool lookup (#96)
Browse files Browse the repository at this point in the history 
* Show [Cluster]RoleBinding in rbac-tool lookup

* update document
  • Loading branch information
@cr7258
cr7258 authored Jan 8, 2024
1 parent b408c90 commit fb6b567
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 16 deletions.
25 changes: 13 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,18 +169,19 @@ rbac-tool lookup -e '.*myname.*'

```shell script
rbac-tool lookup -e '^system:'
SUBJECT | SUBJECT TYPE | SCOPE | NAMESPACE | ROLE
+-------------------------------------------------+--------------+-------------+-------------+----------------------------------------------------------------------+
system:anonymous | User | Role | kube-public | kubeadm:bootstrap-signer-clusterinfo
system:authenticated | Group | ClusterRole | | system:discovery
system:authenticated | Group | ClusterRole | | system:public-info-viewer
system:authenticated | Group | ClusterRole | | system:basic-user
system:bootstrappers:kubeadm:default-node-token | Group | ClusterRole | | system:certificates.k8s.io:certificatesigningrequests:nodeclient
system:bootstrappers:kubeadm:default-node-token | Group | ClusterRole | | system:node-bootstrapper
system:bootstrappers:kubeadm:default-node-token | Group | Role | kube-system | kubeadm:nodes-kubeadm-config
system:bootstrappers:kubeadm:default-node-token | Group | Role | kube-system | kubeadm:kubelet-config-1.16
system:bootstrappers:kubeadm:default-node-token | Group | Role | kube-system | kube-proxy
system:kube-controller-manager | User | ClusterRole | | system:kube-controller-manager
SUBJECT | SUBJECT TYPE | SCOPE | NAMESPACE | ROLE | BINDING
+-------------------------------------------------+--------------+-------------+-------------+----------------------------------------------------------------------+---------------------------------------------------+
system:anonymous | User | Role | kube-public | kubeadm:bootstrap-signer-clusterinfo | kubeadm:bootstrap-signer-clusterinfo
system:authenticated | Group | ClusterRole | | system:basic-user | system:basic-user
system:authenticated | Group | ClusterRole | | system:public-info-viewer | system:public-info-viewer
system:authenticated | Group | ClusterRole | | system:discovery | system:discovery
system:bootstrappers:kubeadm:default-node-token | Group | ClusterRole | | kubeadm:get-nodes | kubeadm:get-nodes
system:bootstrappers:kubeadm:default-node-token | Group | ClusterRole | | system:node-bootstrapper | kubeadm:kubelet-bootstrap
system:bootstrappers:kubeadm:default-node-token | Group | ClusterRole | | system:certificates.k8s.io:certificatesigningrequests:nodeclient | kubeadm:node-autoapprove-bootstrap
system:bootstrappers:kubeadm:default-node-token | Group | Role | kube-system | kube-proxy | kube-proxy
system:bootstrappers:kubeadm:default-node-token | Group | Role | kube-system | kubeadm:nodes-kubeadm-config | kubeadm:nodes-kubeadm-config
system:bootstrappers:kubeadm:default-node-token | Group | Role | kube-system | kubeadm:kubelet-config | kubeadm:kubelet-config
system:kube-controller-manager | User | ClusterRole | | system:kube-controller-manager | system:kube-controller-manager
...
```

Expand Down
8 changes: 4 additions & 4 deletions cmd/lookup_cmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ rbac-tool lookup -ne '^system:.*'
}

table := tablewriter.NewWriter(os.Stdout)
table.SetHeader([]string{"SUBJECT", "SUBJECT TYPE", "SCOPE", "NAMESPACE", "ROLE"})
table.SetHeader([]string{"SUBJECT", "SUBJECT TYPE", "SCOPE", "NAMESPACE", "ROLE", "BINDING"})
table.SetHeaderAlignment(tablewriter.ALIGN_LEFT)
table.SetBorder(false)
table.SetAlignment(tablewriter.ALIGN_LEFT)
Expand Down Expand Up @@ -110,13 +110,13 @@ rbac-tool lookup -ne '^system:.*'
}

if binding.Namespace == "" {
row := []string{subject.Name, subject.Kind, "ClusterRole", "", binding.RoleRef.Name}
row := []string{subject.Name, subject.Kind, "ClusterRole", "", binding.RoleRef.Name, binding.Name}
rows = append(rows, row)
} else if binding.Namespace != "" && roleNamespace == "" {
row := []string{subject.Name, subject.Kind, "ClusterRole", binding.Namespace, binding.RoleRef.Name}
row := []string{subject.Name, subject.Kind, "ClusterRole", binding.Namespace, binding.RoleRef.Name, binding.Name}
rows = append(rows, row)
} else {
row := []string{subject.Name, subject.Kind, "Role", binding.Namespace, binding.RoleRef.Name}
row := []string{subject.Name, subject.Kind, "Role", binding.Namespace, binding.RoleRef.Name, binding.Name}
rows = append(rows, row)
}
}
Expand Down

0 comments on commit fb6b567

Please sign in to comment.