Show [Cluster]RoleBinding in rbac-tool lookup

Question

Show [Cluster]RoleBinding in rbac-tool lookup

lbogdan opened this issue 2 years ago · 3 comments

Not sure if a question or an enhancement request, but I was a bit surprised to see that the rbac-tool lookup output doesn't show the corresponding [Cluster]RoleBindings associating the given ServiceAccount with the outputted [Cluster]Roles. I've looked at rbac-tool lookup --help, but didn't see anything relevant. Is this not possible currently?

My use case is that I already know what [Cluster]Roles the ServiceAccount is associated with, but I don't know from which [Cluster]RoleBindings, if that makes sense.

Answer 1 · 2023-02-18T12:45:10.000Z

@lbogdan - the lookup command only lists the [Cluster]Roles associated with the selected ServiceAccounts/Users/Groups.

The visualize command (viz) should give a detailed graph view of the full RBAC object relationships . You should be able to run it against specific namespace to focus on the portion you are interested .

Answer 2 · 2023-02-18T12:54:26.000Z

Thanks for the quick reply!

Why I was surprised is because to get the associated [Cluster]Roles you have to first get the [Cluster]RoleBindings (or am I wrong here?), so it should be just a matter of displaying them.

Answer 3 · 2024-01-08T11:34:09.000Z

v1.15.0 add support for this functionality