Merge pull request #46 from mkgrei/add-cluster-only-flag

Explicitly ignore namespaced Roles
Ladicle · Apr 18, 2024 · 59f2455 · 59f2455
2 parents 20357e6 + bfeaca2
commit 59f2455
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -54,6 +54,7 @@ Options:
   -n, --namespace string       Change the namespace scope for this CLI request
   -k, --subject-kind string    Set SubjectKind to summarize (default: ServiceAccount)
   -o, --options                List of all options for this command
+  -c, --cluster-only           Ingore namespaced Roles and show only ClusterRoles
       --version                Show version for this command
 
 Use "kubectl rolesum --options" for a list of all options (applies to this command).

diff --git a/cmd/cmd.go b/cmd/cmd.go
@@ -43,6 +43,7 @@ type Option struct {
 	SubjectKind    string
 	SubjectName    string
 	ShowOptionFlag bool
+	ClusterOnly    bool
 
 	f cmdutil.Factory
 }
@@ -77,6 +78,7 @@ func NewRolesumCmd() *cobra.Command {
 	opt.f = cmdutil.NewFactory(matchVersionFlags)
 
 	cmd.Flags().StringVarP(&opt.SubjectKind, "subject-kind", "k", subject.KindSA, "Set SubjectKind to summarize")
+	cmd.Flags().BoolVarP(&opt.ClusterOnly, "cluster-only", "c", false, "Ignore namespaced Roles")
 	cmd.Flags().BoolVarP(&opt.ShowOptionFlag, "options", "o", false, "List of all options for this command")
 
 	return cmd
@@ -110,15 +112,13 @@ func (o *Option) Run() error {
 		Name: o.SubjectName,
 		Kind: o.SubjectKind,
 	}
-	namespaced := false
-	if sub.Kind == subject.KindSA {
+	if !o.ClusterOnly {
 		k8sCfg := o.f.ToRawKubeConfigLoader()
 		ns, _, err := k8sCfg.Namespace()
 		if err != nil {
 			return err
 		}
 		sub.Namespace = ns
-		namespaced = true
 	}
 
 	client, err := o.f.KubernetesClientSet()
@@ -128,7 +128,7 @@ func (o *Option) Run() error {
 
 	exp := explorer.NewPolicyExplorer(client)
 	var nsp []*explorer.SubjectRole
-	if namespaced {
+	if !o.ClusterOnly {
 		nsp, err = exp.NamespacedSbjRoles(ctx, sub)
 		if err != nil {
 			return err
@@ -158,7 +158,7 @@ func (o *Option) Run() error {
 
 	pp.BlankLine()
 	pp.PrintHeader("Policies")
-	if namespaced {
+	if !o.ClusterOnly {
 		pp.PrintPolicies(nsp)
 		pp.BlankLine()
 	}

diff --git a/pkg/util/cmd/usage.go b/pkg/util/cmd/usage.go
@@ -29,6 +29,7 @@ Available Commands:{{range .Commands}}{{if (or .IsAvailableCommand (eq .Name "he
   -n, --namespace string       Change the namespace scope for this CLI request
   -k, --subject-kind string    Set SubjectKind to summarize (default: ServiceAccount)
   -o, --options                List of all options for this command
+  -c, --cluster-only           Ingore namespaced Roles and show only ClusterRoles
       --version                Show version for this command
 
 Use "kubectl rolesum --options" for a list of all options (applies to this command).

diff --git a/test.sh b/test.sh
@@ -73,4 +73,7 @@ echo; echo "Test..."
 echo; echo "Test[Group]..."
 ./_output/kubectl-rolesum -k Group developer
 
+echo; echo "Test[Group w/ ClusterOnly]..."
+./_output/kubectl-rolesum -k Group developer -c
+
 ./clean.sh