Properly fix bug where Roles were shown as missing although they existed

parse.go

@@ -58,31 +58,9 @@ func (r *Rback) parseRBAC(reader io.Reader) (err error) {
 			log.Printf("Ignoring resource kind %s", kind)
 		}
 	}
-
-	// resolve Role references in bindings (a Binding's roleRef references either a Role in the same namespace as the Binding, or a ClusterRole; this code finds the actual (Cluster)Role)
-	for ns, bindings := range r.permissions.RoleBindings {
-		for _, binding := range bindings {
-			binding.role = r.resolveRoleRef(binding.role.name, ns)
-			r.permissions.RoleBindings[ns][binding.name] = binding
-		}
-	}
 	return nil
 }
 
-func (r *Rback) resolveRoleRef(roleName string, bindingNamespace string) NamespacedName {
-	if roles, found := r.permissions.Roles[bindingNamespace]; found {
-		if role, found := roles[roleName]; found {
-			return role.NamespacedName
-		}
-	}
-	if roles, found := r.permissions.Roles[""]; found { // find in cluster roles
-		if role, found := roles[roleName]; found {
-			return role.NamespacedName
-		}
-	}
-	return NamespacedName{bindingNamespace, roleName}
-}
-
 func (r *Rback) shouldIgnore(name string) bool {
 	for _, prefix := range r.config.ignoredPrefixes {
 		if strings.HasPrefix(name, prefix) {
@@ -136,9 +114,17 @@ func (r *Rback) toBinding(rawBinding map[string]interface{}) Binding {
 			}
 		}
 	}
+
+	bindingNn := getNamespacedName(getMetadata(rawBinding))
+
+	roleRef := rawBinding["roleRef"].(map[string]interface{})
+	role := getNamespacedName(roleRef) // note: namespace is always "", since there is no namespace field in roleRef
+	if roleRef["kind"].(string) == "Role" {
+		role.namespace = bindingNn.namespace
+	}
 	return Binding{
-		NamespacedName: getNamespacedName(getMetadata(rawBinding)),
-		role:           getNamespacedName(rawBinding["roleRef"].(map[string]interface{})), // NOTE: there's no namespace field in roleRef, so namespace is always ""
+		NamespacedName: bindingNn,
+		role:           role,
 		subjects:       subjects,
 	}
 }