AWRBACS

AWACS for RBAC. Tool for auditing CRUD permissions in Kubernetes' RBAC.

Install

git clone https://github.com/lobuhi/awrbacs
cd awrbacs
go build .

How to

Usage of ./awrbacs:

  -as value
        Usernames to impersonate
  -auto
        Automatically enumerate all Users and ServiceAccounts in RoleBindings and ClusterRoleBindings
  -f string
        Path to a file containing a list of users to check
  -kubeconfig string
        Path to the kubeconfig file (default "$HOME/.kube/config")
  -no-kube-system
        Do not check system:* users nor ServiceAccounts in kube-system.
  -sa value
        Service accounts to impersonate in the format namespace:serviceaccount
  -self
        Use current kubeconfig context

Examples:

Test multiple users and serviceaccounts:

awrbacs -sa kube-system:root-ca-cert-publisher -as jane -sa kube-system:replicaset-controller -sa prod:prod-sa -as bob

Find subjects defined in RoleBindings and ClusterRoleBindings and omit those users defined as system:* or serviceaccounts in kube-system namespace:

awrbacs -auto --no-kube-system

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
README.md		README.md
awrbacs_logo.png		awrbacs_logo.png
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AWRBACS

Install

How to

About

Releases

Packages

Languages

lobuhi/awrbacs

Folders and files

Latest commit

History

Repository files navigation

AWRBACS

Install

How to

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages