GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → FairwindsOps → Rbac Lookup

FairwindsOps / Rbac Lookup

Licence: apache-2.0
Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster

Programming Languages

go
31211 projects - #10 most used programming language

Labels

kubernetesauthorizationrbac

Projects that are alternatives of or similar to Rbac Lookup

Gorm Adapter
Gorm adapter for Casbin
Stars: ✭ 373 (-21.8%)
Mutual labels:  authorization, rbac
objection-authorize
isomorphic, "magical" authorization integration with Objection.js 🎉
Stars: ✭ 71 (-85.12%)
Mutual labels:  authorization, rbac
deflek
index and API RBAC for Elasticsearch and Kibana via reverse proxy. DEPRECATED
Stars: ✭ 13 (-97.27%)
Mutual labels:  authorization, rbac
Gatekeeper
Lightweight library in C# for implementing roles-based access control (RBAC). With Gatekeeper, you can define users, roles, resources, and permissions, and authorize requests.
Stars: ✭ 25 (-94.76%)
Mutual labels:  authorization, rbac
rbac-react-redux-aspnetcore
A starter template for creating JWT token from ASP.NET Core API project and applying that JWT token authentication on React application
Stars: ✭ 54 (-88.68%)
Mutual labels:  authorization, rbac
rbac-tool
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+14.47%)
Mutual labels:  authorization, rbac
dart-casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Dart/Flutter
Stars: ✭ 30 (-93.71%)
Mutual labels:  authorization, rbac
Chi Authz
chi-authz is an authorization middleware for Chi
Stars: ✭ 248 (-48.01%)
Mutual labels:  authorization, rbac
speedle-plus
Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.
Stars: ✭ 45 (-90.57%)
Mutual labels:  authorization, rbac
casbin-ex
An authorization library that supports access control models like ACL, RBAC, ABAC in Elixir
Stars: ✭ 37 (-92.24%)
Mutual labels:  authorization, rbac
tp5-rbac
一个tp5的RBAC库,使用composer来安装和更新你的项目对于RBAC的需求。同时支持jwt方式的验证。包含了RBAC需要的数据表的数据迁移,能够很方便的开始开发。
Stars: ✭ 69 (-85.53%)
Mutual labels:  authorization, rbac
sequelize-adapter
Sequelize adapter for Casbin
Stars: ✭ 51 (-89.31%)
Mutual labels:  authorization, rbac
Rbac
Hierarchical Role-Based Access Control for Node.js
Stars: ✭ 254 (-46.75%)
Mutual labels:  authorization, rbac
Casbin Rs
An authorization library that supports access control models like ACL, RBAC, ABAC in Rust.
Stars: ✭ 375 (-21.38%)
Mutual labels:  authorization, rbac
Yii2 Usuario
Highly customizable and extensible user management, authentication, and authorization Yii2 extension
Stars: ✭ 251 (-47.38%)
Mutual labels:  authorization, rbac
lua-casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Lua (OpenResty)
Stars: ✭ 43 (-90.99%)
Mutual labels:  authorization, rbac
Casbin Authz Plugin
Docker Authorization Plugin based on Casbin
Stars: ✭ 204 (-57.23%)
Mutual labels:  authorization, rbac
Caddy Authz
Caddy-authz is a middleware for Caddy that blocks or allows requests based on access control policies.
Stars: ✭ 221 (-53.67%)
Mutual labels:  authorization, rbac
react-rbac-ui-manager
react-rbac-ui-manager is a simple RBAC (Role Based Access Control) user interface library based on the material design system using the Material-UI lib.
Stars: ✭ 73 (-84.7%)
Mutual labels:  authorization, rbac
Casbin4D
An authorization library that supports access control models like ACL, RBAC, ABAC in Delphi
Stars: ✭ 25 (-94.76%)
Mutual labels:  authorization, rbac
View All Similar Projects ➔
RBAC Lookup

Go Report Card CircleCI codecov

RBAC Lookup is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name. Binaries are generated with goreleaser for each release for simple installation.

Want to learn more? Reach out on the Slack channel (request invite), send an email to [email protected], or join us for office hours on Zoom

Installation

Homebrew

brew install FairwindsOps/tap/rbac-lookup

Krew

kubectl krew install rbac-lookup

Usage

In the simplest use case, rbac-lookup will return any matching user, service account, or group along with the roles it has been given.

rbac-lookup rob

SUBJECT                   SCOPE             ROLE
[email protected]           cluster-wide      ClusterRole/view
[email protected]           nginx-ingress     ClusterRole/edit

The wide output option includes the kind of subject along with the source role binding.

rbac-lookup rob --output wide

SUBJECT                   SCOPE             ROLE                SOURCE
User/[email protected]      cluster-wide      ClusterRole/view    ClusterRoleBinding/rob-cluster-view
User/[email protected]      nginx-ingress     ClusterRole/edit    RoleBinding/rob-edit
User/[email protected]      web               ClusterRole/edit    RoleBinding/ron-edit
ServiceAccount/rops       infra             ClusterRole/admin   RoleBinding/rops-admin

It's also possible to filter output by the kind of RBAC Subject. The --kind or -k parameter accepts user, group, and serviceaccount as values.

rbac-lookup ro --output wide --kind user

SUBJECT                   SCOPE             ROLE                SOURCE
User/[email protected]      cluster-wide      ClusterRole/view    ClusterRoleBinding/rob-cluster-view
User/[email protected]      nginx-ingress     ClusterRole/edit    RoleBinding/rob-edit
User/[email protected]      web               ClusterRole/edit    RoleBinding/ron-edit

GKE IAM Integration

If you're connected to a GKE cluster, RBAC is only half the story here. Google Cloud IAM roles can grant cluster access. Cluster access is effectively determined by a union of IAM and RBAC roles. To see the relevant IAM roles along with RBAC roles, use the --gke flag.

rbac-lookup rob --gke

SUBJECT              SCOPE             ROLE
[email protected]      cluster-wide      ClusterRole/view
[email protected]      nginx-ingress     ClusterRole/edit
[email protected]      project-wide      IAM/gke-developer
[email protected]      project-wide      IAM/viewer

Of course this GKE integration also supports wide output, in this case referencing the specific IAM roles that are assigned to a user.

rbac-lookup rob --gke --output wide

SUBJECT                   SCOPE             ROLE                SOURCE
User/[email protected]      cluster-wide      ClusterRole/view    ClusterRoleBinding/rob-cluster-view
User/[email protected]      nginx-ingress     ClusterRole/edit    RoleBinding/rob-edit
User/[email protected]      project-wide      IAM/gke-developer   IAMRole/container.developer
User/[email protected]      project-wide      IAM/gcp-viewer      IAMRole/viewer

At this point this integration only supports standard IAM roles, and is not advanced enough to include any custom roles. For a full list of supported roles and how they are mapped, view lookup/gke_roles.go.

Flags Supported

      --context string      context to use for Kubernetes config
      --gke                 enable GKE integration
  -h, --help                help for rbac-lookup
  -k, --kind string         filter by this RBAC subject kind (user, group, serviceaccount)
      --kubeconfig string   config file location
  -o, --output string       output format (normal, wide)

RBAC Manager

While RBAC Lookup helps provide visibility into Kubernetes auth, RBAC Manager helps make auth simpler to manage. This is a Kubernetes operator that enables more concise RBAC configuration that is easier to scale and automate. For more information, see RBAC Manager on GitHub.

Contributing

License

Apache License 2.0

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].