Is your feature request related to a problem? Please describe.
We want to get a summary of the permission that can be done for a user. I am not sure if this is the goal of the project or if you are aware of another project that would fit more our needs.

It would be nice if we would be able to do something like kubectl rolesum -K User <username> -K Group <group1> -K Group <group2> to combine the results of different groups. We use OIDC to authenticate to our cluster and users have multiple groups.

Describe the solution you'd like
New parameters for group and user could be used instead of a global kind.

• kubectl rolesum -G <group1,group2> -U <[email protected]> to get groups and/or user
• Only -G would allow for a list since 2 users does not make sense
• -G and -U cannot be combined with ServiceAccount
• kubectl rolesum <serviceAccount> can still be used to query SA.
• -K <kind> parameter can still be used for backward, but cannot be combined with -G or -U

Describe alternatives you've considered
Use another tool for that usecase if you know one!

Hi, can you make your plugin available on Krew?

When I try to run:

kubectl rolesum -k Group system:authenticated

I am getting:

Error: an empty namespace may not be set when a resource name is provided.

Also, I tried adding namespace with -n <namespace> but no difference.

rolesum version: 1.4.0
kubectl version: 1.17.1

when verbs is '*', expect to see checks (✔) of each privileges under "G L W C U P D DC"

Describe the bug

brew install Ladicle/kubectl-bindrole/kubectl-rolesum
Updating Homebrew...
==> Installing kubectl-rolesum from ladicle/kubectl-bindrole
==> Downloading https://github.com/Ladicle/kubectl-rolesum/releases/download/v1.4.0/kube
==> Downloading from https://github-production-release-asset-2e65be.s3.amazonaws.com/186
######################################################################## 100.0%
Error: SHA256 mismatch
Expected: aaa1780cdef58cb7711a323af7d78bf8ab1b637ebab2bab9fd969dcfc8514a79
  Actual: f5fc2ab889bb0ddf47bc9e467eb6517ea7c876f7262a016d0658e15fd11aa366
 Archive: /Users/mederyfm/Library/Caches/Homebrew/downloads/f3f65ed2aaf6907c7ca0cbca91eb94eb8e50309024ae30539745995411921682--kubectl-rolesum_darwin-amd64.tar.gz
To retry an incomplete download, remove the file above.
``

**To Reproduce**
Steps to reproduce the behavior:
1. `brew install Ladicle/kubectl-bindrole/kubectl-rolesum`

**Expected behavior**
Installation of kubectl-rolesum

Describe the bug
I used kubectl-bindrole command for kubernetes running on GCP.
But, The following error occurred.

Error: No Auth Provider found for name "gcp"

Expected behavior
kubectl-bindrole works properly

Desktop (please complete the following information):

• OS: macOS

Describe the bug
If a group has role binding to a role, command will fail with the following error.

 > Error: an empty namespace may not be set when a resource name is provided.
 > Run kubectl rolesum -h command for the usage.

Might be the same as the following issue.
#24

To Reproduce
Steps to reproduce the behavior:

1. Create a role.
2. Create a role binding to the role with Group.
3. Use rolesum to look for the summary for the Group.

Expected behavior
The summary for the Group should be shown.

Screenshots
None

Desktop (please complete the following information):

• OS: Ubuntu
• Kubernetes: 1.18.2
• Version: 1.5.0

Additional context
Add any other context about the problem here.

Would be awesome to add Homebrew support so as new versions are released it will be easier to upgrade to that newer version as well as making it easier for new users to download the utility for the first time.

Describe the bug

Installing via krew fails on Apple M1.

To Reproduce
Steps to reproduce the behavior:

1. Have a machine with Arm processor :-)
2. Run kubectl krew install rolesum
3. See error

$ kubectl krew install rolesum
Updated the local copy of plugin index.
Installing plugin: rolesum
W0528 09:40:35.196321   10093 install.go:164] failed to install plugin "rolesum": plugin "rolesum" does not offer installation for this platform
failed to install some plugins: [rolesum]: plugin "rolesum" does not offer installation for this platform

Expected behavior
rolesum should be installed correctly.

Laptop (please complete the following information):

• Chip: Apple M1 Max
• Processor: arm64
• OS: macOS monterey 12.1

Additional context

Installation via homebrew works as expected.

Is your feature request related to a problem? Please describe.
support OIDC auth provider

It failed to release the latest version v1.5.6.

https://github.com/Ladicle/kubectl-rolesum/releases/tag/v1.5.6

https://github.com/Ladicle/kubectl-rolesum/actions/runs/8730791354/job/23955176692

Run echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: your account must log in with a Personal Access Token (PAT) - learn more at docs.docker.com/go/access-tokens
Error: Process completed with exit code 1.

Error response from daemon: Get "https://registry-1.docker.io/v2/":
unauthorized: your account must log in with a Personal Access Token (PAT)

https://docs.docker.com/security/for-developers/access-tokens/

Is your feature request related to a problem? Please describe.
When I'm debugging RBAC issues, rolesum gives me almost everything I need, but it doesn't display which rolebindings or clusterrolebindings are binding the roles and clusterroles.

Describe the solution you'd like
Instead of

• Name: sample-namespace/sample-role
...
• Name: */sample-cluster-role
...
• Name: */sample-cluster-role2

It might be nice to see something like this:

• RB sample-namespace/sample-role-rolebinding ==> R sample-namespace/sample-role
...
• RB sample-namespace/sample-clusterrole-rolebinding ==> CR */sample-cluster-role
...
• CRB */sample-clusterrolebinding ==> CR */sample-cluster-role2

In other words, you could see if the policies are coming from a clusterrole or a role (and which one it is), and whether the binding is a rolebinding or a clusterrolebinding (and which one it is).

It seems like some of the information is indirectly available in the current rolesum output:

• if the Name starts with "*/", it's a ClusterRole; if it starts with a namespace name, then it's a Role
• if the resources have a ".*" on the end, it is a ClusterRoleBinding, otherwise it's a RoleBinding

But that's a little less explicit, and it doesn't tell you exactly which resource is doing the binding.

Hi, I'm looking for something like this, the screenshot looks really good but I can't try this out without recompiling on Apple Silicon. Would you support darwin arm64 builds? Thanks!

Describe the bug

$ ~/Downloads/kubectl-bindrole_darwin_amd64
zsh: exec format error: /Users/joe/Downloads/kubectl-bindrole_darwin_amd64

$ file ~/Downloads/kubectl-bindrole_darwin_amd64
/Users/joe/Downloads/kubectl-bindrole_darwin_amd64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped

$ md5sum ~/Downloads/kubectl-bindrole*
2d71173f19cd5505451cee37da873dff  /Users/joe/Downloads/kubectl-bindrole_darwin_amd64
2d71173f19cd5505451cee37da873dff  /Users/joe/Downloads/kubectl-bindrole_linux_amd64

Is your feature request related to a problem? Please describe.
When we perform a kubectl rolesum -k Group or kubectl rolesum -K User, the RoleBindings in the current namespace are not returned.

Describe the solution you'd like

• When -n <namespace> is specified or the current context has a namespace, the command should return the ClusterRoleBindings and the RoleBindings.
• When a namespace is not set, only ClusterRoleBindings are returned.

Describe alternatives you've considered

• A flag could be added to ignore namespace --ignore-namespace | --cluster-only in case we cannot know if a namespace is set or not.

Additional context
We were trying to use the extension to summarize the permission of an user or AD group. Most of the permissions are given at the namespace level.

Problem started after fix for #29