diff --git a/README.md b/README.md index d0b4fd1..9daeab6 100644 --- a/README.md +++ b/README.md @@ -159,15 +159,21 @@ Examples: ```shell script # Search All Service Accounts -rbac-tool lookup -e '.*' +rbac-tool lookup ``` ```shell script -# Search All Service Accounts That Contains myname +# Search Service Accounts that match myname exactly +rbac-tool lookup myname +``` + +```shell script +# Search All Service Accounts that contain myname rbac-tool lookup -e '.*myname.*' ``` ```shell script +# Lookup System Accounts (all accounts that start with system: ) rbac-tool lookup -e '^system:' SUBJECT | SUBJECT TYPE | SCOPE | NAMESPACE | ROLE | BINDING +-------------------------------------------------+--------------+-------------+-------------+----------------------------------------------------------------------+---------------------------------------------------+ diff --git a/cmd/lookup_cmd.go b/cmd/lookup_cmd.go index e4da493..2d87f86 100644 --- a/cmd/lookup_cmd.go +++ b/cmd/lookup_cmd.go @@ -30,7 +30,10 @@ A Kubernetes RBAC lookup of Roles/ClusterRoles used by a given User/ServiceAccou Examples: # Search All Service Accounts -rbac-tool lookup -e '.*' +rbac-tool lookup + +# Search Service Accounts that match myname exactly +rbac-tool lookup myname # Search All Service Accounts that contain myname rbac-tool lookup -e '.*myname.*' @@ -47,14 +50,17 @@ rbac-tool lookup -ne '^system:.*' var re *regexp.Regexp var err error - if regex != "" { - re, err = regexp.Compile(regex) - } else { - if len(args) != 1 { - re, err = regexp.Compile(fmt.Sprintf(`.*`)) + if regex == "" { + if len(args) == 1 { + // exact match + re, err = regexp.Compile(fmt.Sprintf(`^%v$`, args[0])) } else { - re, err = regexp.Compile(fmt.Sprintf(`(?mi)%v`, args[0])) + // search all service accounts + re, err = regexp.Compile(fmt.Sprintf(`.*`)) } + } else { + // regex match + re, err = regexp.Compile(regex) } if err != nil {