kor icon indicating copy to clipboard operation
kor copied to clipboard

Published 20 hours ago verified publisher icon yonahd

Feat: Discover unused RoleBindings

Open nati-elmaliach opened this issue 5 months ago • 1 comments

What this PR does / why we need it?

This is a partial PR as I ran into challenges validating whether User or Group subjects exist. As you likely know, Kubernetes doesn’t store user or group information in its resources. I could use your input—am I missing something? How can we reliably verify the existence of a user or group?

Currently, a RoleBinding is considered unused if it references a non-existent Role, ClusterRole, or if none of its ServiceAccount subjects are valid.

We might consider merging this PR as is and opening a separate issue to address User and Group validation—I'll leave that decision to you.

PR Checklist

  • [ ] This PR adds K8s exceptions (false positives)
  • [x] This PR adds new code
  • [x] This PR includes tests for new/existing code
  • [ ] This PR adds docs

GitHub Issue

Closes #334

Notes for your reviewers

rolebinding-feature

nati-elmaliach avatar Sep 30 '24 14:09 nati-elmaliach