Giters

alcideio / rbac-tool

Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Issues in rbac-tool visualize

ddalima opened this issue · comments

commented
  • ./rbac-tool viz creates an empty HTML file
  • ./rbac-tool viz --outformat dot still creates an HTML file (see output below):
[alcide-rbactool] Namespaces included '*'
[alcide-rbactool] Namespaces excluded 'kube-system'
[alcide-rbactool] Connecting to cluster ''
[alcide-rbactool] Generating Graph and Saving as 'rbac.html'
commented

@ddalima by default rbac-tool exclude kube-system as the command line output suggests

Usage:
  rbac-tool visualize [flags]

Aliases:
  visualize, vis, viz

Flags:
      --add_dir_header                   If true, adds the file directory to the header
      --alsologtostderr                  log to standard error as well as files
      --cluster-context string           Cluster Context .use 'kubectl config get-contexts' to list available contexts
      --exclude-namespaces string        Comma-delimited list of namespaces to include in the visualization (default "kube-system")
  -f, --file string                      Input File - use '-' to read from stdin
  -h, --help                             help for visualize
      --include-namespaces string        Comma-delimited list of namespaces to include in the visualization (default "*")
      --include-pods-only                Show the graph only for service accounts used by Pods
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --log_file string                  If non-empty, use this log file
      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --outfile string                   Output file (default "rbac.html")
      --outformat string                 Output format: dot or html (default "html")
      --show-legend                      Whether to show the legend or not (for dot format)
      --show-rules                       Whether to render RBAC access rules (e.g. "get pods") or not (default true)
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
  -v, --v Level                          number for the log level verbosity
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

Specifically: if you run with --exclude-namespaces="" is the output still empty?

commented

Yes, still empty also with --exclude-namespaces=""

commented

@ddalima thanks ... looks like there's an issue with the HTML rendering of graphviz