Created
May 25, 2024 12:24
-
-
Save slmcmahon/973e32f589811e562f8b733f23b30f6c to your computer and use it in GitHub Desktop.
Displays the security groups that are associated with an AKS namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 0 ]; then | |
| # if no namespace was passed, then get the currently selected namespace | |
| ns=$(kubectl config get-contexts | awk '$1 == "*" {print $5}') | |
| else | |
| ns=$1 | |
| fi | |
| # get the rolebinding for the response matching ROLE = "Role/edit" | |
| rb=$(kubectl get rolebinding -n $ns | awk '$2 == "Role/edit" {print $1}') | |
| # get the subject 'name' value where apiGroup is 'rbac.authorization.k8s.io' | |
| gids=$(kubectl get rolebinding $rb -n $ns -o json | \ | |
| jq -r '.subjects[] | select(.apiGroup == "rbac.authorization.k8s.io" and .kind == "Group") | .name') | |
| # query Azure AD for the group matching that id and show the displayname. Note that you must have the | |
| # azure cli installed for this to work. | |
| for gid in $gids; do | |
| # Get the display name. If it doesn't exist, or if an error occurs, then set it to "Not found" | |
| displayName=$(az ad group show --group $gid --query 'displayName' -o tsv 2>/dev/null) | |
| if [ -z "$displayName" ]; then | |
| displayName="Not found" | |
| fi | |
| echo "Group ID: $gid, Display Name: $displayName" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment