fix: checking namespace when fetching roles/rolebindings for the service account (#67)

horis233 · web-flow · commit b66fb33dd826 · 2021-02-01T07:31:24.000+08:00
diff --git a/controllers/namespacescope_controller.go b/controllers/namespacescope_controller.go
@@ -495,7 +495,7 @@ func (r *NamespaceScopeReconciler) GetRolesFromServiceAccount(sa string, namespa
 	var roleNameList []string
 	for _, roleBinding := range roleBindings.Items {
 		for _, subject := range roleBinding.Subjects {
-			if subject.Name == sa && subject.Kind == "ServiceAccount" {
+			if subject.Name == sa && subject.Kind == "ServiceAccount" && subject.Namespace == namespace {
 				roleNameList = append(roleNameList, roleBinding.RoleRef.Name)
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -495,7 +495,7 @@ func (r *NamespaceScopeReconciler) GetRolesFromServiceAccount(sa string, namespa`
`495`	`495`	`var roleNameList []string`
`496`	`496`	`for _, roleBinding := range roleBindings.Items {`
`497`	`497`	`for _, subject := range roleBinding.Subjects {`
`498`		`- if subject.Name == sa && subject.Kind == "ServiceAccount" {`
	`498`	`+ if subject.Name == sa && subject.Kind == "ServiceAccount" && subject.Namespace == namespace {`
`499`	`499`	`roleNameList = append(roleNameList, roleBinding.RoleRef.Name)`
`500`	`500`	`}`
`501`	`501`	`}`