This script analyzes AuthorizationPolicies
in a cluster and checks whether there are Selector based policies that span multiple service accounts. This info may help guide future API decisions.
Example output:
$ curl -sL https://gist.githubusercontent.com/howardjohn/ae20c608bebfb79e701009ee8f83b57b/raw/8af7a83dff4ed000b18858cc96527b6c1f688ed8/find-cross-service-account-policies | sh
Policy echo/echo/ns1 has selects service accounts 'alpha,beta,', but doesn't fully select 'alpha,'
Policy echo/echo/ns1 has 2 Service accounts: 'alpha beta,
Policy echo/echo/policy has selects service accounts 'waypoint,', but doesn't fully select 'waypoint,'
Root Policy istio-system/ns1 has 2 Service accounts: alpha beta