rbac-tool who-can create <custom_resource> fails with memory budget exceeded (1.3 GB usage)

[gberche-orange]

What happened:

Running the following command within a k8s container fails:

$ rbac-tool who-can create  mysqlinstances.database.orange.com
[...]
Failed to run program - memory budget exceeded (6:24)
|        {  .Verb     in [Verb, "*"] and 
| .......................^

within htop, I see 6 processes with VIRT to 1.3 GB prior to the crash

What you expected to happen:

• rbac-tool taking longer to produce output but not not crash
• a stack trace is displayed to helm diagnostic

How to reproduce it (as minimally and precisely as possible):

• an openshift cluster with a large number of crds

Anything else we need to know?:

$ rbac-tool who-can create  mysqlinstances.database.orange.com -v 9
[...]
I0301 11:09:54.444305    1881 subject_permissions.go:72] {Kind:ServiceAccount APIGroup: Name:deployer [...]
Failed to run program - memory budget exceeded (6:24)
 |        {  .Verb     in [Verb, "*"] and 
 | .......................^

Environment:

• Kubernetes version (use kubectl version):
• Cloud provider or configuration:
• Install tools:
• Others:

[gberche-orange]

Workaround: use https://github.com/aquasecurity/kubectl-who-can

kubectl krew install who-can
kubectl who-can create  mysqlinstances.database.orange.com