From 0f3fef927e14fc8240f4e696e01515cd26371aaa Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Mon, 28 Sep 2020 12:20:01 -0400 Subject: [PATCH] SelfSubjectAccessReviews now work with the k8s module (#237) * SelfSubjectAccessReviews now work with the k8s module --- molecule/default/converge.yml | 1 + molecule/default/tasks/access_review.yml | 22 ++++++++++++++++++++++ plugins/module_utils/common.py | 4 ++-- 3 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 molecule/default/tasks/access_review.yml diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index e3e0aa8d..944aefa6 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -28,6 +28,7 @@ - include_tasks: tasks/exec.yml - include_tasks: tasks/log.yml - include_tasks: tasks/cluster_info.yml + - include_tasks: tasks/access_review.yml roles: - helm diff --git a/molecule/default/tasks/access_review.yml b/molecule/default/tasks/access_review.yml new file mode 100644 index 00000000..78d6d567 --- /dev/null +++ b/molecule/default/tasks/access_review.yml @@ -0,0 +1,22 @@ +--- +- name: Create a SelfSubjectAccessReview resource + register: can_i_create_namespaces + ignore_errors: yes + k8s: + state: present + definition: + apiVersion: authorization.k8s.io/v1 + kind: SelfSubjectAccessReview + spec: + resourceAttributes: + group: v1 + resource: Namespace + verb: create + +- name: Assert that the SelfSubjectAccessReview request succeded + assert: + that: + - can_i_create_namespaces is successful + - can_i_create_namespaces.result.status is defined + - can_i_create_namespaces.result.status.allowed is defined + - can_i_create_namespaces.result.status.allowed diff --git a/plugins/module_utils/common.py b/plugins/module_utils/common.py index dac92818..d303eab6 100644 --- a/plugins/module_utils/common.py +++ b/plugins/module_utils/common.py @@ -38,7 +38,7 @@ try: from openshift.dynamic import DynamicClient from openshift.dynamic.exceptions import ( ResourceNotFoundError, ResourceNotUniqueError, NotFoundError, DynamicApiError, - ConflictError, ForbiddenError) + ConflictError, ForbiddenError, MethodNotAllowedError) HAS_K8S_MODULE_HELPER = True k8s_import_exception = None except ImportError as e: @@ -610,7 +610,7 @@ class K8sAnsibleMixin(object): if namespace: params['namespace'] = namespace existing = resource.get(**params) - except NotFoundError: + except (NotFoundError, MethodNotAllowedError): # Remove traceback so that it doesn't show up in later failures try: sys.exc_clear()