internet/kubernetes.core
3
0
Fork 0
mirror of https://github.com/ansible-collections/kubernetes.core.git synced 2026-05-07 21:42:38 +00:00
Code Issues Projects Releases Wiki Activity

SelfSubjectAccessReviews now work with the k8s module (#237)

Browse Source 
* SelfSubjectAccessReviews now work with the k8s module
This commit is contained in:
Fabian von Feilitzsch
2020-09-28 12:20:01 -04:00
committed by GitHub
parent 5de49373b7
commit 0f3fef927e
3 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
molecule/default/converge.yml
View File

@@ -28,6 +28,7 @@
- include_tasks: tasks/exec.yml - include_tasks: tasks/exec.yml
- include_tasks: tasks/log.yml - include_tasks: tasks/log.yml
- include_tasks: tasks/cluster_info.yml - include_tasks: tasks/cluster_info.yml
- include_tasks: tasks/access_review.yml
roles: roles:
- helm - helm

22
molecule/default/tasks/access_review.yml Normal file
View File

@@ -0,0 +1,22 @@
---
- name: Create a SelfSubjectAccessReview resource
register: can_i_create_namespaces
ignore_errors: yes
k8s:
state: present
definition:
apiVersion: authorization.k8s.io/v1
kind: SelfSubjectAccessReview
spec:
resourceAttributes:
group: v1
resource: Namespace
verb: create
- name: Assert that the SelfSubjectAccessReview request succeded
assert:
that:
- can_i_create_namespaces is successful
- can_i_create_namespaces.result.status is defined
- can_i_create_namespaces.result.status.allowed is defined
- can_i_create_namespaces.result.status.allowed

4
plugins/module_utils/common.py
View File

@@ -38,7 +38,7 @@ try:
from openshift.dynamic import DynamicClient from openshift.dynamic import DynamicClient
from openshift.dynamic.exceptions import ( from openshift.dynamic.exceptions import (
ResourceNotFoundError, ResourceNotUniqueError, NotFoundError, DynamicApiError, ResourceNotFoundError, ResourceNotUniqueError, NotFoundError, DynamicApiError,
ConflictError, ForbiddenError) ConflictError, ForbiddenError, MethodNotAllowedError)
HAS_K8S_MODULE_HELPER = True HAS_K8S_MODULE_HELPER = True
k8s_import_exception = None k8s_import_exception = None
except ImportError as e: except ImportError as e:
@@ -610,7 +610,7 @@ class K8sAnsibleMixin(object):
if namespace: if namespace:
params['namespace'] = namespace params['namespace'] = namespace
existing = resource.get(**params) existing = resource.get(**params)
except NotFoundError: except (NotFoundError, MethodNotAllowedError):
# Remove traceback so that it doesn't show up in later failures # Remove traceback so that it doesn't show up in later failures
try: try:
sys.exc_clear() sys.exc_clear()