SelfSubjectAccessReviews now work with the k8s module (#237)

* SelfSubjectAccessReviews now work with the k8s module

molecule/default/converge.yml

@@ -28,6 +28,7 @@
     - include_tasks: tasks/exec.yml
     - include_tasks: tasks/log.yml
     - include_tasks: tasks/cluster_info.yml
+    - include_tasks: tasks/access_review.yml
 
   roles:
     - helm

molecule/default/tasks/access_review.yml

@@ -0,0 +1,22 @@
+---
+- name: Create a SelfSubjectAccessReview resource
+  register: can_i_create_namespaces
+  ignore_errors: yes
+  k8s:
+    state: present
+    definition:
+      apiVersion: authorization.k8s.io/v1
+      kind: SelfSubjectAccessReview
+      spec:
+        resourceAttributes:
+          group: v1
+          resource: Namespace
+          verb: create
+
+- name: Assert that the SelfSubjectAccessReview request succeded
+  assert:
+    that:
+      - can_i_create_namespaces is successful
+      - can_i_create_namespaces.result.status is defined
+      - can_i_create_namespaces.result.status.allowed is defined
+      - can_i_create_namespaces.result.status.allowed

plugins/module_utils/common.py

@@ -38,7 +38,7 @@
     from openshift.dynamic import DynamicClient
     from openshift.dynamic.exceptions import (
         ResourceNotFoundError, ResourceNotUniqueError, NotFoundError, DynamicApiError,
-        ConflictError, ForbiddenError)
+        ConflictError, ForbiddenError, MethodNotAllowedError)
     HAS_K8S_MODULE_HELPER = True
     k8s_import_exception = None
 except ImportError as e:
@@ -610,7 +610,7 @@ def perform_action(self, resource, definition):
             if namespace:
                 params['namespace'] = namespace
             existing = resource.get(**params)
-        except NotFoundError:
+        except (NotFoundError, MethodNotAllowedError):
             # Remove traceback so that it doesn't show up in later failures
             try:
                 sys.exc_clear()