diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index e3e0aa8d..944aefa6 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -28,6 +28,7 @@ - include_tasks: tasks/exec.yml - include_tasks: tasks/log.yml - include_tasks: tasks/cluster_info.yml + - include_tasks: tasks/access_review.yml roles: - helm diff --git a/molecule/default/tasks/access_review.yml b/molecule/default/tasks/access_review.yml new file mode 100644 index 00000000..78d6d567 --- /dev/null +++ b/molecule/default/tasks/access_review.yml @@ -0,0 +1,22 @@ +--- +- name: Create a SelfSubjectAccessReview resource + register: can_i_create_namespaces + ignore_errors: yes + k8s: + state: present + definition: + apiVersion: authorization.k8s.io/v1 + kind: SelfSubjectAccessReview + spec: + resourceAttributes: + group: v1 + resource: Namespace + verb: create + +- name: Assert that the SelfSubjectAccessReview request succeded + assert: + that: + - can_i_create_namespaces is successful + - can_i_create_namespaces.result.status is defined + - can_i_create_namespaces.result.status.allowed is defined + - can_i_create_namespaces.result.status.allowed diff --git a/plugins/module_utils/common.py b/plugins/module_utils/common.py index dac92818..d303eab6 100644 --- a/plugins/module_utils/common.py +++ b/plugins/module_utils/common.py @@ -38,7 +38,7 @@ from openshift.dynamic import DynamicClient from openshift.dynamic.exceptions import ( ResourceNotFoundError, ResourceNotUniqueError, NotFoundError, DynamicApiError, - ConflictError, ForbiddenError) + ConflictError, ForbiddenError, MethodNotAllowedError) HAS_K8S_MODULE_HELPER = True k8s_import_exception = None except ImportError as e: @@ -610,7 +610,7 @@ def perform_action(self, resource, definition): if namespace: params['namespace'] = namespace existing = resource.get(**params) - except NotFoundError: + except (NotFoundError, MethodNotAllowedError): # Remove traceback so that it doesn't show up in later failures try: sys.exc_clear()