Skip to content
This repository has been archived by the owner on Jun 13, 2024. It is now read-only.

SelfSubjectAccessReviews now work with the k8s module #237

Merged
merged 2 commits into from
Sep 28, 2020
Merged

SelfSubjectAccessReviews now work with the k8s module #237

merged 2 commits into from
Sep 28, 2020

Conversation

fabianvf
Copy link
Collaborator

SUMMARY

When the initial GET request fails with a 405 MethodNotAllowed, we now treat it as if the resource does not exist. This allows resources that do not support the GET verb to properly work (albeit not idempotently). This allows users to interact with the SelfSubjectAccessReview APIs.

Fixes #234

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

k8s

ADDITIONAL INFORMATION

@codecov
Copy link

codecov bot commented Sep 25, 2020
edited
Loading

Codecov Report

Merging #237 into main will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #237   +/-   ##
=======================================
  Coverage   36.74%   36.74%           
=======================================
  Files           3        3           
  Lines         724      724           
  Branches      144      144           
=======================================
  Hits          266      266           
  Misses        409      409           
  Partials       49       49

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5de4937...8f4fed6. Read the comment docs.

@Akasurde Akasurde self-requested a review September 28, 2020 14:25
@fabianvf fabianvf force-pushed the self-subject-access-reviews branch from 04f314a to 8f4fed6 Compare September 28, 2020 15:15
@fabianvf fabianvf merged commit 0f3fef9 into ansible-collections:main Sep 28, 2020
@jmazzitelli jmazzitelli mentioned this pull request Sep 28, 2020
Closed
@jmazzitelli
Copy link

jmazzitelli commented Oct 14, 2020
edited
Loading

Is this fixed in 1.1.1 ? Because I still see the error:

$ ansible-galaxy collection install community.kubernetes --force
Process install dependency map
Starting collection install process
Installing 'community.kubernetes:1.1.1' to '/home/jmazzite/.ansible/collections/ansible_collections/community/kubernetes'

TASK [default/kiali-deploy : Determine if the operator can support accessible_namespaces=** - can_i create clusterroles] ***
fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "msg": "Failed to retrieve requested object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"selfsubjectaccessreviews.authorization.k8s.io is forbidden: User \\\\\"system:serviceaccount:kiali-operator:kiali-operator\\\\\" cannot list resource \\\\\"selfsubjectaccessreviews\\\\\" in API group \\\\\"authorization.k8s.io\\\\\" at the cluster scope\",\"reason\":\"Forbidden\",\"details\":{\"group\":\"authorization.k8s.io\",\"kind\":\"selfsubjectaccessreviews\"},\"code\":403}\\n'", "reason": "Forbidden", "status": 403}

UPDATE: ignore this, I think its because I didn't give my role "list" permission for the selfsubjectaccessreviews resource.

@jmazzitelli jmazzitelli mentioned this pull request May 3, 2021
Closed
@github-actions
Copy link

github-actions bot commented Nov 4, 2021

This repository does not accept pull requests, see the README for details.

@github-actions github-actions bot locked and limited conversation to collaborators Nov 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@maxamillion maxamillion maxamillion approved these changes

@Akasurde Akasurde Awaiting requested review from Akasurde

Assignees
No one assigned
Labels
repo-lockdown
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fabianvf @jmazzitelli @maxamillion