kn source list and list-types return error if CRD access is restricted #947
Comments
|
/assign |
navidshaikh
added a commit
to navidshaikh/client
that referenced
this issue
Jul 23, 2020
Fixes knative#947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`.
navidshaikh
added a commit
to navidshaikh/client
that referenced
this issue
Jul 23, 2020
Fixes knative#947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`.
navidshaikh
added a commit
to navidshaikh/client
that referenced
this issue
Jul 23, 2020
Fixes knative#947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`.
knative-prow-robot
pushed a commit
that referenced
this issue
Aug 4, 2020
* List inbuilt sources if CRD access is restricted Fixes #947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`. * Fix golint warnings * Remove unused imports * Verify each built in source before listing source types * Improve the check if sources are not installed in the cluster * Update finding forbidden error * Update finding errors * Add unit tests for IsForbiddenError util * Add unit tests * Add tests for dynamic pkg library * Add unit tests for case when no sources are installed * Update test name
navidshaikh
added a commit
to navidshaikh/client
that referenced
this issue
Aug 18, 2020
* List inbuilt sources if CRD access is restricted Fixes knative#947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`. * Fix golint warnings * Remove unused imports * Verify each built in source before listing source types * Improve the check if sources are not installed in the cluster * Update finding forbidden error * Update finding errors * Add unit tests for IsForbiddenError util * Add unit tests * Add tests for dynamic pkg library * Add unit tests for case when no sources are installed * Update test name
knative-prow-robot
pushed a commit
that referenced
this issue
Aug 19, 2020
* fix(docs): Fix tekton task link in README (#934) * Fix missing NAMESPACE column header (#951) * Fix missing NAMESPACE column header * Fix missing namespace column header for 'kn source list -A' * List inbuilt sources if CRD access is restricted (#948) * List inbuilt sources if CRD access is restricted Fixes #947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`. * Fix golint warnings * Remove unused imports * Verify each built in source before listing source types * Improve the check if sources are not installed in the cluster * Update finding forbidden error * Update finding errors * Add unit tests for IsForbiddenError util * Add unit tests * Add tests for dynamic pkg library * Add unit tests for case when no sources are installed * Update test name * Use Tekton Catalog GA structure for tasks (#966) * fix: `kn source list` command print spelling problems (#963) * Fix exit code on service delete and revision delete (#971) * Fix exit code 0 upon service delete * Mentioned bug fix in CHANGELOG.adoc * Add error check test for service not found * Fix for kn revision delete failure exit code and add test cases * Testing changes in test cases for failure in intergration tests * Fix test case error causing integration test failure * fix(volume): Generate volume name compliant with DNS Label names (#975) * fix(volume): Volume names to not contain dots Replace non alphanumberic characters with hyphen as the volumen name must be a DNS_LABEL (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names) ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#volume-v1-core * Generate volume name compliant with DNS Label names Volume names to follow the DNS label standard as defined in RFC 1123. This means the name must: - contain at most 63 characters - contain only lowercase alphanumeric characters or '-' - start with an alphanumeric character - end with an alphanumeric character * Set client custom GVK for source list for machine readable output (#980) - Use custom GVK {Group: client.knative.dev, Version: v1alpha1, Kind: SourceList} - Source list may contain different source types CO and machine readable output (using -o) requires List object to have GVK set, since the list contains different types of source COs, we set a custom client GVK on it. Fixes #953 * Update CHANGELOG for v0.16.1 Co-authored-by: kaustubh <[email protected]> Co-authored-by: Chris Suszynski <[email protected]> Co-authored-by: tianfeiyu <[email protected]> Co-authored-by: Himanshu Ranjan <[email protected]>
rhuss
pushed a commit
to rhuss/knative-client
that referenced
this issue
Sep 9, 2020
* List inbuilt sources if CRD access is restricted Fixes knative#947 - Identify restricted access error - If server returns restricted access error, fallback to listing only eventing inbuilt sources using their GVKs. - List any inbuilt source (ApiServerSource) object and read the error to know if eventing is installed for `kn source list-types`. * Fix golint warnings * Remove unused imports * Verify each built in source before listing source types * Improve the check if sources are not installed in the cluster * Update finding forbidden error * Update finding errors * Add unit tests for IsForbiddenError util * Add unit tests * Add tests for dynamic pkg library * Add unit tests for case when no sources are installed * Update test name
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
kn source listandkn source list-typesuses dynamic client and a common operation is to query CRDs and filter on a particular label. It finds all the sources CRDs with labelduck.knative.dev/source: true, and able to list eventing inbuilt and non inbuilt sources.A user of cluster might be restricted to list the CRDs in the cluster causing
kn source listandkn source list-typescommands to fail, though the same user is able to read the particular GVK of the source (kn source ping list).We can identify these restricted access error and fallback to listing only eventing inbuilt sources as we know their GVKs.
The text was updated successfully, but these errors were encountered: