You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using KubernetesClient.GetAsync() requires the calling client having list permissions on the target resource type.
To reproduce
Create a KubernetesClient instance with a service account that has execlusively get permission on pod resources
Execute KubernetesClient.GetAsync()
The following exception occurs:
k8s.Autorest.HttpOperationException: Operation returned an invalid status code 'Forbidden', response body {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods \"my-pod\" is forbidden: User \"system:serviceaccount:my-namespace:my-service-account\" cannot list resource \"pods\" in API group \"\" in the namespace \"my-namespace\"","reason":"Forbidden","details":{"name":"my-pod","kind":"pods"},"code":403}
Expected behavior
KubernetesClient.GetAsync() should work if the client has get permissions on the target resource type.
Describe the bug
Using
KubernetesClient.GetAsync()
requires the calling client havinglist
permissions on the target resource type.To reproduce
KubernetesClient
instance with a service account that has execlusivelyget
permission on pod resourcesKubernetesClient.GetAsync()
Expected behavior
KubernetesClient.GetAsync()
should work if the client hasget
permissions on the target resource type.Screenshots
No response
Additional Context
Related code:
dotnet-operator-sdk/src/KubeOps.KubernetesClient/KubernetesClient.cs
Lines 103 to 120 in 80b8487
The text was updated successfully, but these errors were encountered: