check in LE init

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/LeaderElectionManager.java

@@ -50,6 +50,7 @@ public void init(LeaderElectionConfiguration config, KubernetesClient client) {
       log.error(message);
       throw new IllegalArgumentException(message);
     }
+    checkLeaseAccess();
     final var lock = new LeaseLock(leaseNamespace, leaseName, identity);
     // releaseOnCancel is not used in the underlying implementation
     leaderElector =
@@ -99,7 +100,6 @@ private String identity(LeaderElectionConfiguration config) {
 
   public void start() {
     if (isLeaderElectionEnabled()) {
-      checkLeaseAccess();
       leaderElectionFuture = leaderElector.start();
     }
   }

operator-framework-core/src/test/java/io/javaoperatorsdk/operator/LeaderElectionManagerTest.java

@@ -9,6 +9,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
+import io.fabric8.kubernetes.api.model.ConfigMap;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.javaoperatorsdk.operator.api.config.ConfigurationServiceProvider;
 import io.javaoperatorsdk.operator.api.config.LeaderElectionConfiguration;
@@ -27,7 +28,7 @@ class LeaderElectionManagerTest {
   @BeforeEach
   void setUp() {
     ControllerManager controllerManager = mock(ControllerManager.class);
-    kubernetesClient = mock(KubernetesClient.class);
+    kubernetesClient = MockKubernetesClient.client(ConfigMap.class);
     leaderElectionManager = new LeaderElectionManager(controllerManager);
   }
 

operator-framework-core/src/test/java/io/javaoperatorsdk/operator/MockKubernetesClient.java

@@ -6,6 +6,7 @@
 
 import io.fabric8.kubernetes.api.model.HasMetadata;
 import io.fabric8.kubernetes.api.model.KubernetesResourceList;
+import io.fabric8.kubernetes.api.model.authorization.v1.*;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.V1ApiextensionAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.*;
@@ -70,6 +71,25 @@ public static <T extends HasMetadata> KubernetesClient client(Class<T> clazz,
     when(v1.customResourceDefinitions()).thenReturn(operation);
     when(operation.withName(any())).thenReturn(mock(Resource.class));
 
+    var mockSelfSubjectReviewHandler = mock(NamespaceableResource.class);
+    when(mockSelfSubjectReviewHandler.create())
+        .thenReturn(validSelfSubjectRulesReviewForLeaderElection());
+    when(client.resource(any(SelfSubjectRulesReview.class)))
+        .thenReturn(mockSelfSubjectReviewHandler);
+
     return client;
   }
+
+  private static SelfSubjectRulesReview validSelfSubjectRulesReviewForLeaderElection() {
+    SelfSubjectRulesReview res = new SelfSubjectRulesReview();
+    res.setStatus(new SubjectRulesReviewStatusBuilder()
+        .withResourceRules(new ResourceRuleBuilder()
+            .withApiGroups("coordination.k8s.io")
+            .withResources("leases")
+            .withVerbs("*")
+            .build())
+        .build());
+    return res;
+  }
+
 }

operator-framework-core/src/test/java/io/javaoperatorsdk/operator/OperatorTest.java

@@ -43,7 +43,7 @@ void initOperator() {
 
   @Test
   @DisplayName("should throw `OperationException` when Configuration is null")
-  public void shouldThrowOperatorExceptionWhenConfigurationIsNull() {
+  void shouldThrowOperatorExceptionWhenConfigurationIsNull() {
     // use a ConfigurationService that doesn't automatically create configurations
     ConfigurationServiceProvider.reset();
     ConfigurationServiceProvider.set(new AbstractConfigurationService(null));

operator-framework/src/test/java/io/javaoperatorsdk/operator/LeaderElectionPermissionIT.java

@@ -32,18 +32,14 @@ void operatorStopsIfNoLeaderElectionPermission() {
         .withImpersonateUsername("leader-elector-stop-noaccess")
         .build()).build();
 
-    var operator = new Operator(client, o -> {
-      o.withLeaderElectionConfiguration(
-          new LeaderElectionConfiguration("lease1", "default"));
-      o.withStopOnInformerErrorDuringStartup(false);
-    });
-    operator.register(new TestReconciler(), o -> o.settingNamespace("default"));
-
     OperatorException exception = assertThrows(
-        OperatorException.class,
-        operator::start);
+        OperatorException.class, () -> new Operator(client, o -> {
+          o.withLeaderElectionConfiguration(
+              new LeaderElectionConfiguration("lease1", "default"));
+          o.withStopOnInformerErrorDuringStartup(false);
+        }));
 
-    assertThat(exception.getCause().getMessage())
+    assertThat(exception.getMessage())
         .contains(NO_PERMISSION_TO_LEASE_RESOURCE_MESSAGE);
   }