Split the API error in two

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2025-07-21 19:01:49 +00:00 · 2022-09-29 11:50:33 +02:00 · 2022-09-29 11:50:33 +02:00 · e6e670624b
commit e6e670624b
parent 967fdbd3d5
2 changed files with 15 additions and 6 deletions
--- a/staging/src/k8s.io/kubectl/pkg/cmd/auth/whoami.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/auth/whoami.go
@ -139,19 +139,28 @@ func NewCmdWhoAmI(restClientGetter genericclioptions.RESTClientGetter, streams g
 	return cmd
 }

-var notEnabledErr = fmt.Errorf(
-	"the selfsubjectreviews API is not enabled in the cluster or you do not have permission to call\n" +
-		"enable APISelfSubjectReview feature gate and authentication.k8s.io/v1alpha1 API")
+var (
+	notEnabledErr = fmt.Errorf(
+		"the selfsubjectreviews API is not enabled in the cluster\n" +
+			"enable APISelfSubjectReview feature gate and authentication.k8s.io/v1alpha1 API")
+
+	forbiddenErr = fmt.Errorf(
+		"the selfsubjectreviews API is not enabled in the cluster or you do not have permission to call it")
+)

 // Run prints all user attributes.
 func (o WhoAmIOptions) Run() error {
 	sar := &authenticationv1alpha1.SelfSubjectReview{}
 	response, err := o.authClient.SelfSubjectReviews().Create(context.TODO(), sar, metav1.CreateOptions{})
 	if err != nil {
-		if errors.IsForbidden(err) || errors.IsNotFound(err) {
+		switch {
+		case errors.IsForbidden(err):
+			return forbiddenErr
+		case errors.IsNotFound(err):
 			return notEnabledErr
+		default:
+			return err
 		}
-		return err
 	}
 	return o.resourcePrinterFunc(response, o.Out)
 }
--- a/staging/src/k8s.io/kubectl/pkg/cmd/auth/whoami_test.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/auth/whoami_test.go
@ -107,7 +107,7 @@ func TestWhoAmIRun(t *testing.T) {
 			serverErr: errors.NewForbidden(
 				corev1.Resource("selfsubjectreviews"), "foo", fmt.Errorf("error"),
 			),
-			expectedError:       notEnabledErr,
+			expectedError:       forbiddenErr,
 			expectedBodyStrings: []string{},
 		},
 		{