Handle known permission errors by default

[yuvalavra]

Kubelets that enforce authorization have known responses for permission errors. For example, if a request is authenticated but isn't authorized, the Kubelet will respond with: Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)

kubeletctl currently prints a generic error message for permission errors, so it can be hard to understand what's causing the error:

$ kubeletctl --token=<token> pods
[*] Failed to run HTTP request with error: invalid character 'F' looking for beginning of value

The actual error can be seen using --raw, but if you're not using kubeletctl regularly it's easy to forget about that. It would be awesome if kubeletctl could check whether a response is a known permission error, and if so print the full error by default.

Kubelet responses for permission errors

• Unauthenticated request or Authentication error - http.StatusUnauthorized (401), Unauthorized
• Unauthorized request - http.StatusForbidden (403), Forbidden (user=%s, verb=%s, resource=%s, subresource=%s)
• Authorization error - http.StatusInternalServerError (500), Authorization error (user=%s, verb=%s, resource=%s, subresource=%s)

[g3rzi]

Thanks @YuvalAvra for the suggestion and the elaboration, I think it's a good idea.
We will have a look on that and update accordingly.

[g3rzi]

Hi @yuvalavra we added a small fix for that issue that will now print the errors with details. It should be generic for any errors, we were able to verify it on 401 and 403.