Description of problem: When requesting a resource without proper RBAC (resulting in a 403), the proxy attempts to establish a watch, and will continuously retry without returning a response. This causes Ansible to appear to hang, although it is just waiting for a response from the proxy How reproducible: 100%, and against bare k8s as well Steps to Reproduce: 1. Create an ansible operator that attempts to interact with a resource it does not have proper RBAC permissions for 2. Run the operator/create a 3. Create a CR to trigger a run of the operator There's a reproducer operator and environment here: https://github.com/fabianvf/reproducer-operator The travis CI logs will have debug output from the operator. Actual results: The Ansible playbook hangs indefinitely, error status is not reported on the CR Expected results: The playbook fails with a 403 and the CR reports the failure. Additional info:
This is merged and should be built in the latest operator. As this was a base image fix, automation did not move this to ON_QA itself.
Tried with quay.io/operator-framework/ansible-operator:master , it is work for me. Changing status to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922