Kubernetes 403 forbidden messages could be more verbose

[wmuizelaar]

Hi,

I was trying to use the kubeclient module to connect to a kubernetes cluster, but the credentials I used in my kube-config didn't have sufficient rights within kubernetes. Logging in worked, but requesting the nodes failed. The error-message I got when trying this was the following:

/Users/wmuizelaar/.rvm/gems/ruby-2.1.10/gems/kubeclient-2.5.1/lib/kubeclient/common.rb:117:in `rescue in handle_exception': 403 Forbidden (KubeException)
	from /Users/wmuizelaar/.rvm/gems/ruby-2.1.10/gems/kubeclient-2.5.1/lib/kubeclient/common.rb:109:in `handle_exception'
	from /Users/wmuizelaar/.rvm/gems/ruby-2.1.10/gems/kubeclient-2.5.1/lib/kubeclient/common.rb:275:in `get_entities'
	from /Users/wmuizelaar/.rvm/gems/ruby-2.1.10/gems/kubeclient-2.5.1/lib/kubeclient/common.rb:179:in `block (2 levels) in define_entity_methods'
	from test.rb:25:in `<main>'

When I tested these credentials with other tooling, I got a more specific error message: User "system:serviceaccount:XXX:YYY" cannot create namespaces at the cluster scope.: "Unknown user "system:serviceaccount:XXX:YYY""

and therefore I knew something was wrong with the rights. Could the kubeclient module give the same more verbose error-message it gets from the kubernetes API server?

[simon3z]

cc @moolitayer @cben