portforward obfuscates permissions issues

[filip-zyzniewski]

Which project are you reporting a bug for?

kr8s

What happened?

Reproduction:

kubectl reporting a permissions problem:

test $ kubectl port-forward --namespace uat pod/podname 5432:5432
error: error upgrading connection: pods "podname" is forbidden: User "user" cannot create resource "pods/portforward" in API group "" in the namespace "uat"
test $

kr8s.objects.Pod().portforward does not complain, it just drops connection attempts on the floor:

test $ cat test.py 
import datetime
import kr8s
import psycopg_pool
import sys

print("python version:", sys.version)
print("kr8s version:", kr8s.__version__)
print("psycopg_pool version:", psycopg_pool.__version__)

pod = kr8s.objects.Pod("podname", namespace="uat")
fwd = pod.portforward(5432)

with fwd as port:
    psycopg_pool.ConnectionPool(
        kwargs={
            "host": fwd.address[0],
            "port": port,
            "sslmode": "require",
        },
    ).getconn()
test $

test $ poetry run python test.py
python version: 3.12.4 (main, Jun  6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)]
kr8s version: 0.18.1
psycopg_pool version: 3.2.4
error connecting in 'pool-1': connection timeout expired
error connecting in 'pool-1': connection timeout expired
error connecting in 'pool-1': connection failed: connection to server at "127.0.0.1", port 5432 failed: Connection refused
	Is the server running on that host and accepting TCP/IP connections?
[...]
reconnection attempt in pool 'pool-1' failed after 300.0 sec
[...]

Anything else?

No response

[jacobtomlinson]

I agree we should be raising an exception when hitting a permissions error.