Bug 1477223
| Summary: | Ordinary user can not view their newly created pods' metrics within their project in web console, at the same time, their old pods' metrics data is still visible | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Junqi Zhao <juzhao> | |
| Component: | Hawkular | Assignee: | Matt Wringe <mwringe> | |
| Status: | CLOSED ERRATA | QA Contact: | Junqi Zhao <juzhao> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 3.6.0 | CC: | aos-bugs, juzhao, qitang, spadgett, trankin, xiazhao, xtian, yapei | |
| Target Milestone: | --- | Keywords: | Regression | |
| Target Release: | 3.6.z | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | 3.6.0 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1477868 (view as bug list) | Environment: | ||
| Last Closed: | 2017-09-08 03:15:23 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1477868 | |||
| Attachments: | ||||
|
Description
Junqi Zhao
2017-08-01 13:51:33 UTC
Created attachment 1307606 [details]
metrics route could be accessed
Created attachment 1307607 [details]
clster admin can view user's metrics diagram
Status code -1 might mean the browser blocked the HTTP request because the CORS preflight check failed. Is it possible that Hawkular was not ready when you first tested as the ordinary user? If this is reproducible, I'd like to see what's in the browser developer tools network tab (Tools -> Developer Tools -> Network and refresh the page). Please take a screenshot of what you see. Also check the events in the openshift-infra namespace and attach the logs for the hawkular-metrics pod (also in the openshift-infra namespace). (In reply to Samuel Padgett from comment #3) > Status code -1 might mean the browser blocked the HTTP request because the > CORS preflight check failed. Is it possible that Hawkular was not ready when > you first tested as the ordinary user? I did the testing after all the pods became ready, and the browser did not block the HTTP request because I tested metrics 3.4.1, it did not have this issue. > If this is reproducible, I'd like to see what's in the browser developer > tools network tab (Tools -> Developer Tools -> Network and refresh the > page). Please take a screenshot of what you see. Status code: 304, not modified, see the attached picture > Also check the events in the openshift-infra namespace and attach the logs > for the hawkular-metrics pod (also in the openshift-infra namespace). See the attached file Created attachment 1307852 [details]
events and hawkular_metrics pod log
Created attachment 1307853 [details]
network diagnostics snapshot
Can you make sure the XHR tab is selected when you check the network requests? Thanks! (In reply to Junqi Zhao from comment #4) > I did the testing after all the pods became ready, and the browser did not > block the HTTP request because I tested metrics 3.4.1, it did not have this > issue. The browser will block the request if the HTTP OPTIONS preflight check does not have the right CORS response headers even if it worked in 3.4. When this happens, you usually see status -1. This is why I'm hoping to see the network tab for XHR specifically. You might also check to see if there are any errors in the Firefox JavaScript console. Thank you for the events and logs. Created attachment 1307856 [details]
network XHR snapshot
Yeah, checked on Junqi's testing environment and there is COR blocked error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hawkular-metrics.0801-m9s.qe.rhcloud.com/hawkular/metrics/gauges/dctest-1%2F240bee90-771e-11e7-9dea-fa163e197345%2Fcpu%2Fusage_rate/data?bucketDuration=120000ms&start=-60mn. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing) Details attached in screenshot Typo in my comments, s/COR/CORS/g Created attachment 1307883 [details]
CORS Blocked Error
Its not cors, the subjectaccessreview that Hawkular Metrics uses also returns back the expected results. We did have a recent change to add in another filter to Hawkular Metrics, but if that is affecting things, you should be getting a 500 error and not 403. Investigating further Can you please attach the logs for hawkular metrics, cassandra, and heapster. As well as the output of 'oc get pods -o yaml -n openshift-infra'? I can reproduce and I think I know what the problem is. Hopefully I will have an update soon. Issue is fixed, ordinary user can not view their pods' metrics within their project. Please change the status to ON_QA. Images from brew metrics-hawkular-metrics:v3.6.173.0.3-2 metrics-cassandra:v3.6.173.0.3-1 metrics-heapster:v3.6.173.0.3-1 Created attachment 1308538 [details]
Issue is fixed, ordinary user could view their pod's metrics
Close it based on Comment 20 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2642 |