Bug 1774060
Summary: | alertmanager-access role is not created | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Sergiusz Urbaniak <surbania> |
Component: | Monitoring | Assignee: | Sergiusz Urbaniak <surbania> |
Status: | CLOSED ERRATA | QA Contact: | Junqi Zhao <juzhao> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.3.0 | CC: | alegrand, anpicker, aos-bugs, erooth, juzhao, kakkoyun, lcosic, mfojtik, mloibl, pkrupa, slaznick, surbania |
Target Milestone: | --- | Keywords: | NeedsTestCase |
Target Release: | 4.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-23 11:13:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sergiusz Urbaniak
2019-11-19 13:47:20 UTC
I see 'oc adm policy add-role-to-user --role-namespace='openshift-monitoring' alertmanager-access juzhao1' But the check is performed for user with username juzhao1: ``` 2019/11/22 06:20:59 provider.go:464: Permission denied for juzhao1 for check {"group":"monitoring.coreos.com","namespace":"openshift-monitoring","resource":"alertmanagers","scopes":[],"verb":"get"} ``` (In reply to Standa Laznicka from comment #8) > I see 'oc adm policy add-role-to-user > --role-namespace='openshift-monitoring' alertmanager-access juzhao1' > > But the check is performed for user with username juzhao1: > > ``` > 2019/11/22 06:20:59 provider.go:464: Permission denied for > juzhao1 for check > {"group":"monitoring.coreos.com","namespace":"openshift-monitoring", > "resource":"alertmanagers","scopes":[],"verb":"get"} > ``` yes, maybe it is the cause. checked with cluster-admin user 2019/11/22 11:05:24 provider.go:613: 200 GET https://172.30.0.1/apis/user.openshift.io/v1/users/~ {"kind":"User","apiVersion":"user.openshift.io/v1","metadata":{"name":"kube:admin","selfLink":"/apis/user.openshift.io/v1/users/kube%3Aadmin","creationTimestamp":null},"identities":null,"groups":["system:authenticated","system:cluster-admins"]} 2019/11/22 11:05:24 provider.go:613: 201 POST https://172.30.0.1/apis/authorization.openshift.io/v1/subjectaccessreviews {"kind":"SubjectAccessReviewResponse","apiVersion":"authorization.openshift.io/v1","namespace":"openshift-monitoring","allowed":true,"reason":"RBAC: allowed by ClusterRoleBinding \"cluster-admins\" of ClusterRole \"cluster-admin\" to Group \"system:cluster-admins\""} 2019/11/22 11:05:24 oauthproxy.go:675: 10.131.0.9:42724 authentication complete Session{kube:admin token:true} this is working '-openshift-sar={"resourceAPIGroup": "monitoring.coreos.com", "resource": "alertmanagers", "namespace": "openshift-monitoring", "verb": "get"}' moving back to monitoring, bug's on your side. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 |