Bug 1848151
Summary: | Console continues to poll the ClusterVersion resource when the user doesn't have authority | ||||||
---|---|---|---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Samuel Padgett <spadgett> | ||||
Component: | Management Console | Assignee: | Samuel Padgett <spadgett> | ||||
Status: | CLOSED ERRATA | QA Contact: | Yanping Zhang <yanpzhan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 4.6 | CC: | aos-bugs, jhadvig, jokerman, rsandu, yanpzhan, yapei | ||||
Target Milestone: | --- | ||||||
Target Release: | 4.8.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | Scrubbed | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
The web console was incorrectly polling the ClusterVersion resource for users who didn't have authority. This would cause large numbers of "Failed to dial backend: websocket: bad handshake" errors in the console pod log, but otherwise did not cause any issues. We now check the user's permission before trying to poll this resource.
|
Story Points: | --- | ||||
Clone Of: | |||||||
: | 1952578 (view as bug list) | Environment: |
Version: 4.6.0-0.nightly-2020-06-16-214732
Cluster ID: 092d09d8-b2c0-4206-b824-9ed1a47fc4ca
Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
|
||||
Last Closed: | 2021-07-27 22:32:27 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1952578 | ||||||
Attachments: |
|
Description
Samuel Padgett
2020-06-17 19:34:39 UTC
Move to upcoming sprint. Will look at this on bugfix mondays. We did not have time to fix this issue this sprint. Will reevaluate and try to fix in next sprint. Created attachment 1771755 [details]
js-error
Checked on ocp 4.8 cluster with payload 4.8.0-0.nightly-2021-04-13-171608. Login console with normal user, check logs in dev console, there are some 403 forbidden errors about promethues/alertmanager and many cookie warnings: XHRGEThttps://console-openshift-console.apps.qe-groupd-0414.qe.devcluster.openshift.com/api/prometheus/api/v1/rules [HTTP/1.1 403 Forbidden 4905ms] Cookie “_oauth_proxy” has been rejected for invalid domain. rules XHRGEThttps://console-openshift-console.apps.qe-groupd-0414.qe.devcluster.openshift.com/api/alertmanager/api/v2/silences [HTTP/1.1 403 Forbidden 5354ms] Cookie “_oauth_proxy” has been rejected for invalid domain. =============================== Pls refer to screenshot. Hi, Yanping. This fix is only for polling ClusterVersion specifically. There will be some other 403 errors that are expected. Are these being polled constantly or only single requests? Moving back to ON_QA. If there are additional issues, we should open separate bugs to track. *** Bug 1952555 has been marked as a duplicate of this bug. *** Raising the severity since this floods the log with messages making it harder to troubleshoot other problems. Checked on ocp 48 cluster with payload 4.8.0-0.nightly-2021-04-22-182303, after normal user login console, check logs in dev console, there is no request for "ClusterVersion" resource. Check in console pod log, there is no this kind of request, neither. The issue in the bug description has been fixed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |