Bug 1848492

Summary: Button to log out from Grafana and Prometheus web UI
Product: OpenShift Container Platform Reporter: Daniele <dconsoli>
Component: MonitoringAssignee: Pawel Krupa <pkrupa>
Status: CLOSED ERRATA QA Contact: Junqi Zhao <juzhao>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: alegrand, anpicker, calfonso, erooth, ifekxp, kakkoyun, lcosic, mloibl, pkrupa, surbania
Target Milestone: ---Keywords: Reopened
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rh-container@k8s.jp.nec.com Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-27 13:49:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniele 2020-06-18 13:05:28 UTC 
Description of problem:
There's is no "log out" button on the Graphana web ui.
On support cases it's been mentioned that the oauth token gets expired after 24 hours, so the user might have to login again to the web UI of Grafana and Prometheus.
This still doesn't give customers a way to forcefully close the session and feels like a possible security issue.

Version-Release number of selected component (if applicable):
OCP 3.11

How reproducible:
always

Steps to Reproduce:
Login into graphana. 
Close tab. 
Reopen.


Actual results:
Still logged in

Expected results:
Users can click a button to end their session

Additional info:
From the customer's point of view, this is a bug.
I understand it can be a RFE, but then the security implications of this should be addressed somewhere (maybe docs?).
Comment 10 Junqi Zhao 2020-07-20 10:16:54 UTC 
tested with cluster-monitoring-operator:v3.11.248, cookie expiration time for alertmanager/prometheus/grafana is 24h
Comment 12 errata-xmlrpc 2020-07-27 13:49:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2990
Comment 13 Masaki Hatada 2020-08-04 08:41:09 UTC 
Dear Red Hat,

Our customer asked the same request as this bugzilla for OCP4.
The request of Comment #0 is to add logout button to prometheus and grafana, but https://github.com/openshift/cluster-monitoring-operator/pull/837 seems not to implement the feature requested by Comment #0.

That's very weird for us.
How did Red Hat handle Comment #0's request?
Does Red Hat have a plan to implement logout button for prometheus and grafana?

Please let us know the above information if possible.
(I have no permission to read private comment)

Best Regards,
Masaki Hatada
Comment 14 Ferdous 2020-11-20 15:09:46 UTC 
Hello,

Seems like it's not resolved on Openshift 3.11/Grafana. Any progress on this issue?

Thanks,
Ferdous
Comment 15 Red Hat Bugzilla 2023-09-14 06:02:22 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days