Bug 2030630
Summary: | 400 Bad Request error for some queries for the non admin user | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Jan Fajerski <jfajersk> |
Component: | Monitoring | Assignee: | Jan Fajerski <jfajersk> |
Status: | CLOSED ERRATA | QA Contact: | Junqi Zhao <juzhao> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.9 | CC: | amuller, anpicker, aos-bugs, erooth, juzhao, spasquie, viraj |
Target Milestone: | --- | ||
Target Release: | 4.9.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 2024199 | Environment: | |
Last Closed: | 2022-03-29 07:16:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2024199 | ||
Bug Blocks: |
Comment 1
Junqi Zhao
2022-01-20 04:40:14 UTC
Hi @juzhao, UI cherry-pick PR to 4.9.z is not yet merged. I think that is the reason you are still getting Forbidden errors in the Developer perspective Observe dashboard. BZ ticket for 4.9.z UI changes is https://bugzilla.redhat.com/show_bug.cgi?id=2026414 The prometheus oauth-proxy container logs the following: 2022/01/20 09:50:08 provider.go:515: Permission denied for pm1 for check {"resource":"namespaces","scopes":[],"verb":"get"} 2022/01/20 09:50:08 oauthproxy.go:650: 10.131.0.9:58512 Permission Denied: user is unauthorized when redeeming token 2022/01/20 09:50:08 oauthproxy.go:445: ErrorPage 403 Permission Denied Invalid Account Afaiu that is the correct behavior a user needs to be authorized to GET namespace resources. (In reply to Vikram Raj from comment #3) > Hi @juzhao, UI cherry-pick PR to 4.9.z is not yet merged. I think > that is the reason you are still getting Forbidden errors in the Developer > perspective Observe dashboard. BZ ticket for 4.9.z UI changes is > https://bugzilla.redhat.com/show_bug.cgi?id=2026414 we are testing with the PR, not test with the nightly payload which include the fix @juzhao Can you please check again with a user that has GET priviliges on namespaces. This should get you past the permission check 2022/01/20 09:50:08 provider.go:515: Permission denied for pm1 for check {"resource":"namespaces","scopes":[],"verb":"get"} Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.9.26 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1022 |