Bug 1856097 - Login attempt with non-admin user to Grafana via oVirt Engine Auth returns HTTP 500 error
Summary: Login attempt with non-admin user to Grafana via oVirt Engine Auth returns HT...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-engine-dwh
Classification: oVirt
Component: Grafana
Version: 4.4.1.2
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ovirt-4.4.3
: ---
Assignee: Yedidyah Bar David
QA Contact: Lucie Leistnerova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-07-12 16:30 UTC by Pavel Novotny
Modified: 2020-09-07 14:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-07 14:34:38 UTC
oVirt Team: Metrics
Embargoed:
pm-rhel: ovirt-4.4?
pnovotny: planning_ack?
sbonazzo: devel_ack+
pnovotny: testing_ack+


Attachments (Terms of Use)
Grafana oVirt Auth non-admin user error (21.49 KB, image/png)
2020-07-12 16:30 UTC, Pavel Novotny
no flags Details

Description Pavel Novotny 2020-07-12 16:30:40 UTC
Created attachment 1700738 [details]
Grafana oVirt Auth non-admin user error

Description of problem:
If an already logged-in non-admin user tries to log into Grafna portal via the oVirt Engine Auth, the page crashes with an HTTP 500 error (see attached screenshot).


Version-Release number of selected component (if applicable):
ovirt-engine-4.4.1.8-0.7.el8ev.noarch
ovirt-engine-dwh-4.4.1.2-1.el8ev.noarch

How reproducible:
always

Steps to Reproduce:
1. Log into engine as a non-admin user.
2. Go to 'Monitoring Portal' Grafana login page.
3. Click 'Sign in with oVirt Engine Auth'.

Actual results:
HTTP 500 error page (see attached screenshot):
"""
Grafana / Server Error
Sadly something went wrong

login.OAuthLogin(get info from generic_oauth)

Check the Grafana server logs for the detailed error message.
"""

Expected results:
User-friendly error message, like 'You are not authorized...' or similar.


Additional info:
No related error message found in engine.log.

grafana.log:
"""
t=2020-07-12T18:20:14+0200 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.40.192.79 time_ms=1 size=50 referer=https://10-37-137-129.rhev.lab.eng.brq.redhat.com/ovirt-engine/
t=2020-07-12T18:20:22+0200 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.40.192.79 time_ms=0 size=437 referer=https://10-37-137-129.rhev.lab.eng.brq.redhat.com/ovirt-engine-grafana/login
t=2020-07-12T18:20:22+0200 lvl=info msg="state check" logger=oauth queryState=9433c0ce8273ab17cc3b62cf60faa929acc4b540cb9400078ff38a34283257d5 cookieState=9433c0ce8273ab17cc3b62cf60faa929acc4b540cb9400078ff38a34283257d5
t=2020-07-12T18:20:22+0200 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="Error getting email address: <html><head><title>Error</title></head><body>Not Found</body></html>"
t=2020-07-12T18:20:22+0200 lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.40.192.79 time_ms=97 size=1771 referer=https://10-37-137-129.rhev.lab.eng.brq.redhat.com/ovirt-engine-grafana/login
"""

Also marking as a regression because of the HTTP 500.

Comment 1 Martin Perina 2020-07-13 11:48:14 UTC
Error is produced by Grafana, so it needs to be fixed there

Comment 2 RHEL Program Management 2020-07-14 12:44:53 UTC
This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.

Comment 3 Yedidyah Bar David 2020-07-15 12:02:40 UTC
Can you make a non-admin user login via SSO if you invite it (see bug 1846256)?

If so, then everything seems to me to work as designed.

If not, then I agree that's a bug, but we'll probably not fix it before bug 1835163.

If your only concern is the error message, please file a bug against grafana.

Also, please explain where the regression is. What used to work that is now broken.

I suggest to close notabug, or duplicate of bug 1835163.

If you still think this is a bug in oVirt (setup, the engine, whatever), please attach all relevant logs, and explain the flow (including whether you invited the user or not).

Thanks!

Comment 4 Pavel Novotny 2020-09-07 14:34:38 UTC
OK, the error page appears only when trying to SSO with a user without accepted Grafana invitation,
which is fine then.
I agree that the error message format is matter for Grafana itself, not oVirt.

Therefore closing this as not a bug (I don't think it's duplicate of bug 1835163).


Note You need to log in before you can comment on or make changes to this bug.