Created attachment 1700738 [details] Grafana oVirt Auth non-admin user error Description of problem: If an already logged-in non-admin user tries to log into Grafna portal via the oVirt Engine Auth, the page crashes with an HTTP 500 error (see attached screenshot). Version-Release number of selected component (if applicable): ovirt-engine-4.4.1.8-0.7.el8ev.noarch ovirt-engine-dwh-4.4.1.2-1.el8ev.noarch How reproducible: always Steps to Reproduce: 1. Log into engine as a non-admin user. 2. Go to 'Monitoring Portal' Grafana login page. 3. Click 'Sign in with oVirt Engine Auth'. Actual results: HTTP 500 error page (see attached screenshot): """ Grafana / Server Error Sadly something went wrong login.OAuthLogin(get info from generic_oauth) Check the Grafana server logs for the detailed error message. """ Expected results: User-friendly error message, like 'You are not authorized...' or similar. Additional info: No related error message found in engine.log. grafana.log: """ t=2020-07-12T18:20:14+0200 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.40.192.79 time_ms=1 size=50 referer=https://10-37-137-129.rhev.lab.eng.brq.redhat.com/ovirt-engine/ t=2020-07-12T18:20:22+0200 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.40.192.79 time_ms=0 size=437 referer=https://10-37-137-129.rhev.lab.eng.brq.redhat.com/ovirt-engine-grafana/login t=2020-07-12T18:20:22+0200 lvl=info msg="state check" logger=oauth queryState=9433c0ce8273ab17cc3b62cf60faa929acc4b540cb9400078ff38a34283257d5 cookieState=9433c0ce8273ab17cc3b62cf60faa929acc4b540cb9400078ff38a34283257d5 t=2020-07-12T18:20:22+0200 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="Error getting email address: <html><head><title>Error</title></head><body>Not Found</body></html>" t=2020-07-12T18:20:22+0200 lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.40.192.79 time_ms=97 size=1771 referer=https://10-37-137-129.rhev.lab.eng.brq.redhat.com/ovirt-engine-grafana/login """ Also marking as a regression because of the HTTP 500.
Error is produced by Grafana, so it needs to be fixed there
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Can you make a non-admin user login via SSO if you invite it (see bug 1846256)? If so, then everything seems to me to work as designed. If not, then I agree that's a bug, but we'll probably not fix it before bug 1835163. If your only concern is the error message, please file a bug against grafana. Also, please explain where the regression is. What used to work that is now broken. I suggest to close notabug, or duplicate of bug 1835163. If you still think this is a bug in oVirt (setup, the engine, whatever), please attach all relevant logs, and explain the flow (including whether you invited the user or not). Thanks!
OK, the error page appears only when trying to SSO with a user without accepted Grafana invitation, which is fine then. I agree that the error message format is matter for Grafana itself, not oVirt. Therefore closing this as not a bug (I don't think it's duplicate of bug 1835163).