Bug 1907480 - `Active alerts` section throwing forbidden error for users.
Summary: `Active alerts` section throwing forbidden error for users.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.7.0
Assignee: Vikram Raj
QA Contact: spathak@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 1927800
TreeView+ depends on / blocked
 
Reported: 2020-12-14 15:33 UTC by Rahul Rajendran
Modified: 2023-09-15 00:53 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:43:42 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Screenshot from Dev-console. (124.88 KB, image/png)
2020-12-14 15:33 UTC, Rahul Rajendran
no flags Details
`Active alerts` section not throwing forbidden error for users. (103.44 KB, image/png)
2021-01-21 09:57 UTC, spathak@redhat.com
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 7826 0 None closed Bug 1907480: fix query browser prometheus URL for non admin user 2021-02-16 01:02:12 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:44:00 UTC

Description Rahul Rajendran 2020-12-14 15:33:07 UTC
Created attachment 1738987 [details]
Screenshot from Dev-console.

Description of problem:

After creating alert rules for user-namespaces, there is a `forbidden` error shown in the `Active alerts` section while viewing the alerting rule.

Version-Release number of selected component (if applicable):


How reproducible:

100 %

Steps to Reproduce:
1. Create a user having the roles `admin`, `monitoring-rules-view` and `monitoring-edit`in a namespace of a `user-workload monitoring` enabled cluster.

2. Create an alert rule in the namespace.

3. Check the `Active Alerts` section of the developer console (i.e Developer console --> Monitoring --> Alerts -->  View alerting Rule)

Actual results:
An error message showing `AN ERROR OCCURED      FORBIDDEN`

Expected results:
No error message should be shown.

Additional info:

This issues seems not be hitting for a user having cluster wide access.

The dev console proxies seems to be routed incorrectly.

~~~
right:
Request URL: https://console-openshift-console.apps.ci-ln-ypz5i9t-f76d1.origin-ci-int-gce.dev.openshift.com/api/prometheus-tenancy/api/v1/query_range?start=1607954842.998&end=1607956642.998&step=6&namespace=sur-project&query=version%7Bjob%3D%22prometheus-example-app%22%2Cnamespace%3D%22sur-project%22%7D+%3D%3D+0&timeout=30s

wrong:
Request URL: https://console-openshift-console.apps.ci-ln-ypz5i9t-f76d1.origin-ci-int-gce.dev.openshift.com/api/prometheus/api/v1/query_range?start=1607954825.049&end=1607956625.049&step=6&query=version%7Bjob%3D%22prometheus-example-app%22%2Cnamespace%3D%22sur-project%22%7D+%3D%3D+0&timeout=30
s

right:
Request URL: https://console-openshift-console.apps.ci-ln-ypz5i9t-f76d1.origin-ci-int-gce.dev.openshift.com/api/prometheus-tenancy/api/v1/rules?namespace=sur-project

wrong:
Request URL: https://console-openshift-console.apps.ci-ln-ypz5i9t-f76d1.origin-ci-int-gce.dev.openshift.com/api/prometheus/api/v1/rules
~~~


Please find the attachment for the screenshot of the error.

Comment 2 spathak@redhat.com 2021-01-21 09:57:22 UTC
Created attachment 1749333 [details]
`Active alerts` section not throwing forbidden error for users.

Comment 3 spathak@redhat.com 2021-01-21 09:58:56 UTC
Verified on build version: 4.7.0-0.nightly-2021-01-19-095812
Browser version: Chrome 84

Comment 5 Vikram Raj 2021-02-11 14:53:15 UTC
Yes @jkaur, we are porting it to 4.6.

Comment 8 errata-xmlrpc 2021-02-24 15:43:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Comment 9 Red Hat Bugzilla 2023-09-15 00:53:00 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days


Note You need to log in before you can comment on or make changes to this bug.