Bug 2024199
| Summary: | 400 Bad Request error for some queries for the non admin user | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Vikram Raj <viraj> | ||||
| Component: | Monitoring | Assignee: | Jan Fajerski <jfajersk> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Junqi Zhao <juzhao> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 4.9 | CC: | amuller, anpicker, aos-bugs, erooth, juzhao, spasquie | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 4.10.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 2030630 (view as bug list) | Environment: | |||||
| Last Closed: | 2022-03-10 16:28:46 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 2030630 | ||||||
| Attachments: |
|
||||||
This is part of 4.9 regression bug 2022707, so I'm increasing this to medium severity. The issue is that in order to fix bug 2022707, we want to add the `namespace` GET parameter to the query requests. However, one PromQL query in the "Kubernetes / Compute Resources / Namespace (Workloads)" dashboard definition contains a `namespace=~` label matcher. This results in the error `label matcher value (namespace="dev-ns") conflicts with injected value (namespace=~"dev-ns")`. I think the dashboard query can be changed from `=~` to `=`, which will solve the problem. (Maybe it should have always been `=`?) (In reply to Andrew Pickering from comment #3) > I think the dashboard query can be changed from `=~` to `=`, which will > solve the problem. (Maybe it should have always been `=`?) This is correct. In fact one could argue that the query really always was `=` and not `=~` as prom-label-proxy simply silently replaced this matcher. The recent change has simply exposed this. I proposed https://github.com/kubernetes-monitoring/kubernetes-mixin/pull/706 to fix this. *** Bug 2020522 has been marked as a duplicate of this bug. *** The fix is in CMO master now. Assigning to QA. tested with 4.10.0-0.nightly-2021-12-18-034942, followed steps in comment 0, no error for the dashboard now Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |
Created attachment 1842365 [details] Observe dashboard 400 bad request error Description of problem: After logging in as a non-admin user to the console. Getting 400 Bad Request error alert on dev console Observe dashboard. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Logged in as a non-admin user with a self-provision Role only. 2. Switched to Dev perspective and create a namespace and some add some workloads to it. 3. Navigate to Observe dashboard. 4. Select `Kubernetes / Compute Resources / Namespace (Workloads)` dashboard from the Dashboard dropdown. Actual results: 1. Type dropdown not loading query fails with 400 Bad request error 2. Some of the graph is not loading query fails with 400 Bad request error Expected results: The dashboard should load without any error. Additional info: 1. In the dev console Observe dashboard, we use `prometheus-tenancy` URL for getting data from queries. 2. After replacing `namespace=~` with `namespace=` in the query, we are not getting 400 Bad request error.