Created attachment 1842365 [details] Observe dashboard 400 bad request error Description of problem: After logging in as a non-admin user to the console. Getting 400 Bad Request error alert on dev console Observe dashboard. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Logged in as a non-admin user with a self-provision Role only. 2. Switched to Dev perspective and create a namespace and some add some workloads to it. 3. Navigate to Observe dashboard. 4. Select `Kubernetes / Compute Resources / Namespace (Workloads)` dashboard from the Dashboard dropdown. Actual results: 1. Type dropdown not loading query fails with 400 Bad request error 2. Some of the graph is not loading query fails with 400 Bad request error Expected results: The dashboard should load without any error. Additional info: 1. In the dev console Observe dashboard, we use `prometheus-tenancy` URL for getting data from queries. 2. After replacing `namespace=~` with `namespace=` in the query, we are not getting 400 Bad request error.
This is part of 4.9 regression bug 2022707, so I'm increasing this to medium severity.
The issue is that in order to fix bug 2022707, we want to add the `namespace` GET parameter to the query requests. However, one PromQL query in the "Kubernetes / Compute Resources / Namespace (Workloads)" dashboard definition contains a `namespace=~` label matcher. This results in the error `label matcher value (namespace="dev-ns") conflicts with injected value (namespace=~"dev-ns")`. I think the dashboard query can be changed from `=~` to `=`, which will solve the problem. (Maybe it should have always been `=`?)
(In reply to Andrew Pickering from comment #3) > I think the dashboard query can be changed from `=~` to `=`, which will > solve the problem. (Maybe it should have always been `=`?) This is correct. In fact one could argue that the query really always was `=` and not `=~` as prom-label-proxy simply silently replaced this matcher. The recent change has simply exposed this. I proposed https://github.com/kubernetes-monitoring/kubernetes-mixin/pull/706 to fix this.
*** Bug 2020522 has been marked as a duplicate of this bug. ***
The fix is in CMO master now. Assigning to QA.
tested with 4.10.0-0.nightly-2021-12-18-034942, followed steps in comment 0, no error for the dashboard now
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056