Hide Forgot
tested with the PR, still see the error, see from the picture.
Hi @juzhao, UI cherry-pick PR to 4.9.z is not yet merged. I think that is the reason you are still getting Forbidden errors in the Developer perspective Observe dashboard. BZ ticket for 4.9.z UI changes is https://bugzilla.redhat.com/show_bug.cgi?id=2026414
The prometheus oauth-proxy container logs the following: 2022/01/20 09:50:08 provider.go:515: Permission denied for pm1 for check {"resource":"namespaces","scopes":[],"verb":"get"} 2022/01/20 09:50:08 oauthproxy.go:650: 10.131.0.9:58512 Permission Denied: user is unauthorized when redeeming token 2022/01/20 09:50:08 oauthproxy.go:445: ErrorPage 403 Permission Denied Invalid Account Afaiu that is the correct behavior a user needs to be authorized to GET namespace resources.
(In reply to Vikram Raj from comment #3) > Hi @juzhao, UI cherry-pick PR to 4.9.z is not yet merged. I think > that is the reason you are still getting Forbidden errors in the Developer > perspective Observe dashboard. BZ ticket for 4.9.z UI changes is > https://bugzilla.redhat.com/show_bug.cgi?id=2026414 we are testing with the PR, not test with the nightly payload which include the fix
@juzhao Can you please check again with a user that has GET priviliges on namespaces. This should get you past the permission check 2022/01/20 09:50:08 provider.go:515: Permission denied for pm1 for check {"resource":"namespaces","scopes":[],"verb":"get"}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.9.26 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1022