Story (Required)

As a Konflux UI user trying to view PipelineRun logs, I want the UI to gracefully handle unauthorized access without continuously polling, so that it doesn't cause excessive load on the cluster or provide a poor user experience.

When a user without the necessary permissions attempts to access PipelineRun logs, the Konflux UI currently enters a loop where it retries the access request every ~10 seconds, which can lead to excessive resource consumption on the cluster.

Background (Required)

When a user attempts to access PipelineRun logs in the Konflux UI (e.g., `konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/.../logs`) without the necessary authorization, the UI loop to isefl with unauthorized errror. This persistent polling can lead to a denial-of-service (DoS) like effect on the cluster if multiple unauthorized users leave browser tabs open to such pages, or if a single user leaves it open for an extended period, continuously hitting the backend.

Out of scope

• Fixing the underlying authorization issues that prevent a user from accessing PipelineRun logs.

Approach (Required)

The Konflux UI should be modified to detect and handle unauthorized access errors (e.g., HTTP 401, 403 status codes) when attempting to fetch PipelineRun logs or related resources. Upon receiving such an error, the UI should:

• Display a clear, user-friendly "Access Denied" or "Unauthorized" message.
• Immediately cease any further polling or retry attempts for that specific resource.
• Avoid displaying continuous retry messages in the console or UI.

  Dependencies

None identified. This is a frontend-specific behavioral fix within the Konflux UI.

Acceptance Criteria (Mandatory)

• When an unauthorized user attempts to view PipelineRun logs, the Konflux UI displays a clear error message indicating lack of permission (e.g., "Access Denied", "Unauthorized").
• The Konflux UI stops making repeated API calls to fetch logs or related information immediately after receiving an unauthorized access error (e.g., 401/403 HTTP status code).
• The browser's developer console (network tab and console logs) does not show continuous polling attempts or "Waiting X seconds before retry..." messages after the initial unauthorized access attempt.
• The UI provides a static display reflecting the access denied state, rather than a dynamic, endlessly loading state.

INVEST Checklist

Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated

Legend

Unknown
Verified
Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met