[LOG-2918] [release-5.5] Non-admin user with 'view' role can't see any logs in 'Logs' view - Red Hat Issue Tracker

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: Logging 5.5.2
Affects Version/s: Logging 5.5.0
Component/s: Log Storage
Labels:
- devel_ack+
- rn-done-resolved

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Log Console
Docs QE Status:
NEW
QE Status:
VERIFIED
Release Note Text:

Hide
Workaround:
The cluster-logging-operator currently does not provide read-only access to application logs for non-admin users automatically. As a workaround for this issue, manually create a ClusterRole and ClusterRoleBinding granting the necessary privileges.

Fix:
Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.

Show
Workaround: The cluster-logging-operator currently does not provide read-only access to application logs for non-admin users automatically. As a workaround for this issue, manually create a ClusterRole and ClusterRoleBinding granting the necessary privileges. Fix: Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.

Sprint:
Log Storage - Sprint 224, Log Storage - Sprint 225

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Steps to reproduce the issue:
1. Enable the "Console plugin" by following the testing steps in the doc
2. Assign view rule to a non-admin user (ex: testuser-0)
oc adm policy add-cluster-role-to-user view testuser-0
3. Create application for logs with testuser-0
4. login to console with testuser-0

Actual:

Expected:

Query for "infrastructure" or "audit" logs shows nothing.
Query for "application" logs shows only logs that the user has permission to see, i.e. logs for contains that the user can view using
oc logs

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

image-2022-08-10-18-06-40-367.png
70 kB
2022/08/10 12:36 PM

is cloned by

LOG-3072 Non-admin user with 'view' role can't see any logs in 'Logs' view

Closed

is duplicated by

LOG-3020 Non-admin user cannot access Logging Console

Closed

links to

openshift/cluster-logging-operator#1646: [release-5.5] LOG-2918: Reconcile role/binding allowing reading application logs

mentioned on

Merge request - Updated 3 upstream sources

Merge request - Updated 6 upstream sources

Assignee:: Robert Jacob

Reporter:: Giriyamma Karagere Ramaswamy (Inactive)

QA Contact:: Giriyamma Karagere Ramaswamy (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2022/08/10 12:32 PM

Updated:: 2022/09/27 3:46 PM

Resolved:: 2022/09/20 9:55 AM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide