Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2918

[release-5.5] Non-admin user with 'view' role can't see any logs in 'Logs' view

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • OBSDA-8 - Allow log exploration natively inside the OpenShift Console to reduce the number of UIs users need to access and use to a bare minimum
    • VERIFIED
    • Hide
      Workaround:
      The cluster-logging-operator currently does not provide read-only access to application logs for non-admin users automatically. As a workaround for this issue, manually create a ClusterRole and ClusterRoleBinding granting the necessary privileges.

      Fix:
      Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.
      Show
      Workaround: The cluster-logging-operator currently does not provide read-only access to application logs for non-admin users automatically. As a workaround for this issue, manually create a ClusterRole and ClusterRoleBinding granting the necessary privileges. Fix: Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.
    • Log Storage - Sprint 224, Log Storage - Sprint 225

    Description

      Steps to reproduce the issue:
      1. Enable the "Console plugin" by following the testing steps in the doc
      2. Assign view rule to a non-admin user (ex: testuser-0)
      oc adm policy add-cluster-role-to-user view testuser-0
      3. Create application for logs with  testuser-0
      4. login to console with testuser-0

      Actual: 

       

      Expected: 

      • Query for "infrastructure" or "audit" logs shows nothing.
      • Query for "application" logs shows only logs that the user has permission to see, i.e. logs for contains that the user can view using
        oc logs

      Attachments

        1. image-2022-08-10-18-06-40-367.png
          70 kB
          Giriyamma Karagere Ramaswamy

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. LOG-3072 Non-admin user with 'view' role can't see any logs in 'Logs' view

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. LOG-3020 Non-admin user cannot access Logging Console

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/cluster-logging-operator#1646: [release-5.5] LOG-2918: Reconcile role/binding allowing reading application logs

          mentioned on

          GitLab Merge request - Updated 3 upstream sources

          GitLab Merge request - Updated 6 upstream sources

          Activity

            People

              rojacob@redhat.com Robert Jacob
              gkarager Giriyamma Karagere Ramaswamy (Inactive)
              Giriyamma Karagere Ramaswamy Giriyamma Karagere Ramaswamy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: