-
Bug
-
Resolution: Done
-
Major
-
Logging 5.6.0
-
False
-
None
-
False
-
NEW
-
OBSDA-8 - Allow log exploration natively inside the OpenShift Console to reduce the number of UIs users need to access and use to a bare minimum
-
VERIFIED
-
Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.
-
Log Storage - Sprint 224, Log Storage - Sprint 225, Log Storage - Sprint 226, Log Storage - Sprint 227
Steps to reproduce the issue:
1. Enable the "Console plugin" by following the testing steps in the doc
2. Assign view rule to a non-admin user (ex: testuser-0)
oc adm policy add-cluster-role-to-user view testuser-0
3. Create application for logs with testuser-0
4. login to console with testuser-0
Actual:
Expected:
- Query for "infrastructure" or "audit" logs shows nothing.
- Query for "application" logs shows only logs that the user has permission to see, i.e. logs for contains that the user can view using
oc logs