Details
-
Bug
-
Resolution: Done-Errata
-
Critical
-
Logging 5.8.1, Logging 5.9.0
-
False
-
None
-
False
-
NEW
-
NEW
-
Prior to this fix, the developer console's logs did not account for the current namespace, resulting in query rejection for users without cluster-wide log access. The fix now ensures correct namespace inclusion for all supported OCP versions
-
Bug Fix
-
Log Collection - Sprint 247
Description
Description of problem:
On Openshift v4.15, the regular user can not display app logs after grant cluster-logging-application-view role. this function works on Openshift v4.14.
How reproducible:
Alawys
Steps to Reproduce:
1) Deploy clusterlogging and lokistack, send logs to lokistack using vector.
apiVersion: "logging.openshift.io/v1" kind: "ClusterLogging" metadata: name: "instance" namespace: openshift-logging spec: managementState: "Managed" logStore: type: "lokistack" lokistack: name: lokistack-sample collection: type: "vector"
2) testuser-1 create pods under project-testuser-1
3) grant testuser-1 view logs/alerts to project-testuser-1
oc -n project-testuser-1 policy add-role-to-user admin testuser-1 oc -n project-testuser-1 policy add-role-to-user cluster-logging-application-view testuser-1 oc -n project-testuser-1 policy add-role-to-user monitoring-rules-edit testuser-1 oc -n project-testuser-1 policy add-role-to-user cluster-monitoring-view testuser-1
4)query application logs using the token of testuser-1
Check the logs in DevConsole as testuser-1
Actual results:
Can not display logs.
Expected results:
pod logs can be displayed in DevConsole
Additional info:
Once prompt testuser-1 to cluster-admin role, the user can see the logs
Attachments
Issue Links
- is cloned by
-
-
- Closed
-
- links to
-
RHBA-2024:1065
Logging for Red Hat OpenShift - 5.8.4
- mentioned on
