Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4905

The regular user can not display app logs after grant cluster-logging-application-view role on OCP 4.15 Console

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Prior to this fix, the developer console's logs did not account for the current namespace, resulting in query rejection for users without cluster-wide log access. The fix now ensures correct namespace inclusion for all supported OCP versions
    • Bug Fix
    • Log Collection - Sprint 247
    • Important

      Description of problem:

      On Openshift v4.15, the regular user can not display app logs after grant cluster-logging-application-view role. this function works on Openshift v4.14.

      How reproducible:

      Alawys

      Steps to Reproduce:

      1) Deploy clusterlogging and lokistack, send logs to lokistack using vector.

      apiVersion: "logging.openshift.io/v1"
      kind: "ClusterLogging"
      metadata:
        name: "instance"
        namespace: openshift-logging
      spec:
        managementState: "Managed"
        logStore:
      	type: "lokistack"
      	lokistack:
        	name: lokistack-sample
        collection:
      	type: "vector"
      

      2) testuser-1 create pods under project-testuser-1
      3) grant testuser-1 view logs/alerts to project-testuser-1

      oc -n project-testuser-1 policy add-role-to-user admin testuser-1
      oc -n project-testuser-1 policy add-role-to-user cluster-logging-application-view testuser-1
      oc -n project-testuser-1 policy add-role-to-user monitoring-rules-edit testuser-1
      oc -n project-testuser-1 policy add-role-to-user cluster-monitoring-view  testuser-1
      

      4)query application logs using the token of testuser-1

      Check the logs in DevConsole as testuser-1
      
      

      Actual results:

      Can not display logs.

      Expected results:

      pod logs can be displayed in DevConsole

      Additional info:

      Once prompt testuser-1 to cluster-admin role, the user can see the logs

            gbernal@redhat.com Gabriel Bernal
            rhn-support-anli Anping Li
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: