Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-7421

Regression Netobserv LokiGateway not applying OR filtering to queries

XMLWordPrintable

    • Quality / Stability / Reliability
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • NEW
    • VERIFIED
    • Before this bug when the LokiStack tenant was openshift-network the loki-gateway was not applying the OR expression that it was before. This bugfix corrects that behaviour to once again inject that expression in queries
    • Bug Fix
    • Logging - Sprint 274, Logging - Sprint 275, Logging - Sprint 276
    • Important

      Description of problem:

      When user is non-admin accessing the logs, Loki 6.3.0 doesn't respect all the labels passed. It returns the logs even when one of the label matches the logs.

      This doesn't seem to happen when user is kubeadmin

      Version-Release number of selected component (if applicable):

      6.3.0

      How reproducible:

      Consistently

      Steps to Reproduce:

      • Create namespaces as non-admin user.
      • Fetch logs from loki using logcli with query where some labels are not expected match and some labels are expected.
      • For instance in below example it returned results for label matching  'SrcK8S_Type="Service"' in query '{app="netobserv-flowcollector", SrcK8S_Namespace="test-server-63839", DstK8S_Namespace="test-client-63839", FlowDirection="0", SrcK8S_OwnerName="nginx-service"}' 

       

      $ oc whoami
testuser-0

$ oc projects
You have access to the following projects and can switch between them with ' project <projectname>':

testuser-0-x760gl9w-client
testuser-0-x760gl9w-server

$ logcli -o raw --tls-skip-verify --bearer-token="$(oc whoami -t)" --org-id=openshift-network --addr=https://lokistack-netobserv.apps.memodi-07240950.qe.devcluster.openshift.com/api/logs/v1/network query '{app="netobserv-flowcollector", SrcK8S_Namespace="test-server-63839", DstK8S_Namespace="test-client-63839", FlowDirection="0", SrcK8S_OwnerName="nginx-service"}' --limit 2 | jq



2025/07/24 16:39:02 https://lokistack-netobserv.apps.memodi-07240950.qe.devcluster.openshift.com/api/logs/v1/network/loki/api/v1/query_range?direction=BACKWARD&end=1753389542280722000&limit=2&query=%7Bapp%3D%22netobserv-flowcollector%22%2C+SrcK8S_Namespace%3D%22test-server-63839%22%2C+DstK8S_Namespace%3D%22test-client-63839%22%2C+FlowDirection%3D%220%22%2C+SrcK8S_OwnerName%3D%22nginx-service%22%7D&start=1753385942280722000
2025/07/24 16:39:02 Common labels: {DstK8S_Namespace="testuser-0-x760gl9w-client", DstK8S_OwnerName="client", DstK8S_Type="Pod", FlowDirection="0", K8S_FlowLayer="app", SrcK8S_Namespace="testuser-0-x760gl9w-server", SrcK8S_OwnerName="nginx-service", SrcK8S_Type="Service", app="netobserv-flowcollector"}
{
  "DstK8S_OwnerType": "Pod",
  "DstMac": "0a:58:0a:81:02:1d",
  "Packets": 8,
  "TimeFlowEndMs": 1753389534319,
  "Sampling": 1,
  "Bytes": 103180,
  "Etype": 2048,
  "DstK8S_HostIP": "10.0.48.212",
  "AgentIP": "10.0.48.212",
  "DstAddr": "10.129.2.29",
  "SrcPort": 8080,
  "SrcK8S_NetworkName": "primary",
  "DstPort": 40860,
  "SrcMac": "0a:58:0a:81:02:1c",
  "Interfaces": [
    "bed2a652f9af16a"
  ],
  "Udns": [
    ""
  ],
  "Proto": 6,
  "DstK8S_Name": "client",
  "DstSubnetLabel": "Pods",
  "IfDirections": [
    1
  ],
  "SrcK8S_Name": "nginx-service",
  "DstK8S_NetworkName": "primary",
  "Flags": [
    "ACK",
    "SYN_ACK",
    "FIN_ACK"
  ],
  "SrcAddr": "172.30.67.241",
  "SrcK8S_OwnerType": "Service",
  "SrcSubnetLabel": "Services",
  "Dscp": 0,
  "TimeFlowStartMs": 1753389534318,
  "TimeReceived": 1753389539,
  "DstK8S_HostName": "ip-10-0-48-212.us-east-2.compute.internal"
}
{
  "Etype": 2048,
  "DstMac": "0a:58:0a:81:02:1d",
  "Bytes": 103180,
  "TimeReceived": 1753389534,
  "Proto": 6,
  "SrcK8S_OwnerType": "Service",
  "Udns": [
    ""
  ],
  "Sampling": 1,
  "Flags": [
    "ACK",
    "SYN_ACK",
    "FIN_ACK"
  ],
  "SrcAddr": "172.30.67.241",
  "DstAddr": "10.129.2.29",
  "DstPort": 40856,
  "TimeFlowEndMs": 1753389529313,
  "DstK8S_HostName": "ip-10-0-48-212.us-east-2.compute.internal",
  "SrcMac": "0a:58:0a:81:02:1c",
  "SrcK8S_Name": "nginx-service",
  "DstK8S_OwnerType": "Pod",
  "Interfaces": [
    "bed2a652f9af16a"
  ],
  "SrcK8S_NetworkName": "primary",
  "DstSubnetLabel": "Pods",
  "Packets": 8,
  "DstK8S_Name": "client",
  "DstK8S_HostIP": "10.0.48.212",
  "AgentIP": "10.0.48.212",
  "Dscp": 0,
  "DstK8S_NetworkName": "primary",
  "SrcSubnetLabel": "Services",
  "SrcPort": 8080,
  "TimeFlowStartMs": 1753389529313,
  "IfDirections": [
    1
  ]
}

       

      Actual results:

      Logs are returned even when some labels do not match.

      Expected results:

      No logs should be returned since some labels in same query does not match

      Additional info:

      https://redhat-internal.slack.com/archives/C02939DP5L5/p1753311945534509

      Must-gather link

              jmarcal@redhat.com Joao Marcal
              rhn-support-memodi Mehul Modi
              Kabir Bharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: