Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3373

cluster-monitoring-view user can not list servicemonitors on "Observe -> Targets" page

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • 4.12.0
    • Monitoring
    • None
    • Low
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      grant cluster-monitoring-view role to user pm1

      # oc adm policy add-cluster-role-to-user cluster-monitoring-view pm1

      login the administrator UI with pm1 user, go to  "Observe -> Targets" page, Monitor fields are blinking, debug the API, 403 error to list servicemonitors for user pm1

      {
        "kind": "Status",
        "apiVersion": "v1",
        "metadata": {},
        "status": "Failure",
        "message": "servicemonitors.monitoring.coreos.com is forbidden: User \"pm1\" cannot list resource \"servicemonitors\" in API group \"monitoring.coreos.com\" at the cluster scope",
        "reason": "Forbidden",
        "details": {
          "group": "monitoring.coreos.com",
          "kind": "servicemonitors"
        },
        "code": 403
      } 

      Version-Release number of selected component (if applicable):

      4.12.0-0.nightly-2022-11-08-002816

      How reproducible:

      always

      Steps to Reproduce:

      1. cluster-monitoring-view user, go to  "Observe -> Targets" page
      2.
      3.
      

      Actual results:

      cluster-monitoring-view user can not list servicemonitors

      Expected results:

      no error

      Additional info:

      not sure if we allow cluster-monitoring-view user to list servicemonitors, we can close it if it's expected

            jezhu@redhat.com Jenny Zhu
            juzhao@redhat.com Junqi Zhao
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: