Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3373

cluster-monitoring-view user can not list servicemonitors on "Observe -> Targets" page

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • None
    • 4.12.0
    • Monitoring
    • None
    • Low
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      grant cluster-monitoring-view role to user pm1

      # oc adm policy add-cluster-role-to-user cluster-monitoring-view pm1

      login the administrator UI with pm1 user, go to  "Observe -> Targets" page, Monitor fields are blinking, debug the API, 403 error to list servicemonitors for user pm1

      {
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "servicemonitors.monitoring.coreos.com is forbidden: User \"pm1\" cannot list resource \"servicemonitors\" in API group \"monitoring.coreos.com\" at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "group": "monitoring.coreos.com",
    "kind": "servicemonitors"
  },
  "code": 403
}

      Version-Release number of selected component (if applicable):

      4.12.0-0.nightly-2022-11-08-002816

      How reproducible:

      always

      Steps to Reproduce:

      1. cluster-monitoring-view user, go to  "Observe -> Targets" page
2.
3.

      Actual results:

      cluster-monitoring-view user can not list servicemonitors

      Expected results:

      no error

      Additional info:

      not sure if we allow cluster-monitoring-view user to list servicemonitors, we can close it if it's expected

      Attachments

        Activity

          People

            jezhu@redhat.com Jenny Zhu
            juzhao@redhat.com Junqi Zhao
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: