Uploaded image for project: 'Observability UI'
  1. Observability UI
  2. OU-574

Loki custom log alerts not visible in the admin console for user with clusterrole `alertingrules.loki.grafana.com-v1-admin`

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • OpenShift 4.16
    • Admin-Console
    • False
    • Hide

      None

      Show
      None
    • False
    • NEW
    • NEW

      A user with the clusterrole `alertingrules.loki.grafana.com-v1-admin`  cannot see custom loki log alerts in the admin console as expected: [1]

      This cluster role grants permissions to create, read, update, delete, list, and watch {{AlertingRule}} resources within the {{loki.grafana.com/v1}} API group.

      See attached image: on the left, the kubeadmin user is logged in, note the alert firing for `TestappHighErrorRate` - this is a loki custom log alert as is detailed in this article [2]
      on the top right, user3 is logged in, notice the alert is missing. 

      the bottom right shows that user3, has clusteradmin - required to acces the parent navigtion of "observe" 
      in addition they also have a clusterrole granting access to all application logs...as well as the cluster role grating explicit access to loki alerting rules 

      • alertingrules.loki.grafana.com-v1-admin 

      [1] - https://docs.openshift.com/container-platform/4.16/observability/logging/logging_alerts/custom-logging-alerts.html#loki-rbac-rules-permissions_custom-logging-alerts

      [2]- https://access.redhat.com/articles/7073775 

        1. LoggingalertFiring-withalertingClusterRole.png
          LoggingalertFiring-withalertingClusterRole.png
          251 kB

              gbernal@redhat.com Gabriel Bernal
              rhn-support-nigsmith Nigel Smith
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: