Uploaded image for project: 'Observability UI'
  1. Observability UI
  2. OU-657

Loki custom log alerts not visible in the admin console for user even if they are part of single group(cluster-admin)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • OpenShift 4.15
    • Admin-Console
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Earlier BUG https://issues.redhat.com/browse/OU-574 was reported that said if use is part of multiple groups then Loki custom alerts will not appear in 

      Admin Console > Oberve> Alerting > Alerting Rules > filter user rules

      Alerts are created using : 

      https://access.redhat.com/articles/7073775

      But for one of our Customer even if user is only part of Cluster-admin group still alerts are not visible in above. They are visible in Dev console with below issues

      [A] Custom alerts from Loki alertingrule are visible in all the namespace in developer console 
      https://issues.redhat.com/browse/OU-559

      https://issues.redhat.com/browse/LOG-6148

       

      [B] Custom alerts from Loki alertingrule shows blank o/p in Developer window AlertsRules
      https://issues.redhat.com/browse/OU-651

       

      Attaching screenshots from CU cluster for proof

      Reprod Deatils:

      1> Created a Cluster with lokistack
      OpenShift version4.16.0

      2> Create a user `aa`

      3> Add a group

      $ oc adm groups new cl-admin-group

      group.user.openshift.io/cl-admin-group created

      4> Add cluster admin permisstions to group

      $ oc adm policy add-cluster-role-to-group cluster-admin cl-admin-group

      clusterrole.rbac.authorization.k8s.io/cluster-admin added: "cl-admin-group"

      5> Add user to group

      oc adm groups add-users cl-admin-group aa

      group.user.openshift.io/cl-admin-group added: "aa"

      6> login as aa user

      oc login -u aa -p aa https://api.XXX.YYY:6443

      7> Create: https://access.redhat.com/articles/7073775

      8> Check below:

      anisal@anisal gcp_cluster % oc whoami
aa
anisal@anisal gcp_cluster % oc get clusterrolebindings -o json | jq --arg USER $(oc whoami) '.items[] | select(.subjects[0].name==$USER)' |jq '.subjects[0].name,.roleRef.name'
<NO OUTPUT>

      9> Check group:

      oc get group

      NAME             USERS

      cl-admin-group   aa

      10> Check alert in console with user aa:
      Admin 

      DevConsole:

       

       

       

       

        1. Screenshot 2025-02-14 at 7.32.59 PM.png
          Screenshot 2025-02-14 at 7.32.59 PM.png
          185 kB
        2. Screenshot 2025-02-14 at 7.31.53 PM.png
          Screenshot 2025-02-14 at 7.31.53 PM.png
          183 kB
        3. groups-2.JPG
          groups-2.JPG
          78 kB
        4. groups-1.JPG
          groups-1.JPG
          188 kB

              gbernal@redhat.com Gabriel Bernal
              rhn-support-anisal Apurva Nisal
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: