Closed ToonTijtgat2 closed 7 months ago
strange thing is at the moment the request happens I see that the logs state the it could not find the user. but still give back the correct groups and userid and everything. but why does it get the 403 then?
These lines do not happen for admin users
/api/internal/v1/teams?include_no_team=true&only_include_notifiable_teams=false&search=&short=true does result in an unauthorized message. maybe the api is not correct anymore?
My new test user does not appear under the users in the oncall plugin.
Maybe the 503 status is causing problems here? it states also that there would be an issue on certificates, but when I do a curl on the oncall pod to the same url, there is no issue.
however, when doing it with the admin account I see the same lines.
But when the error happens for the editor user the error is in source=engine:celery and when doing it with the admin user, the source is engine:app
I don't see the reason for the difference in the 2 usecases!?
@ToonTijtgat2 just to verify, does the problem persist if you logout as Editor, log in as Admin, logout and log in as Editor again?
@Matvey-Kuk I just tried, and indeed the issue persist.
it is probably related to the token.
This we resolved by keeping mirageSecretKey
constant through an external secret.
What went wrong?
What happened:
Users with the admin role have no issue using the oncall plugin.
What did you expect to happen:
How do we reproduce it?
Grafana OnCall Version
oncall version: 1.3.89 plugin version: 1.3.89 grafana version: 10.2.3
Product Area
Auth
Grafana OnCall Platform?
Kubernetes
User's Browser?
Firefow/google chrome / edge...
Anything else to add?
I tried again with older versions of oncall plugin 1.3.87/86 but it has the same behaviour. also with grafana version 10.2.2 is the same. Only downgrading oncall itself has not been tried out of fear that doing this would brake the setup.