Closed passarela closed 1 year ago
Hi. Policies look fine to me. I will try to replicate your scenario and see if I will got the same problem. Which version of the plugin are you using ?
Hi. Policies look fine to me. I will try to replicate your scenario and see if I will got the same problem. Which version of the plugin are you using ?
Hello, thanks for replying:
I'm using the following versions:
Grafana Community: 9.4.1 Oracle Cloud Infrastructure Logs Plugin: 3.0.0
Good, I was able to reproduce the issue on my lab. Can you try to create a simple dashboard ignoring the error during datasource configuration ?
Good, I was able to reproduce the issue on my lab. Can you try to create a simple dashboard ignoring the error during datasource configuration ?
When performing a query looking for all the logs of a compartment, I get the following error:
I performed a test by adding my Grafana user to the "Tenancy ADMIN" group and the query worked. There is still a permission issue;
Through an SR it was suggested to me to use the policy:
allow the grafana group to read all resources in the tenancy
I performed the test and it worked, but I believe it is a policy error, as those mentioned in the documentation should work.
allow group GrafanaLoggingUserGroup to read log groups on tenancy
allow group GrafanaLoggingUserGroup to read log contents in tenancy
allow group GrafanaLoggingUserGroup to read compartments in tenancy
Hi. YEs, the suggested policy looks too wide. However I noticed something strange in the rule you reported. In the documentation is stated that the following are required:
allow group grafana to read log-groups in tenancy
allow group grafana to read log-content in tenancy
allow group grafana to read compartments in tenancy
There is a "-" in log-groups and log-content.
Hi. YEs, the suggested policy looks too wide. However I noticed something strange in the rule you reported. In the documentation is stated that the following are required:
allow group grafana to read log-groups in tenancy allow group grafana to read log-content in tenancy allow group grafana to read compartments in tenancy
There is a "-" in log-groups and log-content.
It was just a typo here on github, these are my policies:
allow group ti_grafana to read metrics in tenancy
allow group ti_grafana to read compartments in tenancy
allow group ti_grafana to read log-groups in tenancy
allow group ti_grafana to read log-content in tenancy
By adding the policy suggested by oracle, the feature works, but this policy is very open.
allow the grafana group to read all resources in the tenancy
Do we have a fix to make the policies work as documented?
Adding the following policy make this work:
allow group grafana to read audit-events in tenancy
Hello
I am configuring Datasource LOGS and I get the error Data source is not working when I click to test. Below is the Grafana log.
To make sure the problem was permission I added the permission below for testing:
ALLOW GROUP GrafanaLoggingUserGroup to manage all-resources IN TENANCY
and Datasource worked!What am I doing wrong with the policies? what policies are missing?