NETOBSERV-1621: fix error messages

[jpinsonneau]

Description

This PR fixes multiple cases:

• when user is not authorized, error coming from getConfig was ignored
• added suggestions for Lokistack / Manual auth configurations
• when loki query is failing, /ready endpoint error is now displayed in console to avoid confusion
• when network issue is the root cause, it suggest to check connectivity

Also refactored the code to prepare for Prometheus datasource and added a denyAll checker for debugging

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

[openshift-ci-robot]

@jpinsonneau: This pull request references NETOBSERV-1621 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.16.0" version, but no target version was set.

In response to this:

Description

This PR fixes multiple cases:

• when user is not authorized, error coming from getConfig was ignored
• added suggestions for Lokistack / Manual auth configurations
• when loki query is failing, /ready endpoint error is now displayed in console to avoid confusion
• when network issue is the root cause, it suggest to check connectivity

Also refactored the code to prepare for Prometheus datasource and added a denyAll checker for debugging

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
• If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
• If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
• If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
• Standard QE validation, with pre-merge tests unless stated otherwise.
• Regression tests only (e.g. refactoring with no user-facing change).
• No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:c905b62

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=c905b62 make set-plugin-image

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 50.36496% with 68 lines in your changes missing coverage. Please review.

Project coverage is 56.55%. Comparing base (622fc9f) to head (adf53cd).

❗ Current head adf53cd differs from pull request most recent head c7600fd

Please upload reports for the commit c7600fd to get more accurate results.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #523      +/-   ##
==========================================
- Coverage   56.65%   56.55%   -0.11%     
==========================================
  Files         174      173       -1     
  Lines        9003     9042      +39     
  Branches     1180     1183       +3     
==========================================
+ Hits         5101     5114      +13     
- Misses       3536     3560      +24     
- Partials      366      368       +2     

Flag	Coverage Δ
uitests	57.94% <61.00%> (+0.08%)	⬆️
unittests	52.64% <21.62%> (-0.58%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
...c/components/netflow-overview/netflow-overview.tsx	67.41% <100.00%> (-0.13%)	⬇️
web/src/components/netflow-table/netflow-table.tsx	71.57% <100.00%> (-0.59%)	⬇️
...c/components/netflow-topology/netflow-topology.tsx	66.66% <83.33%> (-1.52%)	⬇️
web/src/utils/config.ts	85.71% <70.00%> (-1.79%)	⬇️
web/src/components/netflow-tab.tsx	63.33% <50.00%> (-4.60%)	⬇️
pkg/server/routes.go	71.42% <38.46%> (-16.46%)	⬇️
web/src/components/messages/error.tsx	39.47% <50.00%> (ø)
web/src/components/netflow-traffic.tsx	57.57% <45.16%> (-0.05%)	⬇️
pkg/kubernetes/auth/check_auth.go	63.63% <12.50%> (-23.16%)	⬇️

[jotak]

on this particular point:

when user is not authorized, error coming from getConfig was ignored

Isn't it on purpose? Or perhaps just accidental, but it seems logical that non-authorized users should not be able to get insights in the config

[jotak]

Approving although I'd like to have a discussion on the comment I left above ; but in the meantime I guess it's ok to be verified by QE
/lgtm

[jotak]

We will need to backport that

[jpinsonneau]

on this particular point:

when user is not authorized, error coming from getConfig was ignored

Isn't it on purpose? Or perhaps just accidental, but it seems logical that non-authorized users should not be able to get insights in the config

The frontend was not showing any error here which means it uses default config and run flow / metrics queries before getting the not authorized error.
When the user is not loggued in, first call to API must return an error (ie /api/frontend-config here).

[jpinsonneau]

Rebased but started to have issues with testing 🤔

I have added a fix to bypass the error when getLokiReady is not defined but I don't know why this happens now:
e9cbb12

[jotak]

@memodi @jpinsonneau do you understand the cypress errors? Is that something requiring a change on the cypress test side?
I believe we want to have this fix in the release, don't we?

[jotak]

/retest-required

[jpinsonneau]

@memodi @jpinsonneau do you understand the cypress errors? Is that something requiring a change on the cypress test side? I believe we want to have this fix in the release, don't we?

It seems to be related to prometheus enabled in the FlowCollector but not provided in the test cluster:

time="2024-06-03T07:14:27Z" level=error msg="Error in QueryMatrix" error="error from Prometheus query: Post \"http://prometheus:9090/api/v1/query_range\": dial tcp: lookup prometheus on 172.30.0.10:53: no such host" module=prometheus

[jotak]

/test plugin-cypress

[jotak]

tests pass \o/
/lgtm

[memodi]

/ok-to-test

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:8a1f905

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=8a1f905 make set-plugin-image

[memodi]

thanks the test passes now, however a small issue UI issue now is - the Traffic flows is now greyed out even with Loki is enabled, it displays the correct error message though.

[jpinsonneau]

Rebased without changes

[jpinsonneau]

thanks the test passes now, however a small issue UI issue now is - the Traffic flows is now greyed out even with Loki is enabled, it displays the correct error message though.

@memodi this tab is enabled only when Loki datasource is available. By default, none are available until the config is loaded from the configmap through the backend API.

If your user doesn't have the proper rights to load the content, the tab will be greyed out as we can't load the config either. Is that an issue for you ?

[jotak]

/lgtm

[memodi]

@memodi this tab is enabled only when Loki datasource is available. By default, none are available until the config is loaded from the configmap through the backend API.

If your user doesn't have the proper rights to load the content, the tab will be greyed out as we can't load the config either. Is that an issue for you ?

@jpinsonneau in that case the information message is misleading, because in my case loki was enabled and it asks for loki to be enabled for Traffic flows tab. I was hoping to Traffic flows will be consistently enabled like Topology and Overview tabs and this hasn't been issue until 1.5 release.

[jpinsonneau]

I can enable all datasources by default in that case so the view will be enabled until we check for config when the user has the proper rights

[openshift-ci]

New changes are detected. LGTM label has been removed.

[memodi]

/ok-to-test

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:7b00437

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=7b00437 make set-plugin-image

[memodi]

/label qe-approved
(based on testing for 1.6 backport)

[openshift-ci-robot]

@jpinsonneau: This pull request references NETOBSERV-1621 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.17.0" version, but no target version was set.

In response to this:

Description

This PR fixes multiple cases:

• when user is not authorized, error coming from getConfig was ignored
• added suggestions for Lokistack / Manual auth configurations
• when loki query is failing, /ready endpoint error is now displayed in console to avoid confusion
• when network issue is the root cause, it suggest to check connectivity

Also refactored the code to prepare for Prometheus datasource and added a denyAll checker for debugging

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
• If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
• If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
• If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
• Standard QE validation, with pre-merge tests unless stated otherwise.
• Regression tests only (e.g. refactoring with no user-facing change).
• No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment