metrics and alerts are not visible to users in new unified dashboard (OKD 4.19 onwards)

[vahidmohsseni]

User role:
Non-admin/tenant user

Issue:
Non-admin users cannot access metrics and alerts in the new unified dashboard. Attempting to view metrics results in a 403 Forbidden error.

Error Details:
Forbidden (user=XXXX, verb=get, resource=prometheuses, subresource=api)

The monitoring plugin seem to be responsible of setting the correct prometheus URL in web console. It has two different endpoints. One is meant for privileged admin (aka cluster-admin user) and the other one is for tenants (normal users).

The error message is Forbidden (user=XXXX, verb=get, resource=prometheuses, subresource=api) the endpoint for this request is: https://console.<CLUSTER_DOMAIN>/api/prometheus/api/v1/query_range?XXXXXX

To me it sounds like this comment

monitoring-plugin/web/src/components/MetricsPage.tsx

Line 665 in 1b36a45

// the PROMETHEUS_TENANCY_BASE_PATH for requests in the developer view

is not implemented in the code.

Workarounds:

1. As a first workaround, I changed this code

   monitoring-plugin/web/src/components/MetricsPage.tsx

   Line 677 in 1b36a45

   useTenancyPath: useMetricsTenancy,

   to check if namespace is defined and not empty, then the boolean value to be true.

2. The second workaround, although when enabling the "Developer Perspective" in the web console settings, normal users can see the Observe section and hence the metrics and alerts sections.