-
Notifications
You must be signed in to change notification settings - Fork 11.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unauthorized 401 for endpoint /api/datasources/name/foo?orgId=bar #11831
Comments
|
Here is a log entry for a failed request:
|
I also get some
|
|
@limscoder thanks.
Why doesn't it match? Have you tried making them match or remove the orgId querystring param alltogether? How often are you running these scripts? Are the scripts calling specific pods, load-balanced endpoint and/or from outside kubernetes? The 302 status tells me that Grafana is responding with a redirect. This may be due to how you configured Grafana. Can you please include your server section from the Grafana configuration ? Would it be possible for you to change the log level to debug, see documentation. And then see if the logs contain any other interesting information. |
I think I was incorrectly understanding how users work in Grafana. This user has admin permissions in all orgs.
This is a command line tool that loops through all of our Grafana orgs and hits some API endpoints to configure them. It's currently calling specific pods from outside of kubernetes via Here's the server config: [server]
;protocol = http
;http_addr =
;http_port = 3000
;domain = localhost
;enforce_domain = false
root_url = https://{reverse-proxy-domain}/
;router_logging = false
;static_root_path = public
;enable_gzip = false
;cert_file =
;cert_key = I'll try to get some debug logs. |
Belated update: I see no difference in behavior or logs when running within the Kube cluster vs running outside with Kubectl, and I also don't see any additional log information with debug level. I see the 302 and 401 requests listed in a comment above in the logs and nothing else. Behavior seems to be specific to the |
Feels a bit similar to #10727 - do you see any Failed to get user with id log messages related to your unauthorized log message? |
Have you tried switching the org of the admin user: curl -X POST http://admin:admin@localhost:3000/api/user/using/<id of the org> http://docs.grafana.org/http_api/user/#switch-user-context-for-signed-in-user |
orgId is not a valid query parameter to this api call so closing this |
What Grafana version are you using?
5.1.0 - Docker image
What datasource are you using?
Prom
What OS are you running grafana on?
Running multiple pods in GKE Kubernetes on ContainerOptimizedOS nodes
What did you do?
GET request to endpoint from script (not through UI):
/api/datasources/name/foo?orgId=bar
I'm using basic auth as super admin user and admin user's orgId does NOT match orgId in query params
What was the expected result?
200 response
What happened instead?
Sometimes it works, sometimes it returns a 401. It appears to randomly return 200 or 401 when the same request is repeated in a loop.
Maybe related
#11757
#11715
The text was updated successfully, but these errors were encountered: