Description
When using JWT to auto login to the UI, the Percona admin specific endpoints (eg inventory) throw 401's.
This appears to be because those endpoints exclusively make use of the grafana session token which isnt set for JWT requests (despite auth.jwt.enable_login_token being set).
This looks to be a result of this grafana change
I surmise that a change similar to the one for LDAP will solve this (though im not sure of the reasoning behind it getting additional restrictions to begin with given the existing gating behind enable_login_token) and is probably far more trivial solution than making the admin endpoints support the other auth methods or creating an endpoint which sets a valid session cookie on demand (I looked for one but couldnt identify one at least)
Obviously at its core this stems from a grafana issue, but given the grafana version skew and the way the percona endpoint server appears to only use the cookie, it seemed starting here would be a faster resolution for the errors from the percona endpoint
Thank you
Expected Results
That a correctly logged in account with GrafanaAdmin should be able to access the data from the PMM admin endpoints
Actual Results
With the JSON request returning {"code":16,"error":"Unauthorized","message":"Unauthorized"}
Version
PMM Server v3.5
Steps to reproduce
No response
Relevant logs
Code of Conduct
Description
When using JWT to auto login to the UI, the Percona admin specific endpoints (eg inventory) throw 401's.
This appears to be because those endpoints exclusively make use of the grafana session token which isnt set for JWT requests (despite
auth.jwt.enable_login_tokenbeing set).This looks to be a result of this grafana change
I surmise that a change similar to the one for LDAP will solve this (though im not sure of the reasoning behind it getting additional restrictions to begin with given the existing gating behind
enable_login_token) and is probably far more trivial solution than making the admin endpoints support the other auth methods or creating an endpoint which sets a valid session cookie on demand (I looked for one but couldnt identify one at least)Obviously at its core this stems from a grafana issue, but given the grafana version skew and the way the percona endpoint server appears to only use the cookie, it seemed starting here would be a faster resolution for the errors from the percona endpoint
Thank you
Expected Results
That a correctly logged in account with
GrafanaAdminshould be able to access the data from the PMM admin endpointsActual Results
With the JSON request returning
{"code":16,"error":"Unauthorized","message":"Unauthorized"}Version
PMM Server v3.5
Steps to reproduce
No response
Relevant logs
Code of Conduct