Skip to content

Commit 6d280ec

Browse files
committed
inspectalerts: improve error message when no bearer token is available
When using certificate-based authentication (e.g. system:admin from installer kubeconfig), the monitoring API on Thanos Querier rejects the request because kube-rbac-proxy only supports TokenReview-based authentication on the web port (9091). The previous error message ("no token is currently in use for this session") did not explain why it failed or what the user should do. Update the message to clarify that token-based auth is required and point users to 'oc login' Signed-off-by: Daniel Mellado <dmellado@fedoraproject.org>
1 parent a052bd4 commit 6d280ec

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

pkg/cli/admin/inspectalerts/inspectalerts.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ func (o *options) Run(ctx context.Context) error {
9999
// other forms of authentication.
100100
func ValidateRESTConfig(restConfig *rest.Config) error {
101101
if restConfig.BearerToken == "" && restConfig.BearerTokenFile == "" {
102-
return fmt.Errorf("no token is currently in use for this session")
102+
return fmt.Errorf("no bearer token available for this session; the monitoring API requires token-based authentication, use 'oc login'")
103103
}
104104
return nil
105105
}

0 commit comments

Comments
 (0)