From 6d280ecd229bffcc247bb794e359a766da72118a Mon Sep 17 00:00:00 2001 From: Daniel Mellado Date: Mon, 25 May 2026 08:02:39 +0200 Subject: [PATCH] inspectalerts: improve error message when no bearer token is available When using certificate-based authentication (e.g. system:admin from installer kubeconfig), the monitoring API on Thanos Querier rejects the request because kube-rbac-proxy only supports TokenReview-based authentication on the web port (9091). The previous error message ("no token is currently in use for this session") did not explain why it failed or what the user should do. Update the message to clarify that token-based auth is required and point users to 'oc login' Signed-off-by: Daniel Mellado --- pkg/cli/admin/inspectalerts/inspectalerts.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cli/admin/inspectalerts/inspectalerts.go b/pkg/cli/admin/inspectalerts/inspectalerts.go index 8aa4cfdd80..62601928ff 100644 --- a/pkg/cli/admin/inspectalerts/inspectalerts.go +++ b/pkg/cli/admin/inspectalerts/inspectalerts.go @@ -99,7 +99,7 @@ func (o *options) Run(ctx context.Context) error { // other forms of authentication. func ValidateRESTConfig(restConfig *rest.Config) error { if restConfig.BearerToken == "" && restConfig.BearerTokenFile == "" { - return fmt.Errorf("no token is currently in use for this session") + return fmt.Errorf("no bearer token available for this session; the monitoring API requires token-based authentication, use 'oc login'") } return nil }