1842445 – Shouldn't show token in delete and rollover pod logs

Bug 1842445 - Shouldn't show token in delete and rollover pod logs

Summary: Shouldn't show token in delete and rollover pod logs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Periklis Tsirakidis
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1843080
TreeView+	depends on / blocked

Reported:	2020-06-01 09:36 UTC by Anping Li
Modified:	2020-10-27 16:03 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-10-27 16:02:58 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift elasticsearch-operator pull 369	None	closed	Bug 1842445: Drop xtrace to ensure token not visible in logs	2020-09-22 20:39:17 UTC
Github	openshift elasticsearch-operator pull 377	None	closed	Bug 1842445: Drop curl verbosity in index management scripts	2020-09-22 20:39:17 UTC
Red Hat Product Errata	RHBA-2020:4196	None	None	None	2020-10-27 16:03:28 UTC

Description Anping Li 2020-06-01 09:36:32 UTC

Description of problem:
#oc logs elasticsearch-delete-infra-1591002900-rqfmf
++++ cat /var/run/secrets/kubernetes.io/serviceaccount/token
+++ curl -s 'https://elasticsearch:9200/infra-*/_alias/infra-write' --cacert /etc/indexmanagement/keys/admin-ca --cert /etc/indexmanagement/keys/admin-cert --key /etc/indexmanagement/keys/admin-key '-HAuthorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjF6RFJua0daQmVoWVphNUdQZEc2bF9HbUVqNldUZVlMYllIeEpCaWM2OEEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtbG9nZ2luZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJlbGFzdGljc2VhcmNoLXRva2VuLTd6MnRkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImVsYXN0aWNzZWFyY2giLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2ZDA1Y2RiMy0wNjJiLTRkODMtOWIxYS00N2U4OTlhYzQ2ZjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6b3BlbnNoaWZ0LWxvZ2dpbmc6ZWxhc3RpY3NlYXJjaCJ9.fOpV-T1s6eC3AviZUpoZrmmSuhorT8VR6PFAEthJ3V4sazC3o6BDOOYHZKk6cZcNSypyR9keY8UAqTU3DlvOsRucrTcDTlpw_PLzIbz4TV_wEulRo5DkopQICpVjF78r01hVYnkXzZaFwnLG2fYXaKTl0qgdyUVS0WAQgq_OzZWE_1UU0VRemXFDXQmgs-bVDpCu8sK59QfkiwYmtQfgGDIAc32kwBuV05Xk6YDbDeTR2Rom5ZwzI642S5lYl4p4ROH8fXT4vIiyQ7kHQL3PHLXlN6O-M1otCXpZRitUEMhcg_gRgRkh25TrvuYJuSOJSYIzBKxTrzYCGN7sTQY79g' -HContent-Type:application/json
++ writeIndices='{"infra-000001":{"aliases":{"infra-write":{"is_write_index":true}}}}'

Version-Release number of selected component (if applicable):
4.5.0

How reproducible:
always

Steps to Reproduce:
1. Deploy clusterlogging 4.5.0
2. Check elasticsearch-delete and elasticsearch-rollover pod logs

Actual results:


Expected results:


Additional info:

Comment 1 Jeff Cantrill 2020-06-03 15:59:13 UTC

Moving to medium because a security risk

Comment 4 Anping Li 2020-06-04 15:43:06 UTC

Failed in 4.6

Comment 7 errata-xmlrpc 2020-10-27 16:02:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Note You need to log in before you can comment on or make changes to this bug.