2022114 – Console logging every proxy request

Bug 2022114 - Console logging every proxy request

Summary: Console logging every proxy request

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Management Console
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Samuel Padgett
QA Contact:	Yadan Pei
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2024115 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-11-10 18:56 UTC by Samuel Padgett
Modified:	2022-03-10 16:27 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:	Version: 4.10.0-0.nightly-2021-11-09-181140 Cluster ID: b60dd994-0676-4a81-9cdd-a212351e3ecf Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.114 Safari/537.36
Last Closed:	2022-03-10 16:26:42 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift console pull 10434	0	None	open	Bug 2022114: Don't log all proxy requests by default	2021-11-10 19:04:41 UTC
Red Hat Product Errata	RHSA-2022:0056	0	None	None	None	2022-03-10 16:27:16 UTC

Description Samuel Padgett 2021-11-10 18:56:35 UTC

Console logs a message for every proxy request to the pod logs. It looks like we've left some debugging statements in the code. For example:

I1110 13:55:37.882453   25227 proxy.go:104] PROXY: `openapi/v2`
I1110 13:55:47.874796   25227 proxy.go:104] PROXY: `/apis/helm.openshift.io/v1beta1/helmchartrepositories`
I1110 13:55:47.877439   25227 proxy.go:104] PROXY: `openapi/v2`
I1110 13:55:48.853904   25227 proxy.go:104] PROXY: `apis/config.openshift.io/v1/clusterversions/version`
I1110 13:55:51.925532   25227 proxy.go:104] PROXY: `v2/silences`
I1110 13:55:52.875994   25227 proxy.go:104] PROXY: `v1/rules`
I1110 13:55:57.873108   25227 proxy.go:104] PROXY: `/apis/helm.openshift.io/v1beta1/helmchartrepositories`
I1110 13:55:57.875624   25227 proxy.go:104] PROXY: `openapi/v2`
I1110 13:56:07.877771   25227 proxy.go:104] PROXY: `/apis/helm.openshift.io/v1beta1/helmchartrepositories`
I1110 13:56:07.880012   25227 proxy.go:104] PROXY: `openapi/v2`
I1110 13:56:07.881418   25227 proxy.go:104] PROXY: `v2/silences`
I1110 13:56:07.883009   25227 proxy.go:104] PROXY: `api/v1/namespaces/openshift-console/pods/console-75dc964c49-sr275`
I1110 13:56:08.875522   25227 proxy.go:104] PROXY: `v1/rules`

Comment 1 Samuel Padgett 2021-11-17 12:58:17 UTC

*** Bug 2024115 has been marked as a duplicate of this bug. ***

Comment 3 Yadan Pei 2021-11-29 01:37:05 UTC

1. fetch latest console code and build `bridge` 
2. Run './bin/bridge'
 ~/go/src/github.com/openshift/console/ [master] source ./contrib/oc-environment.sh 
Using https://api.qe-ui410-1129.qe.devcluster.openshift.com:6443
 ~/go/src/github.com/openshift/console/ [master] ./bin/bridge 
W1129 09:32:19.508701   11745 main.go:207] Flag inactivity-timeout is set to less then 300 seconds and will be ignored!
W1129 09:32:19.509152   11745 main.go:283] cookies are not secure because base-address is not https!
W1129 09:32:19.509214   11745 main.go:546] running with AUTHENTICATION DISABLED!
I1129 09:32:19.510997   11745 main.go:662] Binding to 0.0.0.0:9000...
I1129 09:32:19.511012   11745 main.go:667] not using TLS
2021/11/29 09:32:33 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/apiextensions.k8s.io/v1/customresourcedefinitions?watch=true&resourceVersion=52797
2021/11/29 09:32:35 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/config.openshift.io/v1/oauths?watch=true&fieldSelector=metadata.name%3Dcluster
2021/11/29 09:32:36 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/config.openshift.io/v1/clusterversions?watch=true&fieldSelector=metadata.name%3Dversion
2021/11/29 09:32:36 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/api/v1/namespaces/openshift-monitoring/secrets?watch=true&fieldSelector=metadata.name%3Dalertmanager-main
2021/11/29 09:32:37 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/storage.k8s.io/v1/storageclasses?watch=true&resourceVersion=52812
2021/11/29 09:32:37 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/api/v1/persistentvolumeclaims?watch=true&resourceVersion=52812
2021/11/29 09:32:38 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/machineconfiguration.openshift.io/v1/machineconfigpools?watch=true&resourceVersion=52813
2021/11/29 09:32:38 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/console.openshift.io/v1/consolequickstarts?watch=true&resourceVersion=52811
2021/11/29 09:32:39 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/apis/console.openshift.io/v1/consolenotifications?watch=true&resourceVersion=52813
2021/11/29 09:32:39 CheckOrigin: Proxy has no configured Origin. Allowing origin [http://localhost:9000] to wss://api.qe-ui410-1129.qe.devcluster.openshift.com:6443/api/v1/nodes?watch=true&resourceVersion=52812

not every proxy request are logged, verified

Comment 8 errata-xmlrpc 2022-03-10 16:26:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.