You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/11/22 10:00:29 UTC
[GitHub] [apisix-ingress-controller] abalage opened a new issue, #1472: bug: ingress-controller logs admin token in plaint text
abalage opened a new issue, #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472
### Issue description
I have changed the default admin key in apisix and apisix-ingress-controller.
Checking the logs of the ingress controller it logs the new admin token in plain text.
As container logs are usually collected and shipped to 3rd party systems this effect leaks sensitive data.
Issue is moved from apache/apisix-helm-chart#396
### Environment
- your apisix-ingress-controller version:
```
# /ingress-apisix/apisix-ingress-controller version --long
Version: 1.5.0
Git SHA: no-git-module
Go Version: go1.19.2
Building OS/Arch: linux/amd64
Running OS/Arch: linux/amd64
```
- your Kubernetes cluster version (output of kubectl version):
```
v1.23.7
```
### Minimal test code / Steps to reproduce
1. Change admin keys according to the [FAQ](https://github.com/apache/apisix-ingress-controller/blob/master/docs/en/latest/FAQ.md#how-do-i-modify-the-admin-api-key-in-apisix-ingress).
2. check application logs
3. look for `default_cluster_admin_key` and compare its value with the admin key you have just set
### Actual result
Ingress logs contain the admin key in plain text at the very beginning of the log file.
Snippet generated by `helm template` on release `0.11.2`.
```
apiVersion: v1
data:
config.yaml: |
# log options
log_level: "info"
log_output: "stderr"
cert_file: "/etc/webhook/certs/cert.pem"
key_file: "/etc/webhook/certs/key.pem"
http_listen: ":8080"
https_listen: ":8443"
ingress_publish_service:
enable_profiling: false
apisix-resource-sync-interval: 300s
kubernetes:
kubeconfig: ""
resync_interval: "6h"
app_namespaces:
- "cddmp"
namespace_selector:
- ""
election_id: "ingress-apisix-leader"
ingress_class: "apisix"
ingress_version: "networking/v1"
watch_endpointslices: false
apisix_route_version: "apisix.apache.org/v2"
enable_gateway_api: false
apisix:
default_cluster_base_url: http://apisix-admin.foobar.svc.cluster.local:9180/apisix/admin
default_cluster_admin_key: "newsecrettoken"
default_cluster_name: "default"
kind: ConfigMap
metadata:
name: apisix-configmap
namespace: cddmp
labels:
helm.sh/chart: ingress-controller-0.10.1
app.kubernetes.io/name: ingress-controller
app.kubernetes.io/instance: apisix
app.kubernetes.io/version: "1.5.0"
app.kubernetes.io/managed-by: Helm
```
### Error log
```
2022-11-17T18:43:52+08:00 �[34minfo�[0m ingress/ingress.go:113 apisix ingress controller started
2022-11-17T18:43:52+08:00 �[34minfo�[0m ingress/ingress.go:115 version:
Version: 1.5.0
Git SHA: no-git-module
Go Version: go1.19.2
Building OS/Arch: linux/amd64
Running OS/Arch: linux/amd64
2022-11-17T18:43:52+08:00 �[34minfo�[0m ingress/ingress.go:121 use configuration
{
"cert_file": "/etc/webhook/certs/cert.pem",
"key_file": "/etc/webhook/certs/key.pem",
"log_level": "info",
"log_output": "stderr",
"http_listen": ":8080",
"https_listen": ":8443",
"ingress_publish_service": "",
"ingress_status_address": [],
"enable_profiling": false,
"kubernetes": {
"kubeconfig": "",
"resync_interval": "6h0m0s",
"app_namespaces": [
"cddmp"
],
"namespace_selector": [],
"election_id": "ingress-apisix-leader",
"ingress_class": "apisix",
"ingress_version": "networking/v1",
"watch_endpoint_slices": false,
"apisix_route_version": "apisix.apache.org/v2",
"api_version": "apisix.apache.org/v2",
"enable_gateway_api": false
},
"apisix": {
"default_cluster_name": "default",
"default_cluster_base_url": "http://apisix-admin.foobar.svc.cluster.local:9180/apisix/admin",
"default_cluster_admin_key": "newsecrettoken"
},
"apisix-resource-sync-interval": "5m0s"
}
```
### Expected result
Logging sensitive data is unacceptable in production systems. Either they should be prevented or masked.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] macmiranda commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
macmiranda commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1325799591
As far as I can see this is where the config data is being logged to the stdout (but there may be other places too):
https://github.com/apache/apisix-ingress-controller/blob/be7edf6b880e4904553c98f57dd78766632e1520/cmd/ingress/ingress.go#L132-L136
The Kubernetes folks had to deal with a similar [issue](https://github.com/kubernetes/kubernetes/issues/81114) where Bearer tokens were being logged at high verbosity levels. This [PR](https://github.com/kubernetes/kubernetes/pull/81330/files) shows how they were able to mask it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] Strangevy commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
Strangevy commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1326147286
Maybe I can fix it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1327125946
Good! Assigned!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1324435556
SGTM!
This is something that gets overlooked.
we need to implement it.
Are you interested in making it happen?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] macmiranda commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
macmiranda commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1328082718
Hey @tao12345666333 I was wondering if I should just make a copy of the `cfg` struct and modify it before marshaling it and printing it out or if I should create (or import from a package) a function that can sanitize any string, in which case it could be used for other purposes as well
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] macmiranda commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
macmiranda commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1327105251
@tao12345666333 I'm not an experienced Go programmer but I can try
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] abalage commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
abalage commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1338139408
Thank you guys for fixing it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 closed issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
tao12345666333 closed issue #1472: bug: ingress-controller logs admin token in plaint text
URL: https://github.com/apache/apisix-ingress-controller/issues/1472
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1472: bug: ingress-controller logs admin token in plaint text
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1327066576
Thanks!
@macmiranda This issue is submitted by you, if you are interested in implementing it, I can assign it to you.
@Strangevy Can we wait for @macmiranda 's reply together? 48 hours
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org