You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/11/22 10:00:29 UTC

[GitHub] [apisix-ingress-controller] abalage opened a new issue, #1472: bug: ingress-controller logs admin token in plaint text

abalage opened a new issue, #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472

   ### Issue description
   
   I have changed the default admin key in apisix and apisix-ingress-controller.
   Checking the logs of the ingress controller it logs the new admin token in plain text.
   As container logs are usually collected and shipped to 3rd party systems this effect leaks sensitive data.
   
   Issue is moved from apache/apisix-helm-chart#396
   
   ### Environment
   
   - your apisix-ingress-controller version:
   ```
   # /ingress-apisix/apisix-ingress-controller version --long
   Version: 1.5.0
   Git SHA: no-git-module
   Go Version: go1.19.2
   Building OS/Arch: linux/amd64
   Running OS/Arch: linux/amd64
   ```
   - your Kubernetes cluster version (output of kubectl version):
   ```
   v1.23.7
   ```
   
   
   ### Minimal test code / Steps to reproduce
   
   1. Change admin keys according to the [FAQ](https://github.com/apache/apisix-ingress-controller/blob/master/docs/en/latest/FAQ.md#how-do-i-modify-the-admin-api-key-in-apisix-ingress). 
   2. check application logs
   3. look for `default_cluster_admin_key` and compare its value with the admin key you have just set
   
   ### Actual result
   
   Ingress logs contain the admin key in plain text at the very beginning of the log file.
   
   Snippet generated by `helm template` on release `0.11.2`.
   ```
   apiVersion: v1
   data:
     config.yaml: |
       # log options
       log_level: "info"
       log_output: "stderr"
       cert_file: "/etc/webhook/certs/cert.pem"
       key_file: "/etc/webhook/certs/key.pem"
       http_listen: ":8080"
       https_listen: ":8443"
       ingress_publish_service:
       enable_profiling: false
       apisix-resource-sync-interval: 300s
       kubernetes:
         kubeconfig: ""
         resync_interval: "6h"
         app_namespaces:
         - "cddmp"
         namespace_selector:
         - ""
         election_id: "ingress-apisix-leader"
         ingress_class: "apisix"
         ingress_version: "networking/v1"
         watch_endpointslices: false
         apisix_route_version: "apisix.apache.org/v2"
         enable_gateway_api: false
       apisix:
   
         default_cluster_base_url: http://apisix-admin.foobar.svc.cluster.local:9180/apisix/admin
   
         default_cluster_admin_key: "newsecrettoken"
         default_cluster_name: "default"
   kind: ConfigMap
   metadata:
     name: apisix-configmap
     namespace: cddmp
     labels:
       helm.sh/chart: ingress-controller-0.10.1
       app.kubernetes.io/name: ingress-controller
       app.kubernetes.io/instance: apisix
       app.kubernetes.io/version: "1.5.0"
       app.kubernetes.io/managed-by: Helm
   ```
   
   ### Error log
   
   ```
   2022-11-17T18:43:52+08:00	�[34minfo�[0m	ingress/ingress.go:113	apisix ingress controller started
   2022-11-17T18:43:52+08:00	�[34minfo�[0m	ingress/ingress.go:115	version:
   Version: 1.5.0
   Git SHA: no-git-module
   Go Version: go1.19.2
   Building OS/Arch: linux/amd64
   Running OS/Arch: linux/amd64
   
   2022-11-17T18:43:52+08:00	�[34minfo�[0m	ingress/ingress.go:121	use configuration
   {
   	"cert_file": "/etc/webhook/certs/cert.pem",
   	"key_file": "/etc/webhook/certs/key.pem",
   	"log_level": "info",
   	"log_output": "stderr",
   	"http_listen": ":8080",
   	"https_listen": ":8443",
   	"ingress_publish_service": "",
   	"ingress_status_address": [],
   	"enable_profiling": false,
   	"kubernetes": {
   		"kubeconfig": "",
   		"resync_interval": "6h0m0s",
   		"app_namespaces": [
   			"cddmp"
   		],
   		"namespace_selector": [],
   		"election_id": "ingress-apisix-leader",
   		"ingress_class": "apisix",
   		"ingress_version": "networking/v1",
   		"watch_endpoint_slices": false,
   		"apisix_route_version": "apisix.apache.org/v2",
   		"api_version": "apisix.apache.org/v2",
   		"enable_gateway_api": false
   	},
   	"apisix": {
   		"default_cluster_name": "default",
   		"default_cluster_base_url": "http://apisix-admin.foobar.svc.cluster.local:9180/apisix/admin",
   		"default_cluster_admin_key": "newsecrettoken"
   	},
   	"apisix-resource-sync-interval": "5m0s"
   }
   ```
   
   ### Expected result
   
   Logging sensitive data is unacceptable in production systems. Either they should be prevented or masked.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] macmiranda commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

macmiranda commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1325799591

   As far as I can see this is where the config data is being logged to the stdout (but there may be other places too):
   https://github.com/apache/apisix-ingress-controller/blob/be7edf6b880e4904553c98f57dd78766632e1520/cmd/ingress/ingress.go#L132-L136
   
   The Kubernetes folks had to deal with a similar [issue](https://github.com/kubernetes/kubernetes/issues/81114) where Bearer tokens were being logged at high verbosity levels. This [PR](https://github.com/kubernetes/kubernetes/pull/81330/files) shows how they were able to mask it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] Strangevy commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

Strangevy commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1326147286

   Maybe I can fix it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

tao12345666333 commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1327125946

   Good! Assigned!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

tao12345666333 commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1324435556

   SGTM!
   
   This is something that gets overlooked.
   we need to implement it.
   
   Are you interested in making it happen?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] macmiranda commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

macmiranda commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1328082718

   Hey @tao12345666333 I was wondering if I should just make a copy of the `cfg` struct  and modify it before marshaling it and printing it out or if I should create (or import from a package) a function that can sanitize any string, in which case it could be used for other purposes as well


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] macmiranda commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

macmiranda commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1327105251

   @tao12345666333 I'm not an experienced Go programmer but I can try


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] abalage commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

abalage commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1338139408

   Thank you guys for fixing it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] tao12345666333 closed issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

tao12345666333 closed issue #1472: bug: ingress-controller logs admin token in plaint text
URL: https://github.com/apache/apisix-ingress-controller/issues/1472


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1472: bug: ingress-controller logs admin token in plaint text

Posted by GitBox <gi...@apache.org>.

tao12345666333 commented on issue #1472:
URL: https://github.com/apache/apisix-ingress-controller/issues/1472#issuecomment-1327066576

   Thanks!
   
   @macmiranda This issue is submitted by you, if you are interested in implementing it, I can assign it to you.
   
   @Strangevy  Can we wait for @macmiranda 's reply together? 48 hours 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org