Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-2762

Business Central on OpenShift 'remembers` old admin user and password

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.7.1.GA
    • 7.6.0.GA, 7.7.0.GA
    • Cloud
    • None
      • OpenShift 4.2, RHPAM 7.6, Business Automation Operator 1.3
      • OpenShift 4.3, RHPAM 7.7.0 CR1, Business Automation Operator 1.4
      • OpenShift 3.11, RHPAM 7.7.0 CR1, 7.7.0 templates
    • Release Notes
    • CR1
    • Fixed issue in OpenShift images internal security when was changed KIE ADMIN user to the new user and previous one was not deleted.
    • Hide

      Operator:
      1) Install RHPAM Authoring with the Operator
      2) Change the adminPassword to `welcome123`
      3) After the environment has redeployed, in the CR change the adminUser to `pamAdmin` and the adminPassword to `redhatpam1!`
      4) Wait till the environment has redeployed
      5) Login to BC with the old username and password: adminUser/welcome123
      6) Login works.
      7) Logout
      8) Login to BC with the new username and password: pamAdmin/redhatpam1!
      9) Login works

      Templates (7.7.0)
      1) Create OpenShift projects and secrets (app secret, credential secret)
      2) Process RHPAM Authoring template
      3) Change user in secret OR create a new credential secret
      4) For changed existing secret redeploy actual DeploymentConfig OR for the new secret change environment variables "KIE_ADMIN_USER" and "KIE_ADMIN_PWD" of DeploymentConfig
      5) Wait for redeploy
      6) Login with old user
      7) Login works.
      8) Logout
      9) Login with new user
      10) Login works.

      Show
      Operator: 1) Install RHPAM Authoring with the Operator 2) Change the adminPassword to `welcome123` 3) After the environment has redeployed, in the CR change the adminUser to `pamAdmin` and the adminPassword to `redhatpam1!` 4) Wait till the environment has redeployed 5) Login to BC with the old username and password: adminUser/welcome123 6) Login works. 7) Logout 8) Login to BC with the new username and password: pamAdmin/redhatpam1! 9) Login works Templates (7.7.0) 1) Create OpenShift projects and secrets (app secret, credential secret) 2) Process RHPAM Authoring template 3) Change user in secret OR create a new credential secret 4) For changed existing secret redeploy actual DeploymentConfig OR for the new secret change environment variables "KIE_ADMIN_USER" and "KIE_ADMIN_PWD" of DeploymentConfig 5) Wait for redeploy 6) Login with old user 7) Login works. 8) Logout 9) Login with new user 10) Login works.
    • 2020 Week 16-18 (from Apr 13), 2020 Week 19-21 (from May 4)

      When I install RHPAM Authoring with the Operator, and after installation, I change the `adminUser` and `adminPassword` in the CR, which causes a redeployment, I can still login with the previous adminUser and adminPassword.

      Same behaving is when is deployed RHPAM Authoring by templates. When is adminUser and adminPassword change in credentials secret (for 7.7.0) and pod are redeployed (triggered new deploy in deploymentConfig), then a new user is added and we can use both users to log in.

      What happens is that the `application-users.properties' is stored on a PV (mounted in "/opt/kie/data") and instead of replacing the old admin user with the new one, it appends the new user to the file (probably using the EAP add-user.sh script) ..... Hence, all your old adminUser/adminPassword combinations will remain in that file and can still be used to access the environment.

      Method for adding users is in kie-modules-scripts here

              rhn-support-fspolti Filippe Spolti
              rhn-gps-ddoyle Duncan Doyle (Inactive)
              Jakub Schwan Jakub Schwan
              Jakub Schwan Jakub Schwan
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: