-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.8.6
-
None
-
False
-
-
False
-
-
-
USER PROBLEM
What is the user experiencing as a result of the bug? Include steps to reproduce.
- Used an automated release workflow to create a 4.8.6 cluster
- Followed https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html/upgrading/upgrade-roxctl#back-up-central-database_upgrade-roxctl
- Created API token via UI and exported it as $ROX_API_TOKEN
- Ran the documented command:
[stackrox]$ roxctl -e $ROX_CENTRAL_ADDRESS central backup ERROR: Invalid credentials. Please add/fix your credentials [stackrox]$
Yet credentials seem fine:
[stackrox]$ roxctl -e $ROX_CENTRAL_ADDRESS central whoami UserID: auth-token:9f7a9cd9-d95e-4163-b456-c203b8b9fcaf User name: anonymous bearer token "upgrade" with roles [Analyst] (jti: 9f7a9cd9-d95e-4163-b456-c203b8b9fcaf, expires: 2026-12-11T09:35:00Z) Roles: - Analyst Access: r- Access r- Alert r- CVE r- Cluster r- Compliance r- Deployment r- DeploymentExtension r- Detection r- Image r- Integration r- K8sRole r- K8sRoleBinding r- K8sSubject r- Namespace r- NetworkGraph r- NetworkPolicy r- Node r- Secret r- ServiceAccount r- VulnerabilityManagementApprovals r- VulnerabilityManagementRequests r- WatchedImage r- WorkflowAdministration
CONDITIONS
What conditions need to exist for a user to be affected? Is it everyone? Is it only those with a specific integration? Is it specific to someone with particular database content? etc.
- tried roxctl 4.9.1 and 4.8.6
ROOT CAUSE
What is the root cause of the bug?
- The token must be an admin one: https://github.com/stackrox/stackrox/blob/7ef16413b83cc96e7aadf241738144e318f0a69f/central/main.go#L842
FIX
How was the bug fixed (this is more important if a workaround was implemented rather than an actual fix)?
- pending
