Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-12329

Access Token leaked in audit log in upgraded instances

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • 2.16.2 GA
    • 3scale Operator
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Background

      In THREESCALE-12007 , it was noted that Unicorn logs can leak access tokens in the log.

      To resolve this, operator changes were applied to modify the startup command.

      Issue

      In a new 3scale 2.16 installation, this change is applied correctly and Unicorn logs do not leak access tokens.

      However, if the installation is upgraded from 2.15, the container startup does not appear to be modified, and Unicorn logs continue to leak access tokens.

      Workaround

      1. Delete the system-app deployment
      2. Allow the operator to recreate the deployment

      Once the deployment is recreated, the startup command is modified, and the token leak no longer occurs.

      Attached Files

      Deployment file that results in token leak: 216_system_app_post_upgrade.yaml

      Deployment file that resolves token leak: 216_system_app_post_recreate.yaml

        1. 216_system_app_post_recreate.yaml
          31 kB
          Olivia Herlinger
        2. 216_system_app_post_upgrade.yaml
          27 kB
          Olivia Herlinger

              rhn-support-atra An Tran
              rhn-support-oherling Olivia Herlinger
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: