X-Auth-Token and X-Service-Tokens are being exposed in service log files in stein release.

Bug #1830355 reported by Archana Prabhakar
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
Undecided
Unassigned

Bug Description

On a recent stein build, I found raw token being printed in multiple service log files.
This is a security vulnerability. Please suppress them.

Please find the log traces below.

nova-api.log:
=============

36 2019-05-23 02:48:09.565 26932 INFO webob.dec [-] GET /v2.1/db5f1545fbd44396a3dabb884f51226b/os-services HT        TP/1.0^M
     37 Accept: application/json^M
     38 Accept-Encoding: gzip, deflate^M
     39 Connection: Keep-Alive^M
     40 Content-Type: text/plain^M
     41 Host: localhost:8774^M
     42 User-Agent: python-novaclient^M
     43 X-Auth-Token: gAAAAABc5kIp27o85v2bokHOvAxm0GEyxteycO3B-S1xpjLryc31u03NYpi-5Kh_6eAiwcbizloVJ6NqsZpc-LNFmOSA        uO4RBJeFjqspYvE1OSDPsd2Ef3aQJSB8pct_MLja9ITCOMigrvnEOLOgg35C8-FQx4ztzfWTXBaLYWBwr-cAjU-FPdrpHtWkAsNADtAg9H        76Wo84oTsYWjHfAMoa0CQ7R5Nv0LHAM9dhB3Qokw7o1dMOQPU^M
     44 X-Forwarded-For: x.x.x.x^M

53 2019-05-23 02:48:09.568 26932 INFO webob.dec [-] {'self': <wsgify at 70366526650128 wrapping <bound method         HTTPProxyToWSGI.__call__ of <oslo_middleware.http_proxy_to_wsgi.HTTPProxyToWSGI object at 0x3fff80f4a210>        >>, 'args': (<function start_response at 0x3fff7bd09a28>,), 'kw': {}, 'req': {'HTTP_X_FORWARDED_SERVER': '        x.x.x.x', 'SCRIPT_NAME': '/v2.1', 'webob.adhoc_attrs': {'response': <NoContentT        ypeResponse at 0x3fff7bd336d0 200 OK>}, 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/db5f1545fbd44396a3dabb884f        51226b/os-services', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_X_AUTH_TOKEN': 'gAAAAABc5kIp27o85v2bokHOvAxm0GEy        xteycO3B-S1xpjLryc31u03NYpi-5Kh_6eAiwcbizloVJ6NqsZpc-LNFmOSAuO4RBJeFjqspYvE1OSDPsd2Ef3aQJSB8pct_MLja9ITCOM        igrvnEOLOgg35C8-FQx4ztzfWTXBaLYWBwr-cAjU-FPdrpHtWkAsNADtAg9H76Wo84oTsYWjHfAMoa0CQ7R5Nv0LHAM9dhB3Qokw7o1dMO        QPU', 'HTTP_USER_AGENT': 'python-novaclient', 'HTTP_CONNECTION': 'Keep-Alive', 'REMOTE_PORT': '58032', 'SE        RVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x3f        ff7bd299d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8774', 'CONTENT_TYPE': 'text/plain', 'wsgi.input':         <eventlet.wsgi.Input object at 0x3fff7bd299d0>, 'HTTP_HOST': 'localhost:8774', 'nova.best_content_type':         'application/json', 'wsgi.multithread': True, 'eventlet.posthooks': [], 'HTTP_ACCEPT': 'application/json',         'wsgi.version': (1, 0), 'RAW_PATH_INFO': '/v2.1/db5f1545fbd44396a3dabb884f51226b/os-services', 'GATEWAY_I        NTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x3fff9186        21e0>, 'wsgi.multiprocess': False, 'HTTP_X_FORWARDED_HOST': 'x.x.x.x:8774', 'HT        TP_X_FORWARDED_FOR': 'x.x.x.x', 'headers_raw': (('Host', 'localhost:8774'), ('Accept-Encoding', 'gzip        , deflate'), ('Accept', 'application/json'), ('User-Agent', 'python-novaclient'), ('X-Auth-Token', 'gAAAAA        Bc5kIp27o85v2bokHOvAxm0GEyxteycO3B-S1xpjLryc31u03NYpi-5Kh_6eAiwcbizloVJ6NqsZpc-LNFmOSAuO4RBJeFjqspYvE1OSDP        sd2Ef3aQJSB8pct_MLja9ITCOMigrvnEOLOgg35C8-FQx4ztzfWTXBaLYWBwr-cAjU-FPdrpHtWkAsNADtAg9H76Wo84oTsYWjHfAMoa0C        Q7R5Nv0LHAM9dhB3Qokw7o1dMOQPU'), ('X-Forwarded-For', 'x.x.x.x'), ('X-Forwarded-Host', ‘x.x.x.x:8774'), ('X-Forwarded-Server', 'x.x.x.x'), ('Connection',         'Keep-Alive')), 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}

cinder/api log trace:
=====================

53 2019-05-23 02:48:02.761 26366 INFO webob.dec [-] GET /v2/db5f1545fbd44396a3dabb884f51226b/os-services HTTP        /1.0^M
     54 Accept: application/json^M
     55 Accept-Encoding: gzip, deflate^M
     56 Connection: Keep-Alive^M
     57 Content-Type: text/plain^M
     58 Host: localhost:9000^M
     59 User-Agent: python-cinderclient^M
     60 X-Auth-Token: gAAAAABc5kIibBqBHlpnbnIzPpb4Z58Rp9soOqyHs83EcOYjlkIaA8j-_xZT3XVlc0mdaQ19C7ubgjBeySp4vZqqt2tG        3TK8XHalOqL2BawhhpudTGqYG9-jzo_6yU1coteG_SmFfEYGfdktYggRpBXnc0P7iULirtBuyUrQ1PtiTZHulfMERt9jmZEb4y6NNX3q2V        iJMg2Ve8kQQjqT7bsgIAMNLFySyKEpT5AxRw1JG-pM7fariaU^M
     61 X-Forwarded-For: x.x.x.x^M

2019-05-23 02:48:02.758 26366 INFO webob.dec [-] {'self': <wsgify at 70366208336848 wrapping <bound method         CORS.__call__ of <oslo_middleware.cors.CORS object at 0x3fff69248e50>>>, 'args': (<function start_respons        e at 0x3fff6abb42a8>,), 'kw': {}, 'req': {'HTTP_X_FORWARDED_SERVER': 'x.x.x.x',         'SCRIPT_NAME': '/v2', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/db5f1545fbd44396a3dabb884f51226b/os-service        s', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_X_AUTH_TOKEN': 'gAAAAABc5kIibBqBHlpnbnIzPpb4Z58Rp9soOqyHs83EcOYjl        kIaA8j-_xZT3XVlc0mdaQ19C7ubgjBeySp4vZqqt2tG3TK8XHalOqL2BawhhpudTGqYG9-jzo_6yU1coteG_SmFfEYGfdktYggRpBXnc0P        7iULirtBuyUrQ1PtiTZHulfMERt9jmZEb4y6NNX3q2ViJMg2Ve8kQQjqT7bsgIAMNLFySyKEpT5AxRw1JG-pM7fariaU', 'HTTP_USER_        AGENT': 'python-cinderclient', 'HTTP_CONNECTION': 'Keep-Alive', 'REMOTE_PORT': '33366', 'SERVER_NAME': '12        7.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x3fff68da2250>, 'w        sgi.url_scheme': 'http', 'SERVER_PORT': '9000', 'CONTENT_TYPE': 'text/plain', 'wsgi.input': <eventlet.wsgi        .Input object at 0x3fff68da2250>, 'HTTP_HOST': 'localhost:9000', 'wsgi.multithread': True, 'eventlet.posth        ooks': [], 'HTTP_ACCEPT': 'application/json', 'wsgi.version': (1, 0), 'RAW_PATH_INFO': '/v2/db5f1545fbd443        96a3dabb884f51226b/os-services', 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <o        pen file '<stderr>', mode 'w' at 0x3fff793021e0>, 'wsgi.multiprocess': False, 'HTTP_X_FORWARDED_HOST': ‘x.x.x.x:9000', 'HTTP_X_FORWARDED_FOR': 'x.x.x.x', 'headers_raw': (('Host', '        localhost:9000'), ('Accept-Encoding', 'gzip, deflate'), ('Accept', 'application/json'), ('User-Agent', 'py        thon-cinderclient'), ('X-Auth-Token', 'gAAAAABc5kIibBqBHlpnbnIzPpb4Z58Rp9soOqyHs83EcOYjlkIaA8j-_xZT3XVlc0m        daQ19C7ubgjBeySp4vZqqt2tG3TK8XHalOqL2BawhhpudTGqYG9-jzo_6yU1coteG_SmFfEYGfdktYggRpBXnc0P7iULirtBuyUrQ1PtiT        ZHulfMERt9jmZEb4y6NNX3q2ViJMg2Ve8kQQjqT7bsgIAMNLFySyKEpT5AxRw1JG-pM7fariaU'), ('X-Forwarded-For', 'x.x.x.x'), ('X-Forwarded-Host', 'x.x.x.x:9000'), ('X-Forwarded-Server', 'x.x.x.x'), ('Connection', 'Keep-Alive')), 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}

neutron/server.log:
===================

CORS.__call__ of <oslo_middleware.cors.CORS object at 0x3fff98ba1090>>>, 'args': (<function start_response         at 0x3fff98affb90>,), 'kw': {}, 'req': {'HTTP_X_FORWARDED_SERVER': 'x.x.x.x',         'HTTP_REFERER': 'https://x.x.x.x/powervc/index.html', 'HTTP_X_FORWARDED_HOST': 'x.x.x.x', 'SCRIP        T_NAME': '/v2.0', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/networks', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_        X_AUTH_TOKEN': 'gAAAAABc5lOEp16LKgv3ZjRBy4q6U2aX-aM1_MKibVKp2tiOOm431xb8wo3owa9OO2izySOusvYfyDR9Gug4b8wSAB        -sTa3QLJrTwAovdtwAciGCO0QxQXDTSQ_b7jDQMv1qxFmpRhbQ2nKsCPSQsZ4c89Y4zP6bDtBmmkwrVolhLesniby4Vm2nbnXlPs1NTwMI        -83H1SegBMHUXhryQabNpLZLGuKk4rgf_ddCsUmwbHVBlcj5UnnWbMXEm_mgQ9qw763l6ajN', 'HTTP_USER_AGENT': 'Mozilla/5.0         (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0', 'HTTP_CONNECTION': 'Keep-Alive',         'REMOTE_PORT': '51182', 'SERVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventl        et.wsgi.Input object at 0x3fff98a631d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '9696', 'CONTENT_TYPE':         'text/plain', 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest', 'wsgi.input': <eventlet.wsgi.Input object at 0x3        fff98a631d0>, 'HTTP_HOST': 'localhost:9696', 'wsgi.multithread': True, 'eventlet.posthooks': [], 'HTTP_ACC        EPT': 'application/json', 'wsgi.version': (1, 0), 'RAW_PATH_INFO': '/v2.0/networks', 'GATEWAY_INTERFACE':         'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x3fffa94f21e0>, 'wsg        i.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5', 'HTTP_X_FORWARDED_FOR': 'x.x.x.x', '        headers_raw': (('Host', 'localhost:9696'), ('User-Agent', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; r        v:60.0) Gecko/20100101 Firefox/60.0'), ('Accept', 'application/json'), ('Accept-Language', 'en-US,en;q=0.5        '), ('Accept-Encoding', 'gzip, deflate, br'), ('Referer', 'https://x.x.x.x/powervc/index.html'), ('X-        Auth-Token', 'gAAAAABc5lOEp16LKgv3ZjRBy4q6U2aX-aM1_MKibVKp2tiOOm431xb8wo3owa9OO2izySOusvYfyDR9Gug4b8wSAB-s        Ta3QLJrTwAovdtwAciGCO0QxQXDTSQ_b7jDQMv1qxFmpRhbQ2nKsCPSQsZ4c89Y4zP6bDtBmmkwrVolhLesniby4Vm2nbnXlPs1NTwMI-8        3H1SegBMHUXhryQabNpLZLGuKk4rgf_ddCsUmwbHVBlcj5UnnWbMXEm_mgQ9qw763l6ajN'), ('X-Requested-With', 'XMLHttpReq        uest'), ('X-Forwarded-For', 'x.x.x.x'), ('X-Forwarded-Host', 'x.x.x.x'), ('X-Forwarded-Server', '        x.x.x.x'), ('Connection', 'Keep-Alive')), 'HTTP_ACCEPT_ENCODING': 'gzip, deflat        e, br'}}

553889 X-Service-Roles: admin^M
553890 X-Service-Token: gAAAAABc5lOdaxv2VC6G6xQZ7IqTjBh05hfR2XyRnfLma3qpbtuRJ8RWf3YB4Tf9l_0R4Nz3D12PfRsYQDmIN9A5P        P-uyvI3bNEkivf14yLUxmIaMcqurDqx_UPmWX9OwW0AJIZVY3dUJFYAcIhWTiVyAPmPV93Na8yQ_Qwe9R4_2znh9QMkykJW5anbPEI16Cx        oMMUZ3Ev4Dz5hR3mUqDBWVqw7Mn6yRBKORUq9K3t4UurQJE-b_C4^M
553891 X-Service-User-Domain-Id: 74e00bcc61b24a9489b261d279432a57^M
553892 X-Service-User-Domain-Name: Service^M

-553854 7abb5d23ff7fd8e1cf79aa6bbbcf9c7fb323710b37a6 db5f1545fbd44396a3dabb884f51226b - 74e00bcc61b24a9489b261d279        432a57 74e00bcc61b24a9489b261d279432a57] {'self': <wsgify at 70367105927440 wrapping <function _dispatch a        t 0x3fff9e5ac8c0>>, 'args': (<function start_response at 0x3fff98e39398>,), 'kw': {}, 'req': {'HTTP_X_TENA        NT_NAME': u'service', 'HTTP_X_SERVICE_USER_ID': u'f4dc1e55968ae6777afb7abb5d23ff7fd8e1cf79aa6bbbcf9c7fb323        710b37a6', 'HTTP_X_ROLE': u'admin', 'HTTP_X_FORWARDED_SERVER': 'x.x.x.x', 'HTTP        _X_PROJECT_NAME': u'service', 'HTTP_X_SERVICE_ROLES': u'admin', 'neutron.context': <neutron_lib.context.Co        ntext object at 0x3fff93fff150>, 'SCRIPT_NAME': '/v2.0', 'wsgiorg.routing_args': (<routes.util.URLGenerato        r object at 0x3fff93eab790>, {}), 'webob.adhoc_attrs': {'response': <Response at 0x3fff93eabb50 200 OK>},         'REQUEST_METHOD': 'GET', 'PATH_INFO': '/ports', 'extended.app': <pecan.middleware.recursive.RecursiveMiddl        eware object at 0x3fff9b39f590>, 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING': 'device_id=38d25720-dfdd-4        9e7-9977-4213d5a09551', 'HTTP_X_IDENTITY_STATUS': 'Confirmed', 'HTTP_X_AUTH_TOKEN': 'gAAAAABc5kNiEpG5Vl9bx        nyMm_JhIcE10brHBIODgflFowXHp-XOGtSJFkja0Y3ESuFZbMoSFon947DyqwHqg_dpdbyZQzUChzsB7Xs9oaSJ6P9JQtAJDxKjn3itLZm        lE5lnY7aHGHFJoI9a5nXD49CYoZV5FCmsaQ-evQG1dnItNbePbvdQEYjq9yAe-JrKWkZ132Yz7CP6cmnnexYQWegtgyzteuoSHfqrl2ICW        v_p3FpYSMEs0Bk', 'HTTP_USER_AGENT': 'python-neutronclient', 'HTTP_CONNECTION': 'Keep-Alive', 'REMOTE_PORT'        : '47350', 'SERVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'openstack.global_request_id': 'req-90e        83beb-43ff-40c9-8c06-7685812bf9b1', 'HTTP_X_SERVICE_IDENTITY_STATUS': 'Confirmed', 'eventlet.input': <even        tlet.wsgi.Input object at 0x3fff987a6a90>, 'HTTP_X_SERVICE_TOKEN': 'gAAAAABc5lOdaxv2VC6G6xQZ7IqTjBh05hfR2X        yRnfLma3qpbtuRJ8RWf3YB4Tf9l_0R4Nz3D12PfRsYQDmIN9A5PP-uyvI3bNEkivf14yLUxmIaMcqurDqx_UPmWX9OwW0AJIZVY3dUJFYA        cIhWTiVyAPmPV93Na8yQ_Qwe9R4_2znh9QMkykJW5anbPEI16CxoMMUZ3Ev4Dz5hR3mUqDBWVqw7Mn6yRBKORUq9K3t4UurQJE-b_C4',         'wsgi.url_scheme': 'http', 'HTTP_X_SERVICE_USER_NAME': u'nova', 'HTTP_X_DOMAIN_ID': None, 'SERVER_PORT': '        9696', 'HTTP_X_PROJECT_DOMAIN_ID': u'74e00bcc61b24a9489b261d279432a57', 'HTTP_X_SERVICE_USER_DOMAIN_ID': u        '74e00bcc61b24a9489b261d279432a57', 'HTTP_OPENSTACK_SYSTEM_SCOPE': None, 'HTTP_X_ROLES': u'admin', 'HTTP_X        _SERVICE_DOMAIN_NAME': None, 'HTTP_X_TENANT_ID': u'db5f1545fbd44396a3dabb884f51226b', 'HTTP_X_SERVICE_PROJ        ECT_DOMAIN_ID': u'74e00bcc61b24a9489b261d279432a57', 'HTTP_X_USER_ID': u'f4dc1e55968ae6777afb7abb5d23ff7fd        8e1cf79aa6bbbcf9c7fb323710b37a6', 'CONTENT_TYPE': 'text/plain', 'HTTP_X_PROJECT_DOMAIN_NAME': u'Service',         'HTTP_X_USER_DOMAIN_NAME': u'Service', 'HTTP_X_TENANT': u'service', 'HTTP_X_USER': u'nova', 'HTTP_X_SERVIC        E_DOMAIN_ID': None, 'HTTP_X_USER_DOMAIN_ID': u'74e00bcc61b24a9489b261d279432a57', 'wsgi.input': <eventlet.        wsgi.Input object at 0x3fff987a6a90>, 'keystone.token_info': {u'token': {u'is_domain': False, u'methods':         [u'password'], u'roles': [{u'id': u'7ad14b8cb64e4ff4bf495a29ae758f89', u'name': u'admin'}], u'auth_token':         u'gAAAAABc5kNiEpG5Vl9bxnyMm_JhIcE10brHBIODgflFowXHp-XOGtSJFkja0Y3ESuFZbMoSFon947DyqwHqg_dpdbyZQzUChzsB7Xs
dpoints': [{u'url': u'https://x.x.x.x:5000/v3', u'interface': u'admin', u'regio        n': u'RegionOne', u'region_id': u'RegionOne', u'id': u'557d8e9db8cf419abee724800dc13c8f'}, {u'url': u'http        s://x.x.x.x:5000/v3', u'interface': u'public', u'region': u'RegionOne', u'regio        n_id': u'RegionOne', u'id': u'72e706050b5344d79c56a60fff9be392'}, {u'url': u'https://x.x.x.x:5000/v3', u'interface': u'internal', u'region': u'RegionOne', u'region_id': u'RegionOne', u'        id': u'd1f9bdbd89d0476280767f77bdb753d6'}], u'type': u'identity', u'id': u'c91d5010288b4f2b83e18f01151d9bd        a', u'name': u'keystone'}, {u'endpoints': [{u'url': u'https://x.x.x.x:9292', u'        interface': u'public', u'region': u'RegionOne', u'region_id': u'RegionOne', u'id': u'6b838e7ec9d048c5b5007        da63aec87b5'}, {u'url': u'https://x.x.x.x:9292', u'interface': u'internal', u'r        egion': u'RegionOne', u'region_id': u'RegionOne', u'id': u'ad7ae120f5464899a547863e989eec7e'}, {u'url': u'        https://x.x.x.x:9292', u'interface': u'admin', u'region': u'RegionOne', u'regio        n_id': u'RegionOne', u'id': u'f89f750a8e134b02abf2084ef44cd6f7'}], u'type': u'image', u'id': u'e624573a03c        949f28d85b5d486b44b0e', u'name': u'glance'}], u'version': u'v3', u'user': {u'id': u'f4dc1e55968ae6777afb7a        bb5d23ff7fd8e1cf79aa6bbbcf9c7fb323710b37a6', u'domain': {u'id': u'74e00bcc61b24a9489b261d279432a57', u'nam        e': u'Service'}, u'password_expires_at': None, u'name': u'nova'}, u'audit_ids': [u'nwbzsSgxQTKyV6bh0zMgdA'        ], u'issued_at': u'2019-05-23T06:53:22.000000Z', u'is_admin_project': False}}, 'HTTP_HOST': 'localhost:969        6', 'wsgi.multithread': True, 'HTTP_X_DOMAIN_NAME': None, 'HTTP_X_SERVICE_USER_DOMAIN_NAME': u'Service', '        routes.url': <routes.util.URLGenerator object at 0x3fff93eab790>, 'HTTP_X_IS_ADMIN_PROJECT': 'False', 'eve        ntlet.posthooks': [], 'HTTP_ACCEPT': 'application/json', 'openstack.request_id': 'req-b2d35b87-e9d1-49f2-9        d1a-cbb103adddf3', 'wsgi.version': (1, 0), 'RAW_PATH_INFO': '/v2.0/ports', 'GATEWAY_INTERFACE': 'CGI/1.1',         'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x3fffa94f21e0>, 'wsgi.multipro        cess': False, 'HTTP_X_FORWARDED_HOST': 'x.x.x.x:9696', 'keystone.token_auth': <        keystonemiddleware.auth_token._user_plugin.UserAuthPlugin object at 0x3fff93ebc6d0>, 'HTTP_X_OPENSTACK_REQ        UEST_ID': 'req-90e83beb-43ff-40c9-8c06-7685812bf9b1', 'HTTP_X_PROJECT_ID': u'db5f1545fbd44396a3dabb884f512        26b', 'HTTP_X_FORWARDED_FOR': 'x.x.x.x', 'HTTP_X_SERVICE_PROJECT_DOMAIN_NAME': u'Service', 'HTTP_X_US        ER_NAME': u'nova', 'headers_raw': (('Host', 'localhost:9696'), ('Accept-Encoding', 'gzip, deflate'), ('Acc        ept', 'application/json'), ('User-Agent', 'python-neutronclient'),

('X-Service-Token', 'gAAAAABc5lOdaxv2VC        6G6xQZ7IqTjBh05hfR2XyRnfLma3qpbtuRJ8RWf3YB4Tf9l_0R4Nz3D12PfRsYQDmIN9A5PP-uyvI3bNEkivf14yLUxmIaMcqurDqx_UPm        WX9OwW0AJIZVY3dUJFYAcIhWTiVyAPmPV93Na8yQ_Qwe9R4_2znh9QMkykJW5anbPEI16CxoMMUZ3Ev4Dz5hR3mUqDBWVqw7Mn6yRBKORU        q9K3t4UurQJE-b_C4'),

('X-Auth-Token', 'gAAAAABc5kNiEpG5Vl9bxnyMm_JhIcE10brHBIODgflFowXHp-XO

glance/api.log:
===============

82 2019-05-23 04:02:17.039 3450 INFO webob.dec [-] GET /v2/images?limit=400&owner=b87b2e11939c42c493cac997768        009ca HTTP/1.0^M
     83 Accept: application/json^M
     84 Accept-Encoding: gzip, deflate, br^M
     85 Accept-Language: en-US,en;q=0.5^M
     86 Connection: Keep-Alive^M
     87 Content-Type: text/plain^M
     88 Host: localhost:9292^M
     89 Referer: https://x.x.x.x/powervc/index.html^M
     90 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0^M
     91 X-Auth-Token: gAAAAABc5lOEp16LKgv3ZjRBy4q6U2aX-aM1_MKibVKp2tiOOm431xb8wo3owa9OO2izySOusvYfyDR9Gug4b8wSAB-s        Ta3QLJrTwAovdtwAciGCO0QxQXDTSQ_b7jDQMv1qxFmpRhbQ2nKsCPSQsZ4c89Y4zP6bDtBmmkwrVolhLesniby4Vm2nbnXlPs1NTwMI-8        3H1SegBMHUXhryQabNpLZLGuKk4rgf_ddCsUmwbHVBlcj5UnnWbMXEm_mgQ9qw763l6ajN^M

  102 2019-05-23 04:02:17.042 3450 INFO webob.dec [-] {'self': <wsgify at 70366844886416 wrapping <bound method         Healthcheck.__call__ of <oslo_middleware.healthcheck.Healthcheck object at 0x3fff8fa03b50>>>, 'args': (<fu        nction start_response at 0x3fff8ecb7ed8>,), 'kw': {}, 'req': {'HTTP_X_FORWARDED_SERVER': 'ip9-114-192-73.p        ok.stglabs.ibm.com', 'HTTP_REFERER': 'https://x.x.x.x/powervc/index.html', 'HTTP_X_FORWARDED_HOST': '        x.x.x.x', 'SCRIPT_NAME': '', 'webob.adhoc_attrs': {'response': <NoContentTypeResponse at 0x3fff8ecb1d        10 200 OK>}, 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/v2/images', 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STR        ING': 'limit=400&owner=b87b2e11939c42c493cac997768009ca', 'HTTP_X_AUTH_TOKEN': 'gAAAAABc5lOEp16LKgv3ZjRBy4        q6U2aX-aM1_MKibVKp2tiOOm431xb8wo3owa9OO2izySOusvYfyDR9Gug4b8wSAB-sTa3QLJrTwAovdtwAciGCO0QxQXDTSQ_b7jDQMv1q        xFmpRhbQ2nKsCPSQsZ4c89Y4zP6bDtBmmkwrVolhLesniby4Vm2nbnXlPs1NTwMI-83H1SegBMHUXhryQabNpLZLGuKk4rgf_ddCsUmwbH        VBlcj5UnnWbMXEm_mgQ9qw763l6ajN', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0        ) Gecko/20100101 Firefox/60.0', 'HTTP_CONNECTION': 'Keep-Alive', 'REMOTE_PORT': '39732', 'SERVER_NAME': '1        27.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x3fff8ecb1ad0>, '        wsgi.url_scheme': 'http', 'SERVER_PORT': '9292', 'CONTENT_TYPE': 'text/plain', 'HTTP_X_REQUESTED_WITH': 'X        MLHttpRequest', 'wsgi.input': <eventlet.wsgi.Input object at 0x3fff8ecb1ad0>, 'HTTP_HOST': 'localhost:9292        ', 'wsgi.multithread': True, 'eventlet.posthooks': [], 'HTTP_ACCEPT': 'application/json', 'wsgi.version':         (1, 0), 'RAW_PATH_INFO': '/v2/images', 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.error        s': <open file '<stderr>', mode 'w' at 0x3fff9acf21e0>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE'        : 'en-US,en;q=0.5', 'HTTP_X_FORWARDED_FOR': ‘x.x.x.x’, 'headers_raw': (('Host', 'localhost:9292'), ('U        ser-Agent', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0'), ('Accep        t', 'application/json'), ('Accept-Language', 'en-US,en;q=0.5'), ('Accept-Encoding', 'gzip, deflate, br'),         ('Referer', 'https://x.x.x.x/powervc/index.html'), ('X-Auth-Token', 'gAAAAABc5lOEp16LKgv3ZjRBy4q6U2aX        -aM1_MKibVKp2tiOOm431xb8wo3owa9OO2izySOusvYfyDR9Gug4b8wSAB-sTa3QLJrTwAovdtwAciGCO0QxQXDTSQ_b7jDQMv1qxFmpRh        bQ2nKsCPSQsZ4c89Y4zP6bDtBmmkwrVolhLesniby4Vm2nbnXlPs1NTwMI-83H1SegBMHUXhryQabNpLZLGuKk4rgf_ddCsUmwbHVBlcj5        UnnWbMXEm_mgQ9qw763l6ajN'), ('X-Requested-With', 'XMLHttpRequest'), ('X-Forwarded-For', ‘x.x.x.x’), ('        X-Forwarded-Host', 'x.x.x.x'), ('X-Forwarded-Server', 'x.x.x.x'), ('Connec        tion', 'Keep-Alive')), 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br'}}

keystone.log:
============

2019-05-23 03:23:04.939 1836 INFO webob.request [req-c7f577e1-bfca-4b20-89fc-de607242e835 - - - - -] start        _response: {'status': '201 CREATED', 'catch_exc_info': False, 'headers': [('Content-Type', 'application/js        on'), ('Content-Length', '9345'), ('X-Subject-Token', 'gAAAAABc5kpY2FM649ObudU2xbyQqywhIKcpbHnjRnThpiRIL2l        Cheh5mfxLq4c9fAP37VMcTKShyCJ4L406ul7t01r9XksuzWzE3m3nd3bziETMH3QnbFunr9PY4LZcMfWvHgq5KswfT_Fxe4gTqY8pdRFpP        j8EjXBoXQGgpyIU6VMkUOVky2bwB2sKGU7wuyfC5nX2LdfRfryFpGTNgRPeOBCzYhq16IMh-kjMSZ9PNCNmjpjOi2E'), ('Vary', 'X-        Auth-Token')], 'output': [], 'exc_info': None, 'captured': []}
    145 2019-05-23 03:23:04.940 1836 INFO webob.request [req-c7f577e1-bfca-4b20-89fc-de607242e835 - - - - -] captu        red: ['201 CREATED', [('Content-Type', 'application/json'), ('Content-Length', '9345'), ('X-Subject-Token'        , 'gAAAAABc5kpY2FM649ObudU2xbyQqywhIKcpbHnjRnThpiRIL2lCheh5mfxLq4c9fAP37VMcTKShyCJ4L406ul7t01r9XksuzWzE3m3        nd3bziETMH3QnbFunr9PY4LZcMfWvHgq5KswfT_Fxe4gTqY8pdRFpPj8EjXBoXQGgpyIU6VMkUOVky2bwB2sKGU7wuyfC5nX2LdfRfryFp        GTNgRPeOBCzYhq16IMh-kjMSZ9PNCNmjpjOi2E'), ('Vary', 'X-Auth-Token')], None]

148 2019-05-23 03:23:04.941 1836 INFO webob.request [req-c7f577e1-bfca-4b20-89fc-de607242e835 - - - - -] catch        _exc_info is False: ['201 CREATED', [('Content-Type', 'application/json'), ('Content-Length', '9345'), ('X        -Subject-Token', 'gAAAAABc5kpY2FM649ObudU2xbyQqywhIKcpbHnjRnThpiRIL2lCheh5mfxLq4c9fAP37VMcTKShyCJ4L406ul7t        01r9XksuzWzE3m3nd3bziETMH3QnbFunr9PY4LZcMfWvHgq5KswfT_Fxe4gTqY8pdRFpPj8EjXBoXQGgpyIU6VMkUOVky2bwB2sKGU7wuy        fC5nX2LdfRfryFpGTNgRPeOBCzYhq16IMh-kjMSZ9PNCNmjpjOi2E'), ('Vary', 'X-Auth-Token')], None]
    149 2019-05-23 03:23:04.942 1836 INFO webob.dec [req-c7f577e1-bfca-4b20-89fc-de607242e835 - - - -

153 X-Subject-Token: gAAAAABc5kpY2FM649ObudU2xbyQqywhIKcpbHnjRnThpiRIL2lCheh5mfxLq4c9fAP37VMcTKShyCJ4L406ul7t0        1r9XksuzWzE3m3nd3bziETMH3QnbFunr9PY4LZcMfWvHgq5KswfT_Fxe4gTqY8pdRFpPj8EjXBoXQGgpyIU6VMkUOVky2bwB2
sKGU7wuyf        C5nX2LdfRfryFpGTNgRPeOBCzYhq16IMh-kjMSZ9PNCNmjpjOi2E

Revision history for this message
Divya K Konoor (dikonoor) wrote :

webob.dec does not have these log statements. Logs like someone has temporarily and explicitly added some log statements to log these for additional debugging on Archana's system. Marking this bug as invalid. False alarm :)

Changed in nova:
status: New → Invalid
Revision history for this message
Jeremy Stanley (fungi) wrote :

This was also discussed yesterday in the #openstack-security IRC channel on Freenode: http://eavesdrop.openstack.org/irclogs/%23openstack-security/%23openstack-security.2019-05-23.log.html#t2019-05-23T16:08:31

information type: Private Security → Public
Revision history for this message
Archana Prabhakar (arcprabh) wrote :

Please ignore this defect, it is invalid . Quite possible that someone had enabled additional logging while debugging issues on this set up because of which the tokens got displayed.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.