You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting up the gitlab discovery plugin with gitlab integration with the helm chart, the following error gets returned when the gitlab integration token contains a newline character:
2023-11-22T22:31:04.652Z catalog error GitlabDiscoveryEntityProvider:mygitlab refresh failed, TypeError: [REDACTED] is not a legal HTTP header value [REDACTED] is not a legal HTTP header value type=plugin target=GitlabDiscoveryEntityProvider:mygitlab class=GitlabDiscoveryEntityProvider$1 taskId=GitlabDiscoveryEntityProvider:mygitlab:refresh taskInstanceId=36d950ed-0ee9-4fbe-b462-948af9899143 stack=TypeError: glpat-<rest of the exposed token>
is not a legal HTTP header value
at validateValue (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/node_modules/node-fetch/lib/index.js:684:9)
at Headers.append (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/node_modules/node-fetch/lib/index.js:836:3)
at new Headers (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/node_modules/node-fetch/lib/index.js:761:11)
at new Request (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/node_modules/node-fetch/lib/index.js:1231:19)
at /opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/node_modules/node-fetch/lib/index.js:1449:19
at new Promise (<anonymous>)
at Object.fetch [as default] (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/node_modules/node-fetch/lib/index.js:1447:9)
at GitLabClient.pagedRequest (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/dist/index.cjs.js:300:53)
at GitLabClient.listProjects (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/dist/index.cjs.js:68:19)
at paginated.archived (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/dist/index.cjs.js:469:27)
at paginated (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/dist/index.cjs.js:321:17)
at paginated.next (<anonymous>)
at GitlabDiscoveryEntityProvider$1.refresh (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/dist/index.cjs.js:481:22)
at fn (/opt/app-root/src/dynamic-plugins-root/backstage-plugin-catalog-backend-module-gitlab-dynamic-0.3.3/dist/index.cjs.js:446:24)
at TaskWorker.fn (/opt/app-root/src/node_modules/@backstage/backend-tasks/dist/index.cjs.js:599:15)
at TaskWorker.runOnce (/opt/app-root/src/node_modules/@backstage/backend-tasks/dist/index.cjs.js:350:18)
Expected Behavior
Token is not exposed when errors occur (should be [REDACTED] throughout the entire error log)
Populate GITLAB_TOKEN with the gitlab token in a Secret and apply both the Secret and ConfigMap to the Helm Chart. But accidentally encode it with a \n in it. Ex: suppose token is abc then insert abc\n instead.
Start the backstage instance and wait for the GitlabDiscoveryEntityProvider to start fetching. It should throw the error described above when it tries to fetch, and expose the gitlab token in the stack trace.
Zaperex
changed the title
Gitlab Integration Token exposed when gitlab discovery plugin refresh task fails
Gitlab Integration Token exposed when gitlab discovery plugin refresh task fails due to invalid token
Nov 23, 2023
Zaperex
changed the title
Gitlab Integration Token exposed when gitlab discovery plugin refresh task fails due to invalid token
Gitlab Integration Token exposed when gitlab discovery plugin refresh task fails due to newline in token
Nov 23, 2023
Describe the bug
When setting up the gitlab discovery plugin with gitlab integration with the helm chart, the following error gets returned when the gitlab integration token contains a newline character:
Expected Behavior
Token is not exposed when errors occur (should be
[REDACTED]
throughout the entire error log)What are the steps to reproduce this bug?
GITLAB_TOKEN
with the gitlab token in a Secret and apply both the Secret and ConfigMap to the Helm Chart. But accidentally encode it with a\n
in it. Ex: suppose token isabc
then insertabc\n
instead.GitlabDiscoveryEntityProvider
to start fetching. It should throw the error described above when it tries to fetch, and expose the gitlab token in the stack trace.Versions of software used and environment
RHDH image: quay.io/rhdh/rhdh-hub-rhel9:1.0-187
Helm Chart: https://github.com/rhdh-bot/openshift-helm-charts/raw/developer-hub-1.0-187-CI/charts/redhat/redhat/developer-hub/1.0-187-CI/developer-hub-1.0-187-CI.tgz
Upstream Issue
backstage/backstage#21503
The text was updated successfully, but these errors were encountered: