openshift
OCPBUGS-33944: Fix regex parser for censoring private key
The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine and pasted the results below. The private key is now censored as XXXX as shown below
BEFORE:
`Environment:
POD_NAMESPACE: e2e-test-unprivileged-router-7qzms (v1:metadata.namespace)
DEFAULT_CERTIFICATE:
-----BEGIN CERTIFICATE-----
**<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
**<Private key is displayed here, I have just not copied it here for security reasons>**
-----END PRIVATE KEY-----
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`
AFTER:
`Environment:
POD_NAMESPACE: e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace)
DEFAULT_CERTIFICATE:
-----BEGIN CERTIFICATE-----
**<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
-----END CERTIFICATE-----
-----XXXXXXXXXXXXXX----- ====> private key censored here
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`
@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33472, which is invalid:
- expected the bug to target either version "4.17." or "openshift-4.17.", but it targets "4.16.0" instead
- expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is Verified instead
Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.
The bug has been updated to refer to the pull request using the external bug tracker.
In response to this:
The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine. The private key is now censored as XXXX as shown below
BEFORE:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-7qzms (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- **<Private key is displayed here, I have just not copied it here for security reasons>** -----END PRIVATE KEY----- Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`AFTER:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----XXXXXXXXXXXXXX----- ====> private key censored here Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is invalid:
- expected the bug to target either version "4.17." or "openshift-4.17.", but it targets "4.16.0" instead
Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.
The bug has been updated to refer to the pull request using the external bug tracker.
In response to this:
The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine. The private key is now censored as XXXX as shown below
BEFORE:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-7qzms (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- **<Private key is displayed here, I have just not copied it here for security reasons>** -----END PRIVATE KEY----- Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`AFTER:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----XXXXXXXXXXXXXX----- ====> private key censored here Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is invalid:
- expected the bug to target only the "4.17.0" version, but multiple target versions were set
Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.
In response to this:
/jira refresh
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is valid. The bug has been moved to the POST state.
3 validation(s) were run on this bug
- bug is open, matching expected state (open)
- bug target version (4.17.0) matches configured target version for branch (4.17.0)
- bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
Requesting review from QA contact: /cc @juliemathew
In response to this:
/jira refresh
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is valid.
3 validation(s) were run on this bug
- bug is open, matching expected state (open)
- bug target version (4.17.0) matches configured target version for branch (4.17.0)
- bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
Requesting review from QA contact: /cc @juliemathew
In response to this:
The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine and pasted the results below. The private key is now censored as XXXX as shown below
BEFORE:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-7qzms (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- **<Private key is displayed here, I have just not copied it here for security reasons>** -----END PRIVATE KEY----- Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`AFTER:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----XXXXXXXXXXXXXX----- ====> private key censored here Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@Shilpa-Gokul: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| ci/prow/e2e-aws-ovn-single-node-serial | c17c14c1519540bd3ff928d515e8121a80b59b83 | link | false | /test e2e-aws-ovn-single-node-serial |
| ci/prow/e2e-aws-ovn-single-node-upgrade | c17c14c1519540bd3ff928d515e8121a80b59b83 | link | false | /test e2e-aws-ovn-single-node-upgrade |
| ci/prow/e2e-gcp-csi | c17c14c1519540bd3ff928d515e8121a80b59b83 | link | false | /test e2e-gcp-csi |
| ci/prow/e2e-aws-ovn-single-node | c17c14c1519540bd3ff928d515e8121a80b59b83 | link | false | /test e2e-aws-ovn-single-node |
| ci/prow/e2e-agnostic-ovn-cmd | c17c14c1519540bd3ff928d515e8121a80b59b83 | link | false | /test e2e-agnostic-ovn-cmd |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: neisw, Shilpa-Gokul, tvardema
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [neisw]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
@Shilpa-Gokul: Jira Issue OCPBUGS-33944: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-33944 has been moved to the MODIFIED state.
In response to this:
The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine and pasted the results below. The private key is now censored as XXXX as shown below
BEFORE:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-7qzms (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- **<Private key is displayed here, I have just not copied it here for security reasons>** -----END PRIVATE KEY----- Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`AFTER:
`Environment: POD_NAMESPACE: e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace) DEFAULT_CERTIFICATE: -----BEGIN CERTIFICATE----- **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>** -----END CERTIFICATE----- -----XXXXXXXXXXXXXX----- ====> private key censored here Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@Shilpa-Gokul: new pull request created: #28818
In response to this:
/cherry-pick release-4.16
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
@Shilpa-Gokul: new pull request could not be created: failed to create pull request against openshift/origin#release-4.16 from head openshift-cherrypick-robot:cherry-pick-28813-to-release-4.16: status code 422 not one of [201], body: {"message":"Validation Failed","errors":[{"resource":"PullRequest","code":"custom","message":"A pull request already exists for openshift-cherrypick-robot:cherry-pick-28813-to-release-4.16."}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#create-a-pull-request"}
In response to this:
/cherrypick release-4.16
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
[ART PR BUILD NOTIFIER]
This PR has been included in build openshift-enterprise-tests-container-v4.17.0-202405212243.p0.gfc2bcb2.assembly.stream.el9 for distgit openshift-enterprise-tests. All builds following this will include this PR.
