OCPBUGS-33944: Fix regex parser for censoring private key

[Shilpa-Gokul]

The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine and pasted the results below. The private key is now censored as XXXX as shown below

BEFORE:

`Environment:
        POD_NAMESPACE:        e2e-test-unprivileged-router-7qzms (v1:metadata.namespace)
        DEFAULT_CERTIFICATE:
                              -----BEGIN CERTIFICATE-----
                              **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                              -----END CERTIFICATE-----
                              -----BEGIN PRIVATE KEY-----
                              **<Private key is displayed here, I have just not copied it here for security reasons>**
                              -----END PRIVATE KEY-----

 Mounts:
        /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`

AFTER:

`Environment:
        POD_NAMESPACE:        e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace)
        DEFAULT_CERTIFICATE:
                              -----BEGIN CERTIFICATE-----
                              **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                              -----END CERTIFICATE-----
                              -----XXXXXXXXXXXXXX-----          ====> private key censored here

 Mounts:
        /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`

[openshift-ci-robot]

@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33472, which is invalid:

• expected the bug to target either version "4.17." or "openshift-4.17.", but it targets "4.16.0" instead
• expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is Verified instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine. The private key is now censored as XXXX as shown below

BEFORE:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-7qzms (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----BEGIN PRIVATE KEY-----
                             **<Private key is displayed here, I have just not copied it here for security reasons>**
                             -----END PRIVATE KEY-----

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`

AFTER:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----XXXXXXXXXXXXXX-----          ====> private key censored here

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is invalid:

• expected the bug to target either version "4.17." or "openshift-4.17.", but it targets "4.16.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine. The private key is now censored as XXXX as shown below

BEFORE:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-7qzms (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----BEGIN PRIVATE KEY-----
                             **<Private key is displayed here, I have just not copied it here for security reasons>**
                             -----END PRIVATE KEY-----

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`

AFTER:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----XXXXXXXXXXXXXX-----          ====> private key censored here

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[Shilpa-Gokul]

/jira refresh

[openshift-ci-robot]

@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is invalid:

• expected the bug to target only the "4.17.0" version, but multiple target versions were set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[Shilpa-Gokul]

/jira refresh

[openshift-ci-robot]

@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @juliemathew

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@Shilpa-Gokul: This pull request references Jira Issue OCPBUGS-33944, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @juliemathew

In response to this:

The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine and pasted the results below. The private key is now censored as XXXX as shown below

BEFORE:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-7qzms (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----BEGIN PRIVATE KEY-----
                             **<Private key is displayed here, I have just not copied it here for security reasons>**
                             -----END PRIVATE KEY-----

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`

AFTER:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----XXXXXXXXXXXXXX-----          ====> private key censored here

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tvardema]

/lgtm

[tvardema]

/retest-required

[openshift-ci]

@Shilpa-Gokul: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-single-node-serial	c17c14c	link	false	/test e2e-aws-ovn-single-node-serial
ci/prow/e2e-aws-ovn-single-node-upgrade	c17c14c	link	false	/test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-gcp-csi	c17c14c	link	false	/test e2e-gcp-csi
ci/prow/e2e-aws-ovn-single-node	c17c14c	link	false	/test e2e-aws-ovn-single-node
ci/prow/e2e-agnostic-ovn-cmd	c17c14c	link	false	/test e2e-agnostic-ovn-cmd

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[neisw]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: neisw, Shilpa-Gokul, tvardema

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [neisw]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@Shilpa-Gokul: Jira Issue OCPBUGS-33944: All pull requests linked via external trackers have merged:

• openshift/origin#28813

Jira Issue OCPBUGS-33944 has been moved to the MODIFIED state.

In response to this:

The current regex parser fails to match when there is a new line. Have fixed it to match any whitespace/non whitespace character. Mocked a negative test run locally and verified that it works fine and pasted the results below. The private key is now censored as XXXX as shown below

BEFORE:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-7qzms (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----BEGIN PRIVATE KEY-----
                             **<Private key is displayed here, I have just not copied it here for security reasons>**
                             -----END PRIVATE KEY-----

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rgtsw (ro)`

AFTER:

`Environment:
       POD_NAMESPACE:        e2e-test-unprivileged-router-x8c78 (v1:metadata.namespace)
       DEFAULT_CERTIFICATE:
                             -----BEGIN CERTIFICATE-----
                             **<Certificate is displayed here, its not censored in the logs, I have just not copied it here for security reasons>**
                             -----END CERTIFICATE-----
                             -----XXXXXXXXXXXXXX-----          ====> private key censored here

Mounts:
       /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sxhq4 (ro)`

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[Shilpa-Gokul]

/cherrypick release-4.16

[openshift-cherrypick-robot]

@Shilpa-Gokul: new pull request created: #28818

In response to this:

/cherry-pick release-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-cherrypick-robot]

@Shilpa-Gokul: new pull request could not be created: failed to create pull request against openshift/origin#release-4.16 from head openshift-cherrypick-robot:cherry-pick-28813-to-release-4.16: status code 422 not one of [201], body: {"message":"Validation Failed","errors":[{"resource":"PullRequest","code":"custom","message":"A pull request already exists for openshift-cherrypick-robot:cherry-pick-28813-to-release-4.16."}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#create-a-pull-request"}

In response to this:

/cherrypick release-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build openshift-enterprise-tests-container-v4.17.0-202405212243.p0.gfc2bcb2.assembly.stream.el9 for distgit openshift-enterprise-tests.
All builds following this will include this PR.