From d85d940a0863e085b03676ee77737cfa89da2bce Mon Sep 17 00:00:00 2001
From: Shilpa-Gokul <shilpagokul95@gmail.com>
Date: Wed, 11 Jun 2025 18:05:14 +0530
Subject: [PATCH 1/3] OCPBUGS-57334: Redact bearertoken in TestContext

---
 pkg/cmd/openshift-tests/run-upgrade/options.go | 5 ++++-
 pkg/test/extensions/binary.go                  | 5 ++++-
 test/extended/util/client.go                   | 4 +++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/pkg/cmd/openshift-tests/run-upgrade/options.go b/pkg/cmd/openshift-tests/run-upgrade/options.go
index 34f30c4db519..2d72aeebc037 100644
--- a/pkg/cmd/openshift-tests/run-upgrade/options.go
+++ b/pkg/cmd/openshift-tests/run-upgrade/options.go
@@ -72,7 +72,10 @@ func (o *RunUpgradeSuiteOptions) UpgradeTestPreSuite() error {
 	if err := clusterdiscovery.InitializeTestFramework(exutil.TestContext, config, o.GinkgoRunSuiteOptions.DryRun); err != nil {
 		return err
 	}
-	klog.V(4).Infof("Loaded test configuration: %#v", exutil.TestContext)
+	// Redact the bearer token exposure
+	testContextString := fmt.Sprintf("%#v", exutil.TestContext)
+	redactedTestContext := exutil.RedactBearerToken(testContextString)
+	klog.V(4).Infof("Loaded test configuration: %s", redactedTestContext)
 
 	return nil
 }
diff --git a/pkg/test/extensions/binary.go b/pkg/test/extensions/binary.go
index ec1a668b99cb..a13aaa10824e 100644
--- a/pkg/test/extensions/binary.go
+++ b/pkg/test/extensions/binary.go
@@ -105,7 +105,10 @@ func InitializeOpenShiftTestsExtensionFramework() (*extension.Registry, *extensi
 		if err := clusterdiscovery.InitializeTestFramework(exutil.TestContext, config, false); err != nil {
 			panic(err)
 		}
-		klog.V(4).Infof("Loaded test configuration: %#v", exutil.TestContext)
+		// Redact the bearer token exposure
+		testContextString := fmt.Sprintf("%#v", exutil.TestContext)
+		redactedTestContext := exutil.RedactBearerToken(testContextString)
+		klog.V(4).Infof("Loaded test configuration: %s", redactedTestContext)
 
 		exutil.TestContext.ReportDir = os.Getenv("TEST_JUNIT_DIR")
 
diff --git a/test/extended/util/client.go b/test/extended/util/client.go
index 5e034dd6261e..328ce9d7c192 100644
--- a/test/extended/util/client.go
+++ b/test/extended/util/client.go
@@ -1042,9 +1042,11 @@ func (c *CLI) start(stdOutBuff, stdErrBuff *bytes.Buffer) (*exec.Cmd, error) {
 
 func RedactBearerToken(args string) string {
 	if strings.Contains(args, "Authorization: Bearer") {
-		// redact bearer token
 		re := regexp.MustCompile(`Authorization:\s+Bearer.*\s+`)
 		args = re.ReplaceAllString(args, "Authorization: Bearer <redacted> ")
+	} else if strings.Contains(args, "BearerToken") {
+		re := regexp.MustCompile(`BearerToken:\s*\"[^\"]+\"`)
+		args = re.ReplaceAllString(args, "BearerToken: <redacted> ")
 	}
 	return args
 }

From bfe6f67f02333e1183a0f258a2a5cf6da3c95f41 Mon Sep 17 00:00:00 2001
From: alokgoswami-ag <alok.goswami@ibm.com>
Date: Tue, 7 Oct 2025 13:11:29 +0530
Subject: [PATCH 2/3] Addressed PR feedback: move regex outside the function

---
 test/extended/util/client.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/test/extended/util/client.go b/test/extended/util/client.go
index 328ce9d7c192..1af62cd7137a 100644
--- a/test/extended/util/client.go
+++ b/test/extended/util/client.go
@@ -1040,13 +1040,16 @@ func (c *CLI) start(stdOutBuff, stdErrBuff *bytes.Buffer) (*exec.Cmd, error) {
 	return cmd, err
 }
 
+var (
+	reAuthorizationBearer = regexp.MustCompile(`Authorization:\s+Bearer.*\s+`)
+	reBearerToken         = regexp.MustCompile(`BearerToken:\s*\"[^\"]+\"`)
+)
+
 func RedactBearerToken(args string) string {
 	if strings.Contains(args, "Authorization: Bearer") {
-		re := regexp.MustCompile(`Authorization:\s+Bearer.*\s+`)
-		args = re.ReplaceAllString(args, "Authorization: Bearer <redacted> ")
+		args = reAuthorizationBearer.ReplaceAllString(args, "Authorization: Bearer <redacted> ")
 	} else if strings.Contains(args, "BearerToken") {
-		re := regexp.MustCompile(`BearerToken:\s*\"[^\"]+\"`)
-		args = re.ReplaceAllString(args, "BearerToken: <redacted> ")
+		args = reBearerToken.ReplaceAllString(args, "BearerToken: <redacted> ")
 	}
 	return args
 }

From 004970520492cc8c95286e4b0341f5060b380e20 Mon Sep 17 00:00:00 2001
From: alokgoswami-ag <alok.goswami@ibm.com>
Date: Tue, 7 Oct 2025 13:11:29 +0530
Subject: [PATCH 3/3] Addressed PR feedback: move regex outside the function

---
 test/extended/util/client.go | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/test/extended/util/client.go b/test/extended/util/client.go
index 1af62cd7137a..eaafeda8bf78 100644
--- a/test/extended/util/client.go
+++ b/test/extended/util/client.go
@@ -1040,18 +1040,10 @@ func (c *CLI) start(stdOutBuff, stdErrBuff *bytes.Buffer) (*exec.Cmd, error) {
 	return cmd, err
 }
 
-var (
-	reAuthorizationBearer = regexp.MustCompile(`Authorization:\s+Bearer.*\s+`)
-	reBearerToken         = regexp.MustCompile(`BearerToken:\s*\"[^\"]+\"`)
-)
+var reToken = regexp.MustCompile(`(?i)(Authorization:\s*Bearer\s+)[^\s"]+|((BearerToken:\s*")[^"]+)`)
 
 func RedactBearerToken(args string) string {
-	if strings.Contains(args, "Authorization: Bearer") {
-		args = reAuthorizationBearer.ReplaceAllString(args, "Authorization: Bearer <redacted> ")
-	} else if strings.Contains(args, "BearerToken") {
-		args = reBearerToken.ReplaceAllString(args, "BearerToken: <redacted> ")
-	}
-	return args
+	return reToken.ReplaceAllString(args, `${1}${3}<redacted>`)
 }
 
 // getStartingIndexForLastN calculates a byte offset in a byte slice such that when using