sttts/debug.patch

## debug.patch
diff --git a/test/extended/oauth/token.go b/test/extended/oauth/token.go
index 1e40791b8f8..61612b75b1e 100644
--- a/test/extended/oauth/token.go
+++ b/test/extended/oauth/token.go
@@ -4,11 +4,15 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/base64"
+	"flag"
 	"fmt"

+	"k8s.io/klog/v2"
+
 	g "github.com/onsi/ginkgo"
 	o "github.com/onsi/gomega"
 	"github.com/openshift/client-go/user/clientset/versioned"
+	"github.com/pborman/uuid"
 	"k8s.io/apimachinery/pkg/api/errors"

 	"k8s.io/client-go/rest"
@@ -38,9 +42,10 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
 		o.Expect(err).NotTo(o.HaveOccurred())
 		oc.AddResourceToDelete(userv1.GroupVersion.WithResource("users"), user)

+		token := base64.RawURLEncoding.EncodeToString([]byte(uuid.New()))
+		g.By(fmt.Sprintf("new random token %q", token))
 		g.By("creating a classic oauth access token")
-		token := "0123456789012345678900123456789001234567890123"
-		classicTokenObject, err := oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
+		_, err = oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: token,
 			},
@@ -51,7 +56,7 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
 			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
 		}, metav1.CreateOptions{})
 		o.Expect(err).NotTo(o.HaveOccurred())
-		oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)
+		//oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)

 		g.By("authenticating using the classic access token as bearer token")
 		gotUser, err := whoamiWithToken(token, oc)
@@ -75,10 +80,12 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
 		oc.AddResourceToDelete(userv1.GroupVersion.WithResource("users"), user)

 		g.By("creating a classic oauth access token")
-		token := "0123456789012345678900123456789001234567890123"
+		token := base64.RawURLEncoding.EncodeToString([]byte(uuid.New()))
 		bs := sha256.Sum256([]byte(token))
 		hash := base64.RawURLEncoding.EncodeToString(bs[:])
-		classicTokenObject, err := oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
+		g.By(fmt.Sprintf("new random token sha256:%s, hash sha256:%s", token, hash[0:]))
+		g.By("creating a classic oauth access token")
+		_, err = oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "sha256:" + hash[0:],
 			},
@@ -89,7 +96,11 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
 			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
 		}, metav1.CreateOptions{})
 		o.Expect(err).NotTo(o.HaveOccurred())
-		oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)
+		//oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)
+
+		fs := flag.NewFlagSet("test", flag.PanicOnError)
+		klog.InitFlags(fs)
+		fs.Parse([]string{"--v=9"})

 		g.By("authenticating using the sha256 prefixed access token as bearer token")
 		gotUser, err := whoamiWithToken("sha256:"+token, oc)
@@ -107,6 +118,8 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
 		g.By("not-authenticating using a non-prefixed hash as bearer token")
 		_, err = whoamiWithToken(hash[0:], oc)
 		o.Expect(errors.IsUnauthorized(err)).To(o.BeTrue())
+
+		o.Expect(false).To(o.BeTrue())
 	})
 })

diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go
index 0ed7def73e7..b376995f4c3 100644
--- a/vendor/k8s.io/client-go/rest/request.go
+++ b/vendor/k8s.io/client-go/rest/request.go
@@ -868,6 +868,7 @@ func (r *Request) request(ctx context.Context, fn func(*http.Request, *http.Resp
 		}
 		req = req.WithContext(ctx)
 		req.Header = r.headers
+		klog.V(8).Infof("headers: %#v", r.headers)

 		r.backoff.Sleep(r.backoff.CalculateBackoff(r.URL()))
 		if retries > 0 {
diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go
index a05208d924d..f9a8ab953c9 100644
--- a/vendor/k8s.io/client-go/transport/round_trippers.go
+++ b/vendor/k8s.io/client-go/transport/round_trippers.go
@@ -293,7 +293,9 @@ func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response,
 			token = refreshedToken.AccessToken
 		}
 	}
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
+	h := fmt.Sprintf("Bearer %s", token)
+	klog.V(8).Infof("bearerAuthRoundTripper Authorization: %s", h)
+	req.Header.Set("Authorization", h)
 	return rt.rt.RoundTrip(req)
 }

@@ -423,15 +425,15 @@ func (rt *debuggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, e
 		klog.Infof("%s", reqInfo.toCurl())

 	}
-	if rt.levels[debugRequestHeaders] {
-		klog.Infof("Request Headers:")
-		for key, values := range reqInfo.RequestHeaders {
-			for _, value := range values {
-				value = maskValue(key, value)
-				klog.Infof("    %s: %s", key, value)
-			}
+	//if rt.levels[debugRequestHeaders] {
+	klog.Infof("Request Headers:")
+	for key, values := range reqInfo.RequestHeaders {
+		for _, value := range values {
+			//value = maskValue(key, value)
+			klog.Infof("    %s: %s", key, value)
 		}
 	}
+	//}

 	startTime := time.Now()
 	response, err := rt.delegatedRoundTripper.RoundTrip(req)
	diff --git a/test/extended/oauth/token.go b/test/extended/oauth/token.go
	index 1e40791b8f8..61612b75b1e 100644
	--- a/test/extended/oauth/token.go
	+++ b/test/extended/oauth/token.go
	@@ -4,11 +4,15 @@ import (
	"context"
	"crypto/sha256"
	"encoding/base64"
	+ "flag"
	"fmt"

	+ "k8s.io/klog/v2"
	+
	g "github.com/onsi/ginkgo"
	o "github.com/onsi/gomega"
	"github.com/openshift/client-go/user/clientset/versioned"
	+ "github.com/pborman/uuid"
	"k8s.io/apimachinery/pkg/api/errors"

	"k8s.io/client-go/rest"
	@@ -38,9 +42,10 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
	o.Expect(err).NotTo(o.HaveOccurred())
	oc.AddResourceToDelete(userv1.GroupVersion.WithResource("users"), user)

	+ token := base64.RawURLEncoding.EncodeToString([]byte(uuid.New()))
	+ g.By(fmt.Sprintf("new random token %q", token))
	g.By("creating a classic oauth access token")
	- token := "0123456789012345678900123456789001234567890123"
	- classicTokenObject, err := oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
	+ _, err = oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
	ObjectMeta: metav1.ObjectMeta{
	Name: token,
	},
	@@ -51,7 +56,7 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
	RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
	}, metav1.CreateOptions{})
	o.Expect(err).NotTo(o.HaveOccurred())
	- oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)
	+ //oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)

	g.By("authenticating using the classic access token as bearer token")
	gotUser, err := whoamiWithToken(token, oc)
	@@ -75,10 +80,12 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
	oc.AddResourceToDelete(userv1.GroupVersion.WithResource("users"), user)

	g.By("creating a classic oauth access token")
	- token := "0123456789012345678900123456789001234567890123"
	+ token := base64.RawURLEncoding.EncodeToString([]byte(uuid.New()))
	bs := sha256.Sum256([]byte(token))
	hash := base64.RawURLEncoding.EncodeToString(bs[:])
	- classicTokenObject, err := oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
	+ g.By(fmt.Sprintf("new random token sha256:%s, hash sha256:%s", token, hash[0:]))
	+ g.By("creating a classic oauth access token")
	+ _, err = oc.AdminOauthClient().OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{
	ObjectMeta: metav1.ObjectMeta{
	Name: "sha256:" + hash[0:],
	},
	@@ -89,7 +96,11 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
	RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
	}, metav1.CreateOptions{})
	o.Expect(err).NotTo(o.HaveOccurred())
	- oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)
	+ //oc.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), classicTokenObject)
	+
	+ fs := flag.NewFlagSet("test", flag.PanicOnError)
	+ klog.InitFlags(fs)
	+ fs.Parse([]string{"--v=9"})

	g.By("authenticating using the sha256 prefixed access token as bearer token")
	gotUser, err := whoamiWithToken("sha256:"+token, oc)
	@@ -107,6 +118,8 @@ var _ = g.Describe("[sig-auth][Feature:OAuthServer] OAuth Authenticator", func()
	g.By("not-authenticating using a non-prefixed hash as bearer token")
	_, err = whoamiWithToken(hash[0:], oc)
	o.Expect(errors.IsUnauthorized(err)).To(o.BeTrue())
	+
	+ o.Expect(false).To(o.BeTrue())
	})
	})

	diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go
	index 0ed7def73e7..b376995f4c3 100644
	--- a/vendor/k8s.io/client-go/rest/request.go
	+++ b/vendor/k8s.io/client-go/rest/request.go
	@@ -868,6 +868,7 @@ func (r Request) request(ctx context.Context, fn func(http.Request, *http.Resp
	}
	req = req.WithContext(ctx)
	req.Header = r.headers
	+ klog.V(8).Infof("headers: %#v", r.headers)

	r.backoff.Sleep(r.backoff.CalculateBackoff(r.URL()))
	if retries > 0 {
	diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go
	index a05208d924d..f9a8ab953c9 100644
	--- a/vendor/k8s.io/client-go/transport/round_trippers.go
	+++ b/vendor/k8s.io/client-go/transport/round_trippers.go
	@@ -293,7 +293,9 @@ func (rt bearerAuthRoundTripper) RoundTrip(req http.Request) (*http.Response,
	token = refreshedToken.AccessToken
	}
	}
	- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
	+ h := fmt.Sprintf("Bearer %s", token)
	+ klog.V(8).Infof("bearerAuthRoundTripper Authorization: %s", h)
	+ req.Header.Set("Authorization", h)
	return rt.rt.RoundTrip(req)
	}

	@@ -423,15 +425,15 @@ func (rt debuggingRoundTripper) RoundTrip(req http.Request) (*http.Response, e
	klog.Infof("%s", reqInfo.toCurl())

	}
	- if rt.levels[debugRequestHeaders] {
	- klog.Infof("Request Headers:")
	- for key, values := range reqInfo.RequestHeaders {
	- for _, value := range values {
	- value = maskValue(key, value)
	- klog.Infof(" %s: %s", key, value)
	- }
	+ //if rt.levels[debugRequestHeaders] {
	+ klog.Infof("Request Headers:")
	+ for key, values := range reqInfo.RequestHeaders {
	+ for _, value := range values {
	+ //value = maskValue(key, value)
	+ klog.Infof(" %s: %s", key, value)
	}
	}
	+ //}

	startTime := time.Now()
	response, err := rt.delegatedRoundTripper.RoundTrip(req)