Add extra group constants and validation to pkg/bootstrap/api.

This adds constants and validation for a new `auth-extra-groups` key on `bootstrap.kubernetes.io/token` secrets. This key allows a bootstrap token to authenticate to extra groups in addition to the `system:bootstrappers` group. Extra groups are always applied in addition to the `system:bootstrappers` group, must begin with a `system:bootstrappers:` prefix, are limited in length, and are limited to a restricted set of characters (alphanumeric, colons, and dashes without a trailing colon/dash).
2025-11-02 14:51:58 +00:00 · 2017-08-22 15:43:47 -05:00
parent a235ba4e49
commit 33e02aff60
5 changed files with 110 additions and 4 deletions
--- a/pkg/bootstrap/api/BUILD
+++ b/pkg/bootstrap/api/BUILD
@@ -3,12 +3,14 @@ package(default_visibility = ["//visibility:public"])
 load(
    "@io_bazel_rules_go//go:def.bzl",
    "go_library",
+    "go_test",
 )

 go_library(
    name = "go_default_library",
    srcs = [
        "doc.go",
+        "helpers.go",
        "types.go",
    ],
    deps = ["//vendor/k8s.io/api/core/v1:go_default_library"],
@@ -26,3 +28,9 @@ filegroup(
    srcs = [":package-srcs"],
    tags = ["automanaged"],
 )
+
+go_test(
+    name = "go_default_test",
+    srcs = ["helpers_test.go"],
+    library = ":go_default_library",
+)