github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 22:46:12 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #70174 from yue9944882/chore/switch-token-authn-informer

Browse Source 
Switch bootstrap token authenticator informer to external types
This commit is contained in:
k8s-ci-robot 2018-10-24 07:26:08 -07:00 committed by GitHub
commit d5d8421e63
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 49 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/kube-apiserver/app/server.go
View File

@ -524,7 +524,7 @@ func buildGenericConfig(
} }
serviceResolver = aggregatorapiserver.NewLoopbackServiceResolver(serviceResolver, localHost) serviceResolver = aggregatorapiserver.NewLoopbackServiceResolver(serviceResolver, localHost)
genericConfig.Authentication.Authenticator, genericConfig.OpenAPIConfig.SecurityDefinitions, err = BuildAuthenticator(s, clientgoExternalClient, sharedInformers) genericConfig.Authentication.Authenticator, genericConfig.OpenAPIConfig.SecurityDefinitions, err = BuildAuthenticator(s, clientgoExternalClient, versionedInformers)
if err != nil { if err != nil {
lastErr = fmt.Errorf("invalid authentication config: %v", err) lastErr = fmt.Errorf("invalid authentication config: %v", err)
return return
@ -625,13 +625,13 @@ func BuildAdmissionPluginInitializers(
} }
// BuildAuthenticator constructs the authenticator // BuildAuthenticator constructs the authenticator
func BuildAuthenticator(s *options.ServerRunOptions, extclient clientgoclientset.Interface, sharedInformers informers.SharedInformerFactory) (authenticator.Request, *spec.SecurityDefinitions, error) { func BuildAuthenticator(s *options.ServerRunOptions, extclient clientgoclientset.Interface, versionedInformer clientgoinformers.SharedInformerFactory) (authenticator.Request, *spec.SecurityDefinitions, error) {
authenticatorConfig := s.Authentication.ToAuthenticationConfig() authenticatorConfig := s.Authentication.ToAuthenticationConfig()
if s.Authentication.ServiceAccounts.Lookup { if s.Authentication.ServiceAccounts.Lookup {
authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(extclient) authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(extclient)
} }
authenticatorConfig.BootstrapTokenAuthenticator = bootstrap.NewTokenAuthenticator( authenticatorConfig.BootstrapTokenAuthenticator = bootstrap.NewTokenAuthenticator(
sharedInformers.Core().InternalVersion().Secrets().Lister().Secrets(v1.NamespaceSystem), versionedInformer.Core().V1().Secrets().Lister().Secrets(v1.NamespaceSystem),
) )
return authenticatorConfig.New() return authenticatorConfig.New()

6
plugin/pkg/auth/authenticator/token/bootstrap/BUILD
View File

@ -11,7 +11,7 @@ go_test(
srcs = ["bootstrap_test.go"], srcs = ["bootstrap_test.go"],
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//pkg/apis/core:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
@ -26,12 +26,12 @@ go_library(
srcs = ["bootstrap.go"], srcs = ["bootstrap.go"],
importpath = "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap", importpath = "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap",
deps = [ deps = [
"//pkg/apis/core:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//pkg/client/listers/core/internalversion:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/client-go/listers/core/v1:go_default_library",
"//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library", "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
"//staging/src/k8s.io/cluster-bootstrap/token/util:go_default_library", "//staging/src/k8s.io/cluster-bootstrap/token/util:go_default_library",
"//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/golang/glog:go_default_library",

16
plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go
View File

@ -29,14 +29,14 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
corev1listers "k8s.io/client-go/listers/core/v1"
bootstrapapi "k8s.io/cluster-bootstrap/token/api" bootstrapapi "k8s.io/cluster-bootstrap/token/api"
bootstraputil "k8s.io/cluster-bootstrap/token/util" bootstraputil "k8s.io/cluster-bootstrap/token/util"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/client/listers/core/internalversion"
) )
// TODO: A few methods in this package is copied from other sources. Either // TODO: A few methods in this package is copied from other sources. Either
@ -46,13 +46,13 @@ import (
// NewTokenAuthenticator initializes a bootstrap token authenticator. // NewTokenAuthenticator initializes a bootstrap token authenticator.
// //
// Lister is expected to be for the "kube-system" namespace. // Lister is expected to be for the "kube-system" namespace.
func NewTokenAuthenticator(lister internalversion.SecretNamespaceLister) *TokenAuthenticator { func NewTokenAuthenticator(lister corev1listers.SecretNamespaceLister) *TokenAuthenticator {
return &TokenAuthenticator{lister} return &TokenAuthenticator{lister}
} }
// TokenAuthenticator authenticates bootstrap tokens from secrets in the API server. // TokenAuthenticator authenticates bootstrap tokens from secrets in the API server.
type TokenAuthenticator struct { type TokenAuthenticator struct {
lister internalversion.SecretNamespaceLister lister corev1listers.SecretNamespaceLister
} }
// tokenErrorf prints a error message for a secret that has matched a bearer // tokenErrorf prints a error message for a secret that has matched a bearer
@ -60,7 +60,7 @@ type TokenAuthenticator struct {
// //
// tokenErrorf(secret, "has invalid value for key %s", key) // tokenErrorf(secret, "has invalid value for key %s", key)
// //
func tokenErrorf(s *api.Secret, format string, i ...interface{}) { func tokenErrorf(s *corev1.Secret, format string, i ...interface{}) {
format = fmt.Sprintf("Bootstrap secret %s/%s matching bearer token ", s.Namespace, s.Name) + format format = fmt.Sprintf("Bootstrap secret %s/%s matching bearer token ", s.Namespace, s.Name) + format
glog.V(3).Infof(format, i...) glog.V(3).Infof(format, i...)
} }
@ -155,7 +155,7 @@ func (t *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string
} }
// Copied from k8s.io/cluster-bootstrap/token/api // Copied from k8s.io/cluster-bootstrap/token/api
func getSecretString(secret *api.Secret, key string) string { func getSecretString(secret *corev1.Secret, key string) string {
data, ok := secret.Data[key] data, ok := secret.Data[key]
if !ok { if !ok {
return "" return ""
@ -165,7 +165,7 @@ func getSecretString(secret *api.Secret, key string) string {
} }
// Copied from k8s.io/cluster-bootstrap/token/api // Copied from k8s.io/cluster-bootstrap/token/api
func isSecretExpired(secret *api.Secret) bool { func isSecretExpired(secret *corev1.Secret) bool {
expiration := getSecretString(secret, bootstrapapi.BootstrapTokenExpirationKey) expiration := getSecretString(secret, bootstrapapi.BootstrapTokenExpirationKey)
if len(expiration) > 0 { if len(expiration) > 0 {
expTime, err2 := time.Parse(time.RFC3339, expiration) expTime, err2 := time.Parse(time.RFC3339, expiration)
@ -205,7 +205,7 @@ func parseToken(s string) (string, string, error) {
// getGroups loads and validates the bootstrapapi.BootstrapTokenExtraGroupsKey // getGroups loads and validates the bootstrapapi.BootstrapTokenExtraGroupsKey
// key from the bootstrap token secret, returning a list of group names or an // key from the bootstrap token secret, returning a list of group names or an
// error if any of the group names are invalid. // error if any of the group names are invalid.
func getGroups(secret *api.Secret) ([]string, error) { func getGroups(secret *corev1.Secret) ([]string, error) {
// always include the default group // always include the default group
groups := sets.NewString(bootstrapapi.BootstrapDefaultGroup) groups := sets.NewString(bootstrapapi.BootstrapDefaultGroup)

40
plugin/pkg/auth/authenticator/token/bootstrap/bootstrap_test.go
View File

@ -21,24 +21,24 @@ import (
"reflect" "reflect"
"testing" "testing"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
bootstrapapi "k8s.io/cluster-bootstrap/token/api" bootstrapapi "k8s.io/cluster-bootstrap/token/api"
api "k8s.io/kubernetes/pkg/apis/core"
) )
type lister struct { type lister struct {
secrets []*api.Secret secrets []*corev1.Secret
} }
func (l *lister) List(selector labels.Selector) (ret []*api.Secret, err error) { func (l *lister) List(selector labels.Selector) (ret []*corev1.Secret, err error) {
return l.secrets, nil return l.secrets, nil
} }
func (l *lister) Get(name string) (*api.Secret, error) { func (l *lister) Get(name string) (*corev1.Secret, error) {
for _, s := range l.secrets { for _, s := range l.secrets {
if s.Name == name { if s.Name == name {
return s, nil return s, nil
@ -58,7 +58,7 @@ func TestTokenAuthenticator(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
secrets []*api.Secret secrets []*corev1.Secret
token string token string
wantNotFound bool wantNotFound bool
@ -66,7 +66,7 @@ func TestTokenAuthenticator(t *testing.T) {
}{ }{
{ {
name: "valid token", name: "valid token",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -87,7 +87,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "valid token with extra group", name: "valid token with extra group",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -109,7 +109,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "invalid group", name: "invalid group",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -128,7 +128,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "invalid secret name", name: "invalid secret name",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "bad-name", Name: "bad-name",
@ -146,7 +146,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "no usage", name: "no usage",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -163,7 +163,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "wrong token", name: "wrong token",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -181,7 +181,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "deleted token", name: "deleted token",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -200,7 +200,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "expired token", name: "expired token",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -219,7 +219,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "not expired token", name: "not expired token",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID, Name: bootstrapapi.BootstrapTokenSecretPrefix + tokenID,
@ -241,7 +241,7 @@ func TestTokenAuthenticator(t *testing.T) {
}, },
{ {
name: "token id wrong length", name: "token id wrong length",
secrets: []*api.Secret{ secrets: []*corev1.Secret{
{ {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: bootstrapapi.BootstrapTokenSecretPrefix + "foo", Name: bootstrapapi.BootstrapTokenSecretPrefix + "foo",
@ -292,13 +292,13 @@ func TestTokenAuthenticator(t *testing.T) {
func TestGetGroups(t *testing.T) { func TestGetGroups(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
secret *api.Secret secret *corev1.Secret
expectResult []string expectResult []string
expectError bool expectError bool
}{ }{
{ {
name: "not set", name: "not set",
secret: &api.Secret{ secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "test"}, ObjectMeta: metav1.ObjectMeta{Name: "test"},
Data: map[string][]byte{}, Data: map[string][]byte{},
}, },
@ -306,7 +306,7 @@ func TestGetGroups(t *testing.T) {
}, },
{ {
name: "set to empty value", name: "set to empty value",
secret: &api.Secret{ secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "test"}, ObjectMeta: metav1.ObjectMeta{Name: "test"},
Data: map[string][]byte{ Data: map[string][]byte{
bootstrapapi.BootstrapTokenExtraGroupsKey: []byte(""), bootstrapapi.BootstrapTokenExtraGroupsKey: []byte(""),
@ -316,7 +316,7 @@ func TestGetGroups(t *testing.T) {
}, },
{ {
name: "invalid prefix", name: "invalid prefix",
secret: &api.Secret{ secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "test"}, ObjectMeta: metav1.ObjectMeta{Name: "test"},
Data: map[string][]byte{ Data: map[string][]byte{
bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("foo"), bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("foo"),
@ -326,7 +326,7 @@ func TestGetGroups(t *testing.T) {
}, },
{ {
name: "valid", name: "valid",
secret: &api.Secret{ secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "test"}, ObjectMeta: metav1.ObjectMeta{Name: "test"},
Data: map[string][]byte{ Data: map[string][]byte{
bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("system:bootstrappers:foo,system:bootstrappers:bar,system:bootstrappers:bar"), bootstrapapi.BootstrapTokenExtraGroupsKey: []byte("system:bootstrappers:foo,system:bootstrappers:bar,system:bootstrappers:bar"),

4
staging/src/k8s.io/api/core/v1/types.go
View File

@ -4996,6 +4996,10 @@ const (
TLSCertKey = "tls.crt" TLSCertKey = "tls.crt"
// TLSPrivateKeyKey is the key for the private key field in a TLS secret. // TLSPrivateKeyKey is the key for the private key field in a TLS secret.
TLSPrivateKeyKey = "tls.key" TLSPrivateKeyKey = "tls.key"
// SecretTypeBootstrapToken is used during the automated bootstrap process (first
// implemented by kubeadm). It stores tokens that are used to sign well known
// ConfigMaps. They are used for authn.
SecretTypeBootstrapToken SecretType = "bootstrap.kubernetes.io/token"
) )
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

22
test/integration/auth/bootstraptoken_test.go
View File

@ -24,24 +24,24 @@ import (
"testing" "testing"
"time" "time"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/apiserver/pkg/authentication/request/bearertoken" "k8s.io/apiserver/pkg/authentication/request/bearertoken"
bootstrapapi "k8s.io/cluster-bootstrap/token/api" bootstrapapi "k8s.io/cluster-bootstrap/token/api"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap" "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap"
bootstraputil "k8s.io/kubernetes/test/e2e/lifecycle/bootstrap" bootstraputil "k8s.io/kubernetes/test/e2e/lifecycle/bootstrap"
"k8s.io/kubernetes/test/integration" "k8s.io/kubernetes/test/integration"
"k8s.io/kubernetes/test/integration/framework" "k8s.io/kubernetes/test/integration/framework"
) )
type bootstrapSecrets []*api.Secret type bootstrapSecrets []*corev1.Secret
func (b bootstrapSecrets) List(selector labels.Selector) (ret []*api.Secret, err error) { func (b bootstrapSecrets) List(selector labels.Selector) (ret []*corev1.Secret, err error) {
return b, nil return b, nil
} }
func (b bootstrapSecrets) Get(name string) (*api.Secret, error) { func (b bootstrapSecrets) Get(name string) (*corev1.Secret, error) {
return b[0], nil return b[0], nil
} }
@ -55,36 +55,36 @@ func TestBootstrapTokenAuth(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
var bootstrapSecretValid = &api.Secret{ var bootstrapSecretValid = &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: metav1.NamespaceSystem, Namespace: metav1.NamespaceSystem,
Name: bootstrapapi.BootstrapTokenSecretPrefix, Name: bootstrapapi.BootstrapTokenSecretPrefix,
}, },
Type: api.SecretTypeBootstrapToken, Type: corev1.SecretTypeBootstrapToken,
Data: map[string][]byte{ Data: map[string][]byte{
bootstrapapi.BootstrapTokenIDKey: []byte(tokenId), bootstrapapi.BootstrapTokenIDKey: []byte(tokenId),
bootstrapapi.BootstrapTokenSecretKey: []byte(secret), bootstrapapi.BootstrapTokenSecretKey: []byte(secret),
bootstrapapi.BootstrapTokenUsageAuthentication: []byte("true"), bootstrapapi.BootstrapTokenUsageAuthentication: []byte("true"),
}, },
} }
var bootstrapSecretInvalid = &api.Secret{ var bootstrapSecretInvalid = &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: metav1.NamespaceSystem, Namespace: metav1.NamespaceSystem,
Name: bootstrapapi.BootstrapTokenSecretPrefix, Name: bootstrapapi.BootstrapTokenSecretPrefix,
}, },
Type: api.SecretTypeBootstrapToken, Type: corev1.SecretTypeBootstrapToken,
Data: map[string][]byte{ Data: map[string][]byte{
bootstrapapi.BootstrapTokenIDKey: []byte(tokenId), bootstrapapi.BootstrapTokenIDKey: []byte(tokenId),
bootstrapapi.BootstrapTokenSecretKey: []byte("invalid"), bootstrapapi.BootstrapTokenSecretKey: []byte("invalid"),
bootstrapapi.BootstrapTokenUsageAuthentication: []byte("true"), bootstrapapi.BootstrapTokenUsageAuthentication: []byte("true"),
}, },
} }
var expiredBootstrapToken = &api.Secret{ var expiredBootstrapToken = &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: metav1.NamespaceSystem, Namespace: metav1.NamespaceSystem,
Name: bootstrapapi.BootstrapTokenSecretPrefix, Name: bootstrapapi.BootstrapTokenSecretPrefix,
}, },
Type: api.SecretTypeBootstrapToken, Type: corev1.SecretTypeBootstrapToken,
Data: map[string][]byte{ Data: map[string][]byte{
bootstrapapi.BootstrapTokenIDKey: []byte(tokenId), bootstrapapi.BootstrapTokenIDKey: []byte(tokenId),
bootstrapapi.BootstrapTokenSecretKey: []byte("invalid"), bootstrapapi.BootstrapTokenSecretKey: []byte("invalid"),
@ -101,7 +101,7 @@ func TestBootstrapTokenAuth(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
request request request request
secret *api.Secret secret *corev1.Secret
}{ }{
{ {
name: "valid token", name: "valid token",