scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

add extra group and usage check for bootstraptoken

Browse Source 
kubeadm creates the bootstrap token with extra group
, system:bootstrappers:kubeadm:default-node-token,
should be able to be used for authentication and
signing.

Signed-off-by: Howard Zhang <howard.zhang@arm.com>
This commit is contained in:
Howard Zhang
2019-12-20 15:23:02 +08:00
parent d758fc3edb
commit 299a9c8cf5
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
test/e2e_kubeadm/bootstrap_token_test.go
View File

@@ -20,6 +20,7 @@ import (
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
"k8s.io/kubernetes/test/e2e/framework"
"github.com/onsi/ginkgo"
@@ -54,8 +55,12 @@ var _ = Describe("bootstrap token", func() {
tokenNum := 0
for _, s := range secrets.Items {
if s.Type == corev1.SecretTypeBootstrapToken {
//TODO: might be we want to further check tokens (auth-extra-groups, usage etc)
// check extra group and usage of token, make sure at least one token exist
if s.Type == corev1.SecretTypeBootstrapToken && string(s.Data[bootstrapapi.BootstrapTokenExtraGroupsKey]) == bootstrapTokensGroup {
usageBootstrapAuthentication := string(s.Data[bootstrapapi.BootstrapTokenUsageAuthentication])
usageBootstrapSigning := string(s.Data[bootstrapapi.BootstrapTokenUsageSigningKey])
gomega.Expect(usageBootstrapAuthentication).Should(gomega.Equal("true"), "the bootstrap token should be able to be used for authentication")
gomega.Expect(usageBootstrapSigning).Should(gomega.Equal("true"), "the bootstrap token should be able to be used for signing")
tokenNum++
}
}