add secret back to the workqueue with delay time, avoid expired bootstrap tokens not being deleted

pkg/controller/bootstrap/tokencleaner_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/davecgh/go-spew/spew"
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/informers"
 	coreinformers "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes/fake"
@@ -100,3 +101,46 @@ func TestCleanerNotExpired(t *testing.T) {
 
 	verifyActions(t, expected, cl.Actions())
 }
+
+func TestCleanerExpiredAt(t *testing.T) {
+	cleaner, cl, secrets, err := newTokenCleaner()
+	if err != nil {
+		t.Fatalf("error creating TokenCleaner: %v", err)
+	}
+
+	secret := newTokenSecret("tokenID", "tokenSecret")
+	addSecretExpiration(secret, timeString(2*time.Second))
+	expected := []core.Action{}
+	verifyFunc := func() {
+		secrets.Informer().GetIndexer().Add(secret)
+		cleaner.evalSecret(secret)
+		verifyActions(t, expected, cl.Actions())
+	}
+	// token has not expired currently
+	verifyFunc()
+
+	if cleaner.queue.Len() != 0 {
+		t.Errorf("not using the queue, the length should be 0, now: %v", cleaner.queue.Len())
+	}
+
+	var conditionFunc = func() (bool, error) {
+		if cleaner.queue.Len() == 1 {
+			return true, nil
+		}
+		return false, nil
+	}
+
+	err = wait.Poll(100*time.Millisecond, wait.ForeverTestTimeout, conditionFunc)
+	if err != nil {
+		t.Fatalf("secret is put back into the queue, the queue length should be 1, error: %v\n", err)
+	}
+
+	// secret was eventually deleted
+	expected = []core.Action{
+		core.NewDeleteAction(
+			schema.GroupVersionResource{Version: "v1", Resource: "secrets"},
+			api.NamespaceSystem,
+			secret.ObjectMeta.Name),
+	}
+	verifyFunc()
+}