Move kube_flags_without_token creation

test/cmd/authentication.sh

@@ -63,8 +63,6 @@ EOF
   ### Without provided --token, the exec credential plugin should be triggered
   # Pre-condition: Client certificate authentication enabled on the API server - already checked by positive test above
 
-  kube_flags_without_token=('-s' "https://127.0.0.1:${SECURE_API_PORT}" '--insecure-skip-tls-verify=true')
-
   # Command
   output2=$(kubectl "${kube_flags_without_token[@]:?}" --kubeconfig="${TMPDIR:-/tmp}"/invalid_exec_plugin.yaml get namespace kube-system -o name 2>&1 || true)
 

test/cmd/legacy-script.sh

@@ -342,11 +342,13 @@ runTests() {
     '-s' "http://127.0.0.1:${API_PORT}"
   )
 
-  # token defined in hack/testdata/auth-tokens.csv
+  kube_flags_without_token=(
-  kube_flags_with_token=(
+    '-s' "https://127.0.0.1:${SECURE_API_PORT}" '--insecure-skip-tls-verify=true'
-    '-s' "https://127.0.0.1:${SECURE_API_PORT}" '--token=admin-token' '--insecure-skip-tls-verify=true'
   )
 
+  # token defined in hack/testdata/auth-tokens.csv
+  kube_flags_with_token=( "${kube_flags_without_token[@]}" '--token=admin-token' )
+
   if [[ -z "${ALLOW_SKEW:-}" ]]; then
     kube_flags+=('--match-server-version')
     kube_flags_with_token+=('--match-server-version')