add extra group and usage check for bootstraptoken

[zhlhahaha]

kubeadm creates the bootstrap token with extra group
, system:bootstrappers:kubeadm:default-node-token,
should be able to be used for authentication and
signing.

Signed-off-by: Howard Zhang howard.zhang@arm.com

What type of PR is this?
/kind cleanup
/sig testing

[k8s-ci-robot]

@zhlhahaha: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Hi @zhlhahaha. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[lubinsz]

/ok-to-test

[zhlhahaha]

/assign @fabriziopandini

[zhlhahaha]

Hi @fabriziopandini
I see there are some TODO in bootstrap_token_test.go of kubeadm e2e test. I am trying to do these TODO. Is there anything I should notice?
BR, Howard Zhang

[zhlhahaha]

/retest

[neolit123]

this is already defined here:

kubernetes/staging/src/k8s.io/cluster-bootstrap/token/api/types.go

Line 57 in c179a9c

BootstrapTokenExtraGroupsKey = "auth-extra-groups"

[neolit123]

these two are also defined

kubernetes/staging/src/k8s.io/cluster-bootstrap/token/api/types.go

Lines 63 to 74 in c179a9c

	// BootstrapTokenUsageSigningKey signals that this token should be used to
	// sign configs as part of the bootstrap process. Value must be "true". Any
	// other value is assumed to be false. Optional.
	BootstrapTokenUsageSigningKey = "usage-bootstrap-signing"
	// BootstrapTokenUsageAuthentication signals that this token should be used
	// as a bearer token to authenticate against the Kubernetes API. The bearer
	// token takes the form "<token-id>.<token-secret>" and authenticates as the
	// user "system:bootstrap:<token-id>" in the "system:bootstrappers" group
	// as well as any groups specified using BootstrapTokenExtraGroupsKey.
	// Value must be "true". Any other value is assumed to be false. Optional.
	BootstrapTokenUsageAuthentication = "usage-bootstrap-authentication"

[neolit123]

note

to import this package use:
k8s.io/cluster-bootstrap/token/api/....

[zhlhahaha]

Thanks

[neolit123]

EDIT: never mind, this is fine as is.

[neolit123]

/release-note-none

[zhlhahaha]

/retest

[zhlhahaha]

/retest

[neolit123]

/lgtm
/approve
/priority backlog

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: neolit123, zhlhahaha

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• test/e2e_kubeadm/OWNERS [neolit123]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.