const validBootstrapTokenChars … var BootstrapTokenRegexp … var BootstrapTokenIDRegexp … var BootstrapGroupRegexp … // GenerateBootstrapToken generates a new, random Bootstrap Token. func GenerateBootstrapToken() (string, error) { … } // randBytes returns a random string consisting of the characters in // validBootstrapTokenChars, with the length customized by the parameter func randBytes(length int) (string, error) { … } // TokenFromIDAndSecret returns the full token which is of the form "{id}.{secret}" func TokenFromIDAndSecret(id, secret string) string { … } // IsValidBootstrapToken returns whether the given string is valid as a Bootstrap Token. // Avoid using BootstrapTokenRegexp.MatchString(token) and instead perform constant-time // comparisons on the secret. func IsValidBootstrapToken(token string) bool { … } // IsValidBootstrapTokenID returns whether the given string is valid as a Bootstrap Token ID and // in other words satisfies the BootstrapTokenIDRegexp func IsValidBootstrapTokenID(tokenID string) bool { … } // BootstrapTokenSecretName returns the expected name for the Secret storing the // Bootstrap Token in the Kubernetes API. func BootstrapTokenSecretName(tokenID string) string { … } // ValidateBootstrapGroupName checks if the provided group name is a valid // bootstrap group name. Returns nil if valid or a validation error if invalid. // TODO(dixudx): should be moved to util/secrets func ValidateBootstrapGroupName(name string) error { … } // ValidateUsages validates that the passed in string are valid usage strings for bootstrap tokens. func ValidateUsages(usages []string) error { … }