Value Statement

Different tokens can reduce the risk of a shared token be compromised.

Currently, after installed the MCE, the OCP(tested with 4.15) will create the token secret for the agent-registration-bootstrap serviceaccount.

This means the agent-registraiton will also return the same token of agent-registration-bootstrap-token based on the code: https://github.com/stolostron/managedcluster-import-controller/blob/2198e50b13b71d5429f5bd921bddf209fca33bfb/pkg/bootstrap/boostrapkubeconfig.go#L115 

But we also want to provide a short-term token and the token should be different each time.

And we want the caller to assign the expiration of the token.

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the [Customer
  Portal_doc_issue template](
  https://github.com/stolostron/backlog/issues/new?assignees=&labels=squad%3Adoc&template=doc_issue.md&title=),
  and ensure doc acceptance criteria is met. Link the development issue to
  the doc issue.
• [ ] Provide input to the QE team, and ensure QE acceptance criteria
  (established between story owner and QE focal) are met.

Support Readiness

• [ ] The must-gather script has been updated.