// MockPlugin is the plugin object.
type MockPlugin struct {
	token string
}

// CreateMockPlugin creates a mock credential fetcher plugin. Return the pointer to the created plugin.
func CreateMockPlugin(token string) *MockPlugin {
	p := &MockPlugin{
		token: token,
	}
	return p
}

// GetPlatformCredential returns a constant token string.

		if jwtPath == "" {
			return nil, nil // no cred fetcher - using certificates only
		}
		return plugin.CreateTokenPlugin(jwtPath), nil
	case security.Mock: // for test only
		return plugin.CreateMockPlugin("test_token"), nil
	default:
		return nil, fmt.Errorf("invalid credential fetcher type %s", credtype)
	}

					t.Logf("failed to serve: %v", err)
				}
			}()

			opts := &security.Options{CAEndpoint: lis.Addr().String(), ClusterID: constants.DefaultClusterName, CredFetcher: plugin.CreateMockPlugin(tc.token)}
			err = retry.UntilSuccess(func() error {
				cli, err := NewCitadelClient(opts, nil)
				if err != nil {
					return fmt.Errorf("failed to create ca client: %v", err)
				}
				t.Cleanup(cli.Close)

		a := Setup(t, func(a AgentTest) AgentTest {
			// Make CA deny all requests to simulate downtime
			a.CaAuthenticator.Set("", "")
			a.XdsAuthenticator.Set("", fakeSpiffeID)
			a.Security.CredFetcher = plugin.CreateMockPlugin("some-token")
			a.Security.OutputKeyCertToDir = dir
			a.Security.ProvCert = dir
			a.AgentConfig.XDSRootCerts = filepath.Join(certDir, "root-cert.pem")
			return a
		})

		go func() {