true,
			apierrors.NewAlreadyExists(schema.GroupResource{Resource: "configmaps"}, "test"),
			true,
		},
		{
			"unexpected error should be returned",
			true,
			apierrors.NewUnauthorized("go away!"),
			true,
		},
		{
			"if the file does not exist, return error",
			false,
			nil,
			true,
		},
	}

	servers := []struct {
		Server string
	}{

			return
		}

		gv := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion}
		responsewriters.ErrorNegotiated(apierrors.NewUnauthorized("Unauthorized"), s, gv, w, req)
	})
}

func audiencesAreAcceptable(apiAuds, responseAudiences authenticator.Audiences) bool {
	if len(apiAuds) == 0 || len(responseAudiences) == 0 {
		return true
	}

			switch tc.simError {
			case ServiceAccountError:
				client.PrependReactor("create", "serviceaccounts", func(action core.Action) (bool, runtime.Object, error) {
					return true, nil, apierrors.NewUnauthorized("")
				})
			case InvalidControlPlaneEndpoint:
				initConfiguration.LocalAPIEndpoint.AdvertiseAddress = "1.2.3"
			case IPv6SetBindAddress:
				initConfiguration.LocalAPIEndpoint.AdvertiseAddress = "1:2::3:4"

	})
	client.PrependReactor("create", "configmaps", func(action ktesting.Action) (bool, runtime.Object, error) {
		return true, &v1.ConfigMap{}, errors.NewUnauthorized("no permission to create configmap")
	})
}

func createConfigMapAlreadyExistClient(client *fake.Clientset) {
	client.PrependReactor("get", "configmaps", func(action ktesting.Action) (bool, runtime.Object, error) {

	rotator.config.certInspector = certutil.NewCertUtil(100)
	fakeClient.PrependReactor("update", "secrets", func(action ktesting.Action) (bool, runtime.Object, error) {
		return true, &v1.Secret{}, errors.NewUnauthorized("no permission to update secret")
	})
	rotator.checkAndRotateRootCert()
	certItem1 := loadCert(rotator)
	// Verify that root cert does not change.
	verifyRootCertAndPrivateKey(t, true, certItem0, certItem1)
}

			"%s %q already exists, the server was not able to generate a unique name for the object",
			qualifiedResource.String(), name),
	}}
}

// NewUnauthorized returns an error indicating the client is not authorized to perform the requested
// action.
func NewUnauthorized(reason string) *StatusError {
	message := reason
	if len(message) == 0 {
		message = "not authorized"
	}
	return &StatusError{metav1.Status{

	}
	if !IsForbidden(NewForbidden(resource("tests"), "2", errors.New("reason"))) {
		t.Errorf("expected to be %s", metav1.StatusReasonForbidden)
	}
	if !IsUnauthorized(NewUnauthorized("reason")) {
		t.Errorf("expected to be %s", metav1.StatusReasonUnauthorized)
	}
	if !IsServerTimeout(NewServerTimeout(resource("tests"), "reason", 0)) {
		t.Errorf("expected to be %s", metav1.StatusReasonServerTimeout)