- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 67 for audiences (0.17 sec)
-
staging/src/k8s.io/api/authentication/v1/types.go
// Audiences are audience identifiers chosen by the authenticator that are // compatible with both the TokenReview and token. An identifier is any // identifier in the intersection of the TokenReviewSpec audiences and the // token's audiences. A client of the TokenReview API that sets the // spec.audiences field should validate that a compatible audience identifier
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu May 23 17:42:49 UTC 2024 - 10K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-out.yaml
- metadata: filter: istio_authn path: - key: request.auth.audiences value: stringMatch: suffix: -suffix-audiences - metadata: filter: istio_authn path: - key: request.auth.audiences
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 32.6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication_test.go
}, { name: "api audience matching response audience", apiAuds: authenticator.Audiences([]string{"other"}), respAuds: []string{"other"}, expectSuccess: true, }, { name: "api audience non-matching response audience", apiAuds: authenticator.Audiences([]string{"other"}), respAuds: []string{"some"}, expectSuccess: false, }, }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 20.5K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-allow-full-rule-out.yaml
- stringMatch: exact: audiences - stringMatch: prefix: audiences-prefix- - stringMatch: suffix: -suffix-audiences - stringMatch: safeRegex:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 18:02:42 UTC 2024 - 39K bytes - Viewed (0) -
pkg/kubeapiserver/options/authentication_test.go
TokenFile: "/testTokenFile", }, TokenSuccessCacheTTL: 10 * time.Second, TokenFailureCacheTTL: 0, } expectConfig := kubeauthenticator.Config{ APIAudiences: authenticator.Audiences{"http://foo.bar.com"}, Anonymous: false, BootstrapToken: false, ClientCAContentProvider: nil, // this is nil because you can't compare functions TokenAuthFile: "/testTokenFile",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 36.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
seenAudiences := sets.NewString() for i, audience := range audiences { fldPath := fldPath.Index(i) if len(audience) == 0 { allErrs = append(allErrs, field.Required(fldPath, "audience can't be empty")) } if seenAudiences.Has(audience) { allErrs = append(allErrs, field.Duplicate(fldPath, audience)) } seenAudiences.Insert(audience) }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 22:07:40 UTC 2024 - 31.3K bytes - Viewed (0) -
pilot/pkg/bootstrap/server_test.go
jwtRule: `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`, }, { name: "invalid jwt rule", expectErr: true, jwtRule: "invalid", }, { name: "jwt rule with invalid audiences", expectErr: true, // audiences must be a string array jwtRule: `{"issuer": "foo", "jwks_uri": "baz", "audiences": "aud1"}`, }, } for _, tt := range tests {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 23.1K bytes - Viewed (0) -
pilot/pkg/security/authz/model/generator_test.go
}, { name: "requestAudiencesGenerator", g: requestAudiencesGenerator{}, key: "request.auth.audiences", value: "foo", want: yamlPrincipal(t, ` metadata: filter: istio_authn path: - key: request.auth.audiences value: stringMatch: exact: foo`), }, { name: "requestPresenterGenerator",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 13K bytes - Viewed (0) -
pkg/security/security.go
"Reject k8s default tokens, without audience. If false, default K8S token will be accepted") // TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests // contain the JWTs intended for Citadel. TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca", "A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pkg/volume/projected/projected.go
mode = 0600 } var auds []string if len(tp.Audience) != 0 { auds = []string{tp.Audience} } tr, err := s.plugin.getServiceAccountToken(s.pod.Namespace, s.pod.Spec.ServiceAccountName, &authenticationv1.TokenRequest{ Spec: authenticationv1.TokenRequestSpec{ Audiences: auds, ExpirationSeconds: tp.ExpirationSeconds,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 12.8K bytes - Viewed (0)