- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 23 for impersonate (0.19 sec)
-
staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation_test.go
return authorizer.DecisionAllow, "", nil } if len(user.GetGroups()) > 0 && user.GetGroups()[0] == "sa-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "serviceaccounts" { return authorizer.DecisionAllow, "", nil }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 06 17:13:16 UTC 2021 - 17.2K bytes - Viewed (0) -
staging/src/k8s.io/api/authentication/v1/types.go
const ( // ImpersonateUserHeader is used to impersonate a particular user during an API server request ImpersonateUserHeader = "Impersonate-User" // ImpersonateGroupHeader is used to impersonate a particular group during an API server request. // It can be repeated multiplied times for multiple groups. ImpersonateGroupHeader = "Impersonate-Group" // ImpersonateUIDHeader is used to impersonate a particular UID during an API server request
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu May 23 17:42:49 UTC 2024 - 10K bytes - Viewed (0) -
staging/src/k8s.io/cli-runtime/pkg/genericclioptions/config_flags.go
} if f.Impersonate != nil { flags.StringVar(f.Impersonate, flagImpersonate, *f.Impersonate, "Username to impersonate for the operation. User could be a regular user or a service account in a namespace.") } if f.ImpersonateUID != nil { flags.StringVar(f.ImpersonateUID, flagImpersonateUID, *f.ImpersonateUID, "UID to impersonate for the operation.") } if f.ImpersonateGroup != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Oct 11 15:04:11 UTC 2023 - 16.9K bytes - Viewed (0) -
security/pkg/server/ca/server_test.go
impersonatePod: podOtherNode, callerClusterID: cluster.ID("fake"), trustedNodeAccounts: allowZtunnel, code: codes.Unauthenticated, }, { name: "Successful signing with impersonate identity", authenticators: []security.Authenticator{&mockAuthenticator{ identities: []string{"test-identity"}, kubernetesInfo: ztunnelCaller, }}, ca: &mockca.FakeCA{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 28 16:41:38 UTC 2024 - 15.8K bytes - Viewed (0) -
security/pkg/server/ca/node_auth_test.go
requestedIdentityString string trustedAccounts map[types.NamespacedName]struct{} wantErr string }{ { name: "empty allowed identities", wantErr: "not allowed to impersonate", }, { name: "allowed identities, but not on node", caller: ztunnelCaller, trustedAccounts: allowZtunnel, requestedIdentityString: podSameNode.Identity(),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 28 16:41:38 UTC 2024 - 10.5K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/workloads.go
log.Warnf("skipping workload entry %s/%s; DNS Address resolution is not yet implemented", wle.Namespace, wle.Name) } w.WorkloadName, w.WorkloadType = wle.Name, workloadapi.WorkloadType_POD // XXX(shashankram): HACK to impersonate pod w.CanonicalName, w.CanonicalRevision = kubelabels.CanonicalService(wle.Labels, w.WorkloadName) setTunnelProtocol(wle.Labels, wle.Annotations, w)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 20.9K bytes - Viewed (0) -
pkg/kube/util.go
ClientKey: auths.ClientKey, ClientKeyData: auths.ClientKeyData, Token: auths.Token, TokenFile: auths.TokenFile, Impersonate: auths.Impersonate, ImpersonateGroups: auths.ImpersonateGroups, ImpersonateUserExtra: auths.ImpersonateUserExtra, Username: auths.Username, Password: auths.Password,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 06 05:10:23 UTC 2024 - 18.6K bytes - Viewed (0) -
pkg/apis/rbac/helpers.go
} // if resource names are set, then the verb must not be list, watch, create, or deletecollection // since verbs are largely opaque, we don't want to accidentally prevent things like "impersonate", so // we will backlist common mistakes, not whitelist acceptable options. if len(r.PolicyRule.ResourceNames) != 0 { illegalVerbs := []string{} for _, verb := range r.PolicyRule.Verbs { switch verb {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sun Feb 23 15:11:00 UTC 2020 - 12.1K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
- pods/proxy - secrets - services/proxy verbs: - get - list - watch - apiGroups: - "" resources: - serviceaccounts verbs: - impersonate - apiGroups: - "" resources: - pods - pods/attach - pods/exec - pods/portforward - pods/proxy verbs: - create - delete - deletecollection
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 18 08:11:08 UTC 2023 - 24.1K bytes - Viewed (0) -
pkg/security/security.go
CertSigner = "CertSigner" // ImpersonatedIdentity declares the identity we are requesting a certificate on behalf of. // This is constrained to only allow identities in CATrustedNodeAccounts, and only to impersonate identities // on their node. ImpersonatedIdentity = "ImpersonatedIdentity" ) type ImpersonatedIdentityContextKey struct{}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0)