"instrumentation-reporting",
          "model-groovy",
          "plugins-jvm-test-fixtures",
          "plugins-jvm-test-suite",
          "reporting",
          "resources-s3",
          "signing",
          "testing-base"
        ],
        "parallelizationMethod": {
          "name": "TestDistribution"
        }
      },
      {
        "subprojects": [
          "antlr",

		}

		// Retrieve the credential's claims.
		secret, err := getTokenSigningKey()
		if err != nil {
			c.Fatalf("Error getting token signing key: %v", err)
		}
		claims, err := getClaimsFromTokenWithSecret(value.SessionToken, secret)
		if err != nil {
			c.Fatalf("Error getting claims from token: %v", err)
		}

		// Validate claims.

### Other notable changes

* The kube-apiserver --service-account-key-file option can be specified multiple times, or can point to a file containing multiple keys, to enable rotation of signing keys. ([#34029](https://github.com/kubernetes/kubernetes/pull/34029), [@liggitt](https://github.com/liggitt))

	c.Assert(err, nil)
	response, err = s.client.Do(request)
	c.Assert(err, nil)
	verifyError(c, response, "SignatureDoesNotMatch", "The request signature we calculated does not match the signature you provided. Check your key and signing method.", http.StatusForbidden)
}

// This tests validate if PUT handler can successfully detect SHA256 mismatch.
func (s *TestSuiteCommon) TestSHA256Mismatch(c *check) {
	// generate a random bucket name.

		uploadTestObject(t, apiRouter, credentials, bucketName, input.objectName, input.partLengths, input.metaData, false)
	}

	// function type for creating signed requests - used to repeat
	// requests with V2 and V4 signing.
	type testSignedReqFn func(method, urlStr string, contentLength int64,
		body io.ReadSeeker, accessKey, secretKey string, metamap map[string]string) (*http.Request,
		error)

- Pod Certificates (beta) now includes a PKCS#10 certificate signing request for wider compatibility with existing certificate authority software. ([#136729](https://github.com/kubernetes/kubernetes/pull/136729), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Auth, Node and Testing]

of the sort.

  Next came an angry voice--the Rabbit's--`Pat! Pat!  Where are
you?'  And then a voice she had never heard before, `Sure then
I'm here!  Digging for apples, yer honour!'

  `Digging for apples, indeed!' said the Rabbit angrily.  `Here!
Come and help me out of THIS!'  (Sounds of more broken glass.)

  `Now tell me, Pat, what's that in the window?'

of the sort.

  Next came an angry voice--the Rabbit's--`Pat! Pat!  Where are
you?'  And then a voice she had never heard before, `Sure then
I'm here!  Digging for apples, yer honour!'

  `Digging for apples, indeed!' said the Rabbit angrily.  `Here!
Come and help me out of THIS!'  (Sounds of more broken glass.)

  `Now tell me, Pat, what's that in the window?'

    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
    enableTls()
    server.enqueue(MockResponse())
    server.enqueue(MockResponse())

    // Make a first request without certificate pinning. Use it to collect certificates to pin.
    val request1 = Request.Builder().url(server.url("/")).build()
    val response1 = client.newCall(request1).execute()
    val certificatePinnerBuilder = CertificatePinner.Builder()

## Changelog since v1.4.1

### Other notable changes

* Fix base image pinning during upgrades via cluster/gce/upgrade.sh ([#33147](https://github.com/kubernetes/kubernetes/pull/33147), [@vishh](https://github.com/vishh))