- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 45 for audiences (0.23 sec)
-
pilot/pkg/bootstrap/server_test.go
jwtRule: `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`, }, { name: "invalid jwt rule", expectErr: true, jwtRule: "invalid", }, { name: "jwt rule with invalid audiences", expectErr: true, // audiences must be a string array jwtRule: `{"issuer": "foo", "jwks_uri": "baz", "audiences": "aud1"}`, }, } for _, tt := range tests {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 23.1K bytes - Viewed (0) -
pkg/security/security.go
"Reject k8s default tokens, without audience. If false, default K8S token will be accepted") // TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests // contain the JWTs intended for Citadel. TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca", "A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pkg/config/security/security.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 07 04:43:34 UTC 2024 - 9.4K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
// This value can also be extracted from the mounted token trustedIssuer = env.Register("TOKEN_ISSUER", "", "OIDC token issuer. If set, will be used to check the tokens.") audience = env.Register("AUDIENCE", "", "Expected audience in the tokens. ") caRSAKeySize = env.Register("CITADEL_SELF_SIGNED_CA_RSA_KEY_SIZE", 2048, "Specify the RSA key size to use for self-signed Istio CA certificates.")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
fi if [[ -n "${SERVICE_CLUSTER_IP_RANGE:-}" ]]; then params+=" --service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE}" fi params+=" --service-account-issuer=${SERVICEACCOUNT_ISSUER}" params+=" --api-audiences=${SERVICEACCOUNT_ISSUER}" params+=" --service-account-signing-key-file=${SERVICEACCOUNT_KEY_PATH}" local audit_policy_config_mount="" local audit_policy_config_volume="" local audit_webhook_config_mount=""
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0) -
pkg/printers/internalversion/printers.go
} row.Cells = append(row.Cells, storageCapacity) tokenRequests := "<unset>" if obj.Spec.TokenRequests != nil { audiences := []string{} for _, t := range obj.Spec.TokenRequests { audiences = append(audiences, t.Audience) } tokenRequests = strings.Join(audiences, ",") } requiresRepublish := false if obj.Spec.RequiresRepublish != nil { requiresRepublish = *obj.Spec.RequiresRepublish
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 11 14:04:15 UTC 2024 - 128.3K bytes - Viewed (0) -
CHANGELOG/CHANGELOG-1.30.md
- Added audienceMatchPolicy field to AuthenticationConfiguration and support for configuring multiple audiences. The "audienceMatchPolicy" can be empty (or unset) when a single audience is specified in the "audiences" field. The "audienceMatchPolicy" must be set to "MatchAny" when multiple audiences are specified in the "audiences" field. ([#123165](https://github.com/kubernetes/kubernetes/pull/123165), [@aramase](https://github.com/aramase))
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 12 04:05:28 UTC 2024 - 253.2K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
// JWTRule is from the JWT_RULE environment variable. // An example of json string for JWTRule is: // `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`. jwtRule := &v1beta1.JWTRule{} err := json.Unmarshal([]byte(args.JwtRule), jwtRule) if err != nil { return nil, fmt.Errorf("failed to unmarshal JWT rule: %v", err) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
pkg/generated/openapi/zz_generated.openapi.go
Type: ...
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 05 18:37:07 UTC 2024 - 3M bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
token, err := t.Clusters().Default().Kube().CoreV1().ServiceAccounts(apps.Namespace.Name()).CreateToken(context.Background(), "default", &authenticationv1.TokenRequest{ Spec: authenticationv1.TokenRequestSpec{ Audiences: []string{"kubernetes.default.svc"}, ExpirationSeconds: ptr.Of(int64(600)), }, }, metav1.CreateOptions{}) assert.NoError(t, err) for _, src := range svcs { src := src
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0)