Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for AllowedNames (0.19 sec)

  2. github.com/istio/istio

    pilot/pkg/config/kube/gateway/model.go 

    	Credentials credentials.Controller

	// Domain for the cluster. Typically, cluster.local
	Domain  string
	Context GatewayContext
}

type Grants struct {
	AllowAll     bool
	AllowedNames sets.String
}

type AllowedReferences map[Reference]map[Reference]*Grants

func (refs AllowedReferences) SecretAllowed(resourceName string, namespace string) bool {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Mar 28 17:09:09 UTC 2024
    - 4K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/server/options/authentication_test.go 

    				UsernameHeaders:     headerrequest.StaticStringSlice{"x-remote-user"},
				GroupHeaders:        headerrequest.StaticStringSlice{"x-remote-group"},
				ExtraHeaderPrefixes: headerrequest.StaticStringSlice{"x-remote-extra-"},
				AllowedNames:        headerrequest.StaticStringSlice{"kube-aggregator"},
			},
		},
		{
			name: "test when ClientCAFile is not nil",
			testOptions: &RequestHeaderAuthenticationOptions{
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Oct 23 15:01:56 UTC 2019
    - 6.9K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/server/options/authentication.go 

    		"WARNING: generally do not depend on authorization being already done for incoming requests.")

	fs.StringSliceVar(&s.AllowedNames, "requestheader-allowed-names", s.AllowedNames, ""+
		"List of client certificate common names to allow to provide usernames in headers "+
		"specified by --requestheader-username-headers. If empty, any client certificate validated "+
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Mar 21 14:51:22 UTC 2023
    - 19.9K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/kubeapiserver/options/authentication_test.go 

    			UsernameHeaders:     []string{"x-remote-user"},
			GroupHeaders:        []string{"x-remote-group"},
			ExtraHeaderPrefixes: []string{"x-remote-extra-"},
			ClientCAFile:        "testdata/root.pem",
			AllowedNames:        []string{"kube-aggregator"},
		},
		ServiceAccounts: &ServiceAccountAuthenticationOptions{
			Lookup:  true,
			Issuers: []string{"http://foo.bar.com"},
		},
		TokenFile: &TokenFileAuthenticationOptions{
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Apr 24 18:25:29 UTC 2024
    - 36.5K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    cmd/kube-apiserver/app/testing/testserver.go 

    		// give the kube api server an "identity" it can use to for request header auth
		// so that aggregated api servers can understand who the calling user is
		s.Authentication.RequestHeader.AllowedNames = []string{"ash", "misty", "brock"}

		// create private key
		signer, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
		if err != nil {
			return result, err
		}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Apr 29 18:59:21 UTC 2024
    - 17.6K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pilot/pkg/config/kube/gateway/conversion.go 

    					res[fromKey] = map[Reference]*Grants{}
				}
				if _, f := res[fromKey][toKey]; !f {
					res[fromKey][toKey] = &Grants{
						AllowedNames: sets.New[string](),
					}
				}
				if to.Name != nil {
					res[fromKey][toKey].AllowedNames.Insert(string(*to.Name))
				} else {
					res[fromKey][toKey].AllowAll = true
				}
			}
		}
	}
	return res
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Jun 14 04:34:37 UTC 2024
    - 84.7K bytes
    - Viewed (0)
Back to top