Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for tokenAudiences (0.26 sec)

  2. github.com/istio/istio

    pkg/kube/rpc_creds.go 

    func NewRPCCredentials(kubeClient Client, tokenNamespace, tokenSA string,
	tokenAudiences []string, expirationSeconds, sunsetPeriodSeconds int64,
) (credentials.PerRPCCredentials, error) {
	tokenRequest, err := createServiceAccountToken(context.TODO(), kubeClient, tokenNamespace, tokenSA, tokenAudiences, expirationSeconds)
	if err != nil {
		return nil, err
	}
	return &tokenSupplier{
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue May 23 17:08:31 UTC 2023
    - 4K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/serviceaccount/jwt.go 

    	}

	tokenAudiences := authenticator.Audiences(public.Audience)
	if len(tokenAudiences) == 0 {
		// only apiserver audiences are allowed for legacy tokens
		audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token", public.Subject)
		legacyTokensTotal.WithContext(ctx).Inc()
		tokenAudiences = j.implicitAuds
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Feb 27 22:16:08 UTC 2024
    - 10.7K bytes
    - Viewed (0)
  4. github.com/istio/istio

    istioctl/pkg/xds/client.go 

    	"istio.io/istio/pkg/kube"
)

const (
	// defaultExpirationSeconds is how long-lived a token to request (an hour)
	defaultExpirationSeconds = 60 * 60
)

// Audience to create tokens for
var tokenAudiences = []string{"istio-ca"}

// GetXdsResponse opens a gRPC connection to opts.xds and waits for a single response
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Dec 19 22:42:42 UTC 2023
    - 3.7K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/registry/core/serviceaccount/storage/token.go 

    	}
	return genericapirequest.WithRequestInfo(ctx, &newInfo)
}

// isKubeAudiences returns true if the tokenaudiences is a strict subset of apiserver audiences.
func (r *TokenREST) isKubeAudiences(tokenAudience []string) bool {
	// tokenAudiences must be a strict subset of apiserver audiences
	return r.audsSet.HasAll(tokenAudience...)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Feb 05 10:24:31 UTC 2024
    - 10K bytes
    - Viewed (0)
  6. github.com/istio/istio

    security/pkg/server/ca/authenticate/kubeauth/kube_jwt.go 

    	if kubeClient == nil {
		return nil, fmt.Errorf("could not get cluster %s's kube client", clusterID)
	}

	id, err := tokenreview.ValidateK8sJwt(kubeClient, targetJWT, security.TokenAudiences)
	if err != nil {
		return nil, fmt.Errorf("failed to validate the JWT from cluster %q: %v", clusterID, err)
	}
	if id.PodServiceAccount == "" {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 23 21:07:03 UTC 2024
    - 5K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pkg/security/security.go 

    		"Reject k8s default tokens, without audience. If false, default K8S token will be accepted")

	// TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests
	// contain the JWTs intended for Citadel.
	TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca",
		"A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 17:48:28 UTC 2024
    - 19.1K bytes
    - Viewed (0)
Back to top