- Sort Score
- Result 10 results
- Languages All
Results 1 - 6 of 6 for tokenAudiences (0.26 sec)
-
pkg/kube/rpc_creds.go
func NewRPCCredentials(kubeClient Client, tokenNamespace, tokenSA string, tokenAudiences []string, expirationSeconds, sunsetPeriodSeconds int64, ) (credentials.PerRPCCredentials, error) { tokenRequest, err := createServiceAccountToken(context.TODO(), kubeClient, tokenNamespace, tokenSA, tokenAudiences, expirationSeconds) if err != nil { return nil, err } return &tokenSupplier{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 23 17:08:31 UTC 2023 - 4K bytes - Viewed (0) -
pkg/serviceaccount/jwt.go
} tokenAudiences := authenticator.Audiences(public.Audience) if len(tokenAudiences) == 0 { // only apiserver audiences are allowed for legacy tokens audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token", public.Subject) legacyTokensTotal.WithContext(ctx).Inc() tokenAudiences = j.implicitAuds }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 27 22:16:08 UTC 2024 - 10.7K bytes - Viewed (0) -
istioctl/pkg/xds/client.go
"istio.io/istio/pkg/kube" ) const ( // defaultExpirationSeconds is how long-lived a token to request (an hour) defaultExpirationSeconds = 60 * 60 ) // Audience to create tokens for var tokenAudiences = []string{"istio-ca"} // GetXdsResponse opens a gRPC connection to opts.xds and waits for a single response
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Dec 19 22:42:42 UTC 2023 - 3.7K bytes - Viewed (0) -
pkg/registry/core/serviceaccount/storage/token.go
} return genericapirequest.WithRequestInfo(ctx, &newInfo) } // isKubeAudiences returns true if the tokenaudiences is a strict subset of apiserver audiences. func (r *TokenREST) isKubeAudiences(tokenAudience []string) bool { // tokenAudiences must be a strict subset of apiserver audiences return r.audsSet.HasAll(tokenAudience...)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Feb 05 10:24:31 UTC 2024 - 10K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/kubeauth/kube_jwt.go
if kubeClient == nil { return nil, fmt.Errorf("could not get cluster %s's kube client", clusterID) } id, err := tokenreview.ValidateK8sJwt(kubeClient, targetJWT, security.TokenAudiences) if err != nil { return nil, fmt.Errorf("failed to validate the JWT from cluster %q: %v", clusterID, err) } if id.PodServiceAccount == "" {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 5K bytes - Viewed (0) -
pkg/security/security.go
"Reject k8s default tokens, without audience. If false, default K8S token will be accepted") // TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests // contain the JWTs intended for Citadel. TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca", "A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0)