- Sort Score
- Result 10 results
- Languages All
Results 51 - 60 of 209 for audiences (0.17 sec)
-
staging/src/k8s.io/apiserver/pkg/endpoints/filters/metrics.go
} func recordAuthenticationMetrics(ctx context.Context, resp *authenticator.Response, ok bool, err error, apiAudiences authenticator.Audiences, authStart time.Time, authFinish time.Time) { var resultLabel string switch { case err != nil || (resp != nil && !audiencesAreAcceptable(apiAudiences, resp.Audiences)): resultLabel = errorLabel case !ok: resultLabel = failureLabel default: resultLabel = successLabel
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 20 13:35:55 UTC 2023 - 5.3K bytes - Viewed (0) -
pkg/registry/core/serviceaccount/storage/storage.go
*genericregistry.Store Token *TokenREST } // NewREST returns a RESTStorage object that will work against service accounts. func NewREST(optsGetter generic.RESTOptionsGetter, issuer token.TokenGenerator, auds authenticator.Audiences, max time.Duration, podStorage, secretStorage, nodeStorage rest.Getter, extendExpiration bool) (*REST, error) { store := &genericregistry.Store{ NewFunc: func() runtime.Object { return &api.ServiceAccount{} },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Oct 30 21:15:10 UTC 2023 - 3K bytes - Viewed (0) -
security/tools/jwt/README.md
optional arguments: -h, --help show this help message and exit -iss ISS, --iss ISS iss claim. This should be your service account email. -aud AUD, --aud AUD aud claim. This is comma-separated-list of audiences. -sub SUB, --sub SUB sub claim. If not provided, it is set to the same as iss claim. -claims CLAIMS, --claims CLAIMS Other claims in format name1:value1,name2:value2 etc.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Sep 14 20:15:07 UTC 2019 - 1.9K bytes - Viewed (0) -
security/pkg/util/jwtutil.go
return listAud, nil } return nil, err } type jwtPayload struct { // Aud is JWT token audience - used to identify 3p tokens. // It is empty for the default K8S tokens. Aud []string `json:"aud"` } // ExtractJwtAud extracts the audiences from a JWT token. If aud cannot be parse, the bool will be set // to false. This distinguishes aud=[] from not parsed.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 16:07:11 UTC 2024 - 3.2K bytes - Viewed (0) -
security/pkg/util/jwtutil_test.go
testCases := map[string]struct { jwt string aud []string }{ "no audience": { jwt: firstPartyJwt, }, "one audience string": { jwt: oneAudString, aud: []string{"abc"}, }, "one audience list": { jwt: thirdPartyJwt, aud: []string{"yonggangl-istio-4.svc.id.goog"}, }, "two audiences list": { jwt: twoAudList, aud: []string{"abc", "xyz"}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 16:07:11 UTC 2024 - 6K bytes - Viewed (0) -
security/tools/jwt/sa-jwt.py
help="iss claim. This should be your service account email.") parser.add_argument("-aud", "--aud", help="aud claim. This is comma-separated-list of audiences") parser.add_argument("-sub", "--sub", help="sub claim. If not provided, it is set to the same as iss claim.") parser.add_argument("-claims", "--claims",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Sep 14 20:15:07 UTC 2019 - 2.6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go
// neither of these are true for audit annotations set via AddAuditAnnotation. // // for audit annotations, the assumption is that for some period of time (cache TTL), // all requests with the same API audiences and the same bearer token result in the // same annotations. This may not be true if the authenticator sets an annotation // based on the current time, but that may be okay since cache TTLs are generally // small (seconds).
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 9.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go
// If this is nil, then mTLS will not be used. ClientCertificateCAContentProvider dynamiccertificates.CAContentProvider APIAudiences authenticator.Audiences RequestHeaderConfig *RequestHeaderConfig } func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error) { authenticators := []authenticator.Request{}
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 29 07:49:14 UTC 2021 - 5.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
return &authenticator.Response{ User: &user.DefaultInfo{ Name: "system:unsecured", Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated}, }, Audiences: auds, }, true, nil
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 27 15:58:45 UTC 2021 - 3.2K bytes - Viewed (0) -
pkg/registry/authentication/rest/storage_authentication.go
"k8s.io/kubernetes/pkg/registry/authentication/tokenreview" ) type RESTStorageProvider struct { Authenticator authenticator.Request APIAudiences authenticator.Audiences } func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 02 12:50:40 UTC 2023 - 4.4K bytes - Viewed (0)