- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 135 for audiences (0.15 sec)
-
staging/src/k8s.io/api/authentication/v1/types.go
// Audiences are audience identifiers chosen by the authenticator that are // compatible with both the TokenReview and token. An identifier is any // identifier in the intersection of the TokenReviewSpec audiences and the // token's audiences. A client of the TokenReview API that sets the // spec.audiences field should validate that a compatible audience identifier
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu May 23 17:42:49 UTC 2024 - 10K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go
// We take implicit audiences of the API server at WebhookTokenAuthenticator // construction time. The outline of how we validate audience here is: // // * if the ctx is not audience limited, don't do any audience validation. // * if ctx is audience-limited, add the audiences to the tokenreview spec // * if the tokenreview returns with audiences in the status that intersect
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 18 00:47:42 UTC 2022 - 11.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook_v1beta1_test.go
}, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"}, serverResponse: authenticationv1beta1.TokenReviewStatus{ Authenticated: false, }, expectedAuthenticated: false, }, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 18 00:47:42 UTC 2022 - 19.2K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go
func (v *idTokenVerifier) verifyAudience(t *oidc.IDToken) error { // We validate audience field is not empty in the authentication configuration. // This check ensures callers of "Verify" using idTokenVerifier are not passing // an empty audience. if v.audiences.Len() == 0 { return fmt.Errorf("oidc: invalid configuration, audiences cannot be empty") }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 19:29:33 UTC 2024 - 37.9K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-out.yaml
- metadata: filter: istio_authn path: - key: request.auth.audiences value: stringMatch: suffix: -suffix-audiences - metadata: filter: istio_authn path: - key: request.auth.audiences
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 32.6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook_v1_test.go
}, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"}, serverResponse: authenticationv1.TokenReviewStatus{ Authenticated: false, }, expectedAuthenticated: false, }, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 18 00:47:42 UTC 2022 - 19.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication_test.go
}, { name: "api audience matching response audience", apiAuds: authenticator.Audiences([]string{"other"}), respAuds: []string{"other"}, expectSuccess: true, }, { name: "api audience non-matching response audience", apiAuds: authenticator.Audiences([]string{"other"}), respAuds: []string{"some"}, expectSuccess: false, }, }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 20.5K bytes - Viewed (0) -
pkg/serviceaccount/jwt.go
if !ok { // default to apiserver audiences requestedAudiences = j.implicitAuds } auds := authenticator.Audiences(tokenAudiences).Intersect(requestedAudiences) if len(auds) == 0 && len(j.implicitAuds) != 0 { return nil, false, fmt.Errorf("token audiences %q is invalid for the target audiences %q", tokenAudiences, requestedAudiences) }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 27 22:16:08 UTC 2024 - 10.7K bytes - Viewed (0) -
pkg/registry/core/serviceaccount/storage/token.go
if err != nil { return nil, err } svcacct := svcacctObj.(*api.ServiceAccount) // Default unset spec audiences to API server audiences based on server config if len(req.Spec.Audiences) == 0 { req.Spec.Audiences = r.auds } // Populate metadata fields if not set if len(req.Name) == 0 { req.Name = svcacct.Name } if len(req.Namespace) == 0 {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Feb 05 10:24:31 UTC 2024 - 10K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-allow-full-rule-out.yaml
- stringMatch: exact: audiences - stringMatch: prefix: audiences-prefix- - stringMatch: suffix: -suffix-audiences - stringMatch: safeRegex:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 18:02:42 UTC 2024 - 39K bytes - Viewed (0)