"required": [
          "clientCIDR",
          "serverAddress"
        ],
        "type": "object"
      }
    },
    "securitySchemes": {
      "BearerToken": {
        "description": "Bearer Token authentication",
        "in": "header",
        "name": "authorization",
        "type": "apiKey"
      }
    }
  },
  "info": {
    "title": "Kubernetes",
    "version": "unversioned"

        "required": [
          "clientCIDR",
          "serverAddress"
        ],
        "type": "object"
      }
    },
    "securitySchemes": {
      "BearerToken": {
        "description": "Bearer Token authentication",
        "in": "header",
        "name": "authorization",
        "type": "apiKey"
      }
    }
  },
  "info": {
    "title": "Kubernetes",
    "version": "unversioned"

OpenAPIでは、以下のセキュリティスキームを定義しています:

* `apiKey`: アプリケーション固有のキーで、これらのものから取得できます。
    * クエリパラメータ
    * ヘッダー
    * クッキー
* `http`: 標準的なHTTP認証システムで、これらのものを含みます。
    * `bearer`: ヘッダ `Authorization` の値が `Bearer ` で、トークンが含まれます。これはOAuth2から継承しています。
    * HTTP Basic認証
    * HTTP ダイジェスト認証など
* `oauth2`: OAuth2のセキュリティ処理方法（「フロー」と呼ばれます）のすべて。
    * これらのフローのいくつかは、OAuth 2.0認証プロバイダ（Google、Facebook、Twitter、GitHubなど）を構築するのに適しています。

        if (logger.isDebugEnabled()) {
            logger.debug("url: {}", url);
        }
        try (CurlResponse response = Curl.get(url).header("Authorization", "Bearer " + user.getAuthenticationResult().getAccessToken())
                .header("Accept", "application/json").execute()) {
            final Map<String, Object> contentMap = response.getContent(OpenSearchCurl.jsonParser());

		"A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
			"The token is accepted if it matches with one of the audiences").Get(), ",")
)

const (
	BearerTokenPrefix = "Bearer "

	K8sTokenPrefix = "Istio "

	// CertSigner info
	CertSigner = "CertSigner"

	// ImpersonatedIdentity declares the identity we are requesting a certificate on behalf of.

	istiogrpc "istio.io/istio/pilot/pkg/grpc"
	"istio.io/istio/pkg/log"
	"istio.io/istio/pkg/security"
	"istio.io/istio/security/pkg/nodeagent/caclient"
)

const (
	bearerTokenPrefix = "Bearer "
)

var citadelClientLog = log.RegisterScope("citadelclient", "citadel client debugging")

type CitadelClient struct {
	// It means enable tls connection to Citadel if this is not nil.
	tlsOpts  *TLSOptions

class HTTPBase(SecurityBase):
    type_: SecuritySchemeType = Field(default=SecuritySchemeType.http, alias="type")
    scheme: str


class HTTPBearer(HTTPBase):
    scheme: Literal["bearer"] = "bearer"
    bearerFormat: Optional[str] = None


class OAuthFlow(BaseModelWithConfig):
    refreshUrl: Optional[str] = None
    scopes: Dict[str, str] = {}


class OAuthFlowImplicit(OAuthFlow):

//           value: "value*"
//       metadata:
//         - key: "content-type"
//           value: "image/*"
//     notify:
//       endpoint: "https://splunk-hec.dev.com"
//       token: "Splunk ..." # e.g. "Bearer token"
//
//   # target where the objects must be replicated
//   target:
//     type: "minio"
//     bucket: "testbucket1"
//     endpoint: "https://play.min.io"
//     path: "on"
//     credentials:

	"github.com/minio/minio/internal/auth"
	xjwt "github.com/minio/minio/internal/jwt"
	"github.com/minio/minio/internal/logger"
	"github.com/minio/pkg/v3/policy"
)

const (
	jwtAlgorithm = "Bearer"

	// Default JWT token for web handlers is one day.
	defaultJWTExpiry = 24 * time.Hour

	// Inter-node JWT token expiry is 15 minutes.
	defaultInterNodeJWTExpiry = 15 * time.Minute
)

var (

  local subnetwork_url
  subnetwork_url="${GCE_API_ENDPOINT}projects/${PROJECT}/regions/${REGION}/subnetworks/${IP_ALIAS_SUBNETWORK}"
  until curl -s --header "Content-Type: application/json" --header "Authorization: Bearer ${access_token}" \
    -X PATCH -d "${request}" "${subnetwork_url}" --output /dev/null; do
    printf "."
    sleep 1
  done
}

# Add secondary ranges to K8s subnet.
#
# Assumed vars: