- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 201 for audiences (0.15 sec)
-
security/pkg/util/jwtutil_test.go
testCases := map[string]struct { jwt string aud []string }{ "no audience": { jwt: firstPartyJwt, }, "one audience string": { jwt: oneAudString, aud: []string{"abc"}, }, "one audience list": { jwt: thirdPartyJwt, aud: []string{"yonggangl-istio-4.svc.id.goog"}, }, "two audiences list": { jwt: twoAudList, aud: []string{"abc", "xyz"}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 16:07:11 UTC 2024 - 6K bytes - Viewed (0) -
pilot/pkg/security/authz/model/generator_test.go
}, { name: "requestAudiencesGenerator", g: requestAudiencesGenerator{}, key: "request.auth.audiences", value: "foo", want: yamlPrincipal(t, ` metadata: filter: istio_authn path: - key: request.auth.audiences value: stringMatch: exact: foo`), }, { name: "requestPresenterGenerator",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 13K bytes - Viewed (0) -
pkg/security/security.go
"Reject k8s default tokens, without audience. If false, default K8S token will be accepted") // TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests // contain the JWTs intended for Citadel. TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca", "A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/kubeauth/kube_jwt_test.go
ctx = metadata.NewIncomingContext(ctx, tc.metadata) } tokenReview := &k8sauth.TokenReview{ Spec: k8sauth.TokenReviewSpec{ Token: tc.token, }, } tokenReview.Status.Audiences = []string{} if tc.token != invlidToken { tokenReview.Status.Authenticated = true } tokenReview.Status.User = k8sauth.UserInfo{ Username: "system:serviceaccount:default:example-pod-sa",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 6.1K bytes - Viewed (0) -
internal/config/identity/openid/jwt.go
// REQUIRED. Audience(s) that this ID Token is intended for. // It MUST contain the OAuth 2.0 client_id of the Relying Party // as an audience value. It MAY also contain identifiers for // other audiences. In the general case, the aud value is an // array of case sensitive strings. In the common special case // when there is one audience, the aud value MAY be a single // case sensitive
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Thu May 30 18:10:41 UTC 2024 - 8.3K bytes - Viewed (0) -
pkg/config/security/security_test.go
}, { key: "source.principal", values: []string{"value"}, }, { key: "request.auth.principal", values: []string{"value"}, }, { key: "request.auth.audiences", values: []string{"value"}, }, { key: "request.auth.presenter", values: []string{"value"}, }, { key: "request.auth.claims[id]", values: []string{"123"}, },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 8.3K bytes - Viewed (0) -
pkg/config/security/security.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 07 04:43:34 UTC 2024 - 9.4K bytes - Viewed (0) -
pkg/volume/projected/projected.go
mode = 0600 } var auds []string if len(tp.Audience) != 0 { auds = []string{tp.Audience} } tr, err := s.plugin.getServiceAccountToken(s.pod.Namespace, s.pod.Spec.ServiceAccountName, &authenticationv1.TokenRequest{ Spec: authenticationv1.TokenRequestSpec{ Audiences: auds, ExpirationSeconds: tp.ExpirationSeconds,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 12.8K bytes - Viewed (0) -
pkg/volume/csi/csi_mounter_test.go
tr := action.(clitesting.CreateAction).GetObject().(*authenticationv1.TokenRequest) scheme.Default(tr) if len(tr.Spec.Audiences) == 0 { tr.Spec.Audiences = []string{"api"} } tr.Status.Token = fmt.Sprintf("%v:%v:%d:%v", action.GetNamespace(), testAccount, *tr.Spec.ExpirationSeconds, tr.Spec.Audiences) tr.Status.ExpirationTimestamp = meta.NewTime(time.Unix(1, 1)) return true, tr, nil }))
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 50.1K bytes - Viewed (0) -
pkg/kube/client.go
}) } return g.Wait() } func (c *client) CreatePerRPCCredentials(_ context.Context, tokenNamespace, tokenServiceAccount string, audiences []string, expirationSeconds int64, ) (credentials.PerRPCCredentials, error) { return NewRPCCredentials(c, tokenNamespace, tokenServiceAccount, audiences, expirationSeconds, 60) } func (c *client) UtilFactory() PartialFactory { return c.clientFactory }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 14:44:17 UTC 2024 - 39K bytes - Viewed (0)