//  "sub": "sub-1"
	// }
	// Generated by: security/tools/jwt/samples/gen-jwt.py tests/common/jwt/key.pem -jwks=tests/common/jwt/jwks.json
	// --expire=3153600000 --iss=******@****.*** --sub=sub-1 --claims "azp:bar"
	// nolint: lll

      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work

        signal: 2
        startedAt: "2005-01-01T01:01:01Z"
      waiting:
        message: messageValue
        reason: reasonValue
    name: nameValue
    ready: true
    resources:
      claims:
      - name: nameValue
      limits:
        limitsKey: "0"
      requests:
        requestsKey: "0"
    restartCount: 5
    started: true
    state:
      running:

apiVersion: release-notes/v2
kind: feature
area: security
issue:
  - 49913
releaseNotes:
- |

			if err != nil {
				return nil, err
			}
			claims := make(map[string]interface{})
			claims[expClaim] = UTCNow().Add(expiryDur).Unix()

			claims[ldapUser] = lookupResult.NormDN
			claims[ldapActualUser] = lookupResult.ActualDN
			claims[ldapUserN] = ctx.Sess.LoginUser()

			// Add LDAP attributes that were looked up into the claims.
			for attribKey, attribValue := range lookupResult.Attributes {

        },
        "resources": {
          "limits": {
            "limitsKey": "0"
          },
          "requests": {
            "requestsKey": "0"
          },
          "claims": [
            {
              "name": "nameValue"
            }
          ]
        },
        "volumeMounts": [
          {
            "name": "nameValue",

        signal: 2
        startedAt: "2005-01-01T01:01:01Z"
      waiting:
        message: messageValue
        reason: reasonValue
    name: nameValue
    ready: true
    resources:
      claims:
      - name: nameValue
      limits:
        limitsKey: "0"
      requests:
        requestsKey: "0"
    restartCount: 5
    started: true
    state:
      running:

      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		tc, ok := r.Context().Value(mcontext.ContextTraceKey).(*mcontext.TraceCtxt)

		claims, groups, owner, authErr := metricsRequestAuthenticate(r)
		if authErr != nil || (claims != nil && !claims.VerifyIssuer("prometheus", true)) {
			if ok {
				tc.FuncName = "handler.MetricsAuth"
				tc.ResponseRecorder.LogErrBody = true
			}

          notValues: ["not-presenter", "not-presenter-prefix-*", "*-not-suffix-presenter", "*"]
        - key: "request.auth.claims[iss]"
          values: ["iss", "iss-prefix-*", "*-suffix-iss", "*"]
          notValues: ["not-iss", "not-iss-prefix-*", "*-not-suffix-iss", "*"]
        - key: "request.auth.claims[nested1][nested2]"
          values: ["nested", "nested-prefix-*", "*-suffix-nested", "*"]