rr","safeActiveElement","hasFocus","href","tabIndex","enabled","checked","selected","selectedIndex","empty","nextSibling","header","button","_matchIndexes","lt","gt","nth","radio","checkbox","file","password","image","submit","reset","parseOnly","tokens","soFar","preFilters","cached","combinator","base","skip","checkNonElements","doneName","oldCache","newCache","elementMatcher","matchers","condense","newUnmatched","mapped","setMatcher","postFilter","postFinder","postSelector","temp","matcherOut"...

	"net/url"
	"time"

	"github.com/minio/minio-go/v7"
	cr "github.com/minio/minio-go/v7/pkg/credentials"
)

var (
	// LDAP integrated Minio endpoint
	stsEndpoint string

	// token to use with AssumeRoleWithCustomToken
	token string

	// Role ARN to use
	roleArn string

	// Display credentials flag
	displayCreds bool

	// Credential expiry duration
	expiryDuration time.Duration

	// Bucket to list

| Version         | String  | Yes      | Value must be `2011-06-15`                                           |
| Token           | String  | Yes      | Token to be authenticated by identity plugin                         |
| RoleArn         | String  | Yes      | Must match the Role ARN generated for the identity plugin            |

          <type>String</type>
        </field>
        <field>
          <name>filtering</name>
          <version>3.0.0+</version>
          <description>
            Whether resources are filtered to replace tokens with parameterised values or not.
            The values are taken from the {@code properties} element and from the
            properties in the files listed in the {@code filters} element. Note: While the type

  public void testAssignableClassToType() {
    TypeToken<List<String>> tokenL = new TypeToken<List<String>>() {};
    assertTrue(tokenL.isSupertypeOf(StringList.class));
    assertFalse(tokenL.isSupertypeOf(List.class));

    TypeToken<First<String>> tokenF = new TypeToken<First<String>>() {};
    assertTrue(tokenF.isSupertypeOf(ConcreteIS.class));
    assertFalse(tokenF.isSupertypeOf(ConcreteSI.class));
  }

Sergei Gavrilov <******@****.***> 1657207540 +0200

Sergei Gavrilov <******@****.***> 1657207540 +0200

  public void testAssignableClassToType() {
    TypeToken<List<String>> tokenL = new TypeToken<List<String>>() {};
    assertTrue(tokenL.isSupertypeOf(StringList.class));
    assertFalse(tokenL.isSupertypeOf(List.class));

    TypeToken<First<String>> tokenF = new TypeToken<First<String>>() {};
    assertTrue(tokenF.isSupertypeOf(ConcreteIS.class));
    assertFalse(tokenF.isSupertypeOf(ConcreteSI.class));
  }

- When the alpha `LegacyServiceAccountTokenTracking` feature gate is enabled, secret-based service account tokens will have a `kubernetes.io/legacy-token-last-used` applied to them containing the date they were last used. ([#108858](https://github.com/kubernetes/kubernetes/pull/108858), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth and Testing]

### Auth

- Service account tokens now include the JWT Key ID field in their header. ([#78502](https://github.com/kubernetes/kubernetes/pull/78502), [@ahmedtd](https://github.com/ahmedtd))
- The nbf (not before) claim, if present in ID token, is now enforced. ([#81413](https://github.com/kubernetes/kubernetes/pull/81413), [@anderseknert](https://github.com/anderseknert))