// Request that `desc` be co-located on the device where `op`
// is placed.
//
// Use of this is discouraged since the implementation of device placement is
// subject to change. Primarily intended for internal libraries
TF_CAPI_EXPORT extern void TF_ColocateWith(TF_OperationDescription* desc,
                                           TF_Operation* op);

- Kubernetes components that accepted X.509 client certificate authentication now read the user UID from a certificate subject name RDN with object ID `1.3.6.1.4.1.57683.2`. An RDN with this object ID had to contain a string value and appear no more than once in the certificate subject. Reading the user UID from this RDN could be disabled by setting the beta feature gate `AllowParsingUserUIDFromCertAuth` to `false`(until the feature gate graduated to...

)

func (s *TestSuiteCommon) TestMetricsV3Handler(c *check) {
	jwt := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.StandardClaims{
		ExpiresAt: time.Now().UTC().Add(defaultPrometheusJWTExpiry).Unix(),
		Subject:   s.accessKey,
		Issuer:    "prometheus",
	})

	token, err := jwt.SignedString([]byte(s.secretKey))
	c.Assert(err, nil)

	for _, cpath := range globalMetricsV3CollectorPaths {

  @Test
  fun httpsWithIpAddress() {
    platform.assumeNotBouncyCastle()

    val localIpAddress = InetAddress.getLoopbackAddress().hostAddress

    // Create a certificate with an IP address in the subject alt name.
    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("example.com")
        .addSubjectAlternativeName(localIpAddress!!)
        .build()

and `apiserver_webhooks_x509_missing_san_total`. This metric measures a number of connections to webhooks/aggregated API servers that use certificates without Subject Alternative Names. It being non-zero is a warning sign that these connections will stop functioning in the future since Golang is going to deprecate x509 certificate subject Common Names for server hostname verification. ([#95396](https://github.com/kubernetes/kubernetes/pull/95396), [@stlaz](https://github.com/stlaz)) [SIG API Machinery,...

    * More details about the release https://github.com/kubernetes/heapster/releases/tag/v1.2.0
* add local subject access review API ([#32407](https://github.com/kubernetes/kubernetes/pull/32407), [@deads2k](https://github.com/deads2k))

pkg crypto/x509, type CertificateRequest struct, Signature []uint8
pkg crypto/x509, type CertificateRequest struct, SignatureAlgorithm SignatureAlgorithm
pkg crypto/x509, type CertificateRequest struct, Subject pkix.Name
pkg crypto/x509, type CertificateRequest struct, Version int
pkg crypto/x509/pkix, type AttributeTypeAndValueSET struct
pkg crypto/x509/pkix, type AttributeTypeAndValueSET struct, Type asn1.ObjectIdentifier

- `Kubectl set resources` will no longer return an error if passed an empty change for a resource. `kubectl set subject` will no longer return an error if passed an empty change for a resource. ([#85490](https://github.com/kubernetes/kubernetes/pull/85490), [@sallyom](https://github.com/sallyom)) [SIG CLI]

    * `kubectl auth can-i` now supports non-resource URLs ([#46432](https://github.com/kubernetes/kubernetes/pull/46432), [@CaoShuFeng](https://github.com/CaoShuFeng))

    * `kubectl set selector` and `kubectl set subject` no longer print "running in local/dry-run mode..." at the top.  The output can now be piped and interpretted as yaml or json ([#46507](https://github.com/kubernetes/kubernetes/pull/46507), [@bboreham](https://github.com/bboreham))

_string","value":""},{"key":"table","value":""},{"key":"queue_dir","value":""},{"key":"queue_limit","value":"0"},{"key":"max_open_connections","value":"2"}]},"notify_nats":{"_":[{"key":"enable","value":"off"},{"key":"address","value":""},{"key":"subject","value":""},{"key":"username","value":""},{"key":"password","value":""},{"key":"token","value":""},{"key":"tls","value":"off"},{"key":"tls_skip_verify","value":"off"},{"key":"cert_authority","value":""},{"key":"client_cert","value":""},{"key":"c...