* Fix the bug where StartedAt time is not reported for exited containers. ([#45977](https://github.com/kubernetes/kubernetes/pull/45977), [@yujuhong](https://github.com/yujuhong))
* Enable basic auth username rotation for GCI ([#44590](https://github.com/kubernetes/kubernetes/pull/44590), [@ihmccreery](https://github.com/ihmccreery))

Normalmente são usados para declarar permissões de segurança específicas, por exemplo:

* `users:read` ou `users:write` são exemplos comuns.
* `instagram_basic` é usado pelo Facebook e Instagram.
* `https://www.googleapis.com/auth/drive` é usado pelo Google.

/// info | Informação

No OAuth2, um "scope" é apenas uma string que declara uma permissão específica necessária.

Não importa se tem outros caracteres como `:` ou se é uma URL.

  - [Introduction to 1.9.0](#introduction-to-190)
  - [Major themes](#major-themes)
    - [API Machinery](#api-machinery)
    - [Apps](#apps)
    - [Auth](#auth)
    - [AWS](#aws)
    - [Azure](#azure)
    - [Cluster Lifecycle](#cluster-lifecycle)
    - [Instrumentation](#instrumentation)
    - [Network](#network)
    - [Node](#node)
    - [OpenStack](#openstack)

      MockResponse(body = "Successful auth!"),
    )
    val credential = basic("username", "password")
    client =
      client.newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, "Basic"))
        .build()
    val call = client.newCall(Request(server.url("/")))
    val response = call.execute()
    assertThat(response.body.string()).isEqualTo("Successful auth!")
    val denied = server.takeRequest()

        tid, pid, uid, mid,
        wordCount, byteCount;
    boolean useUnicode, received, extendedSecurity;
    long responseTimeout = 1;
    int signSeq;
    boolean verifyFailed;
    NtlmPasswordAuthentication auth = null;
    String path;
    SigningDigest digest = null;
    ServerMessageBlock response;

    ServerMessageBlock() {
        flags = (byte)( FLAGS_PATH_NAMES_CASELESS | FLAGS_PATH_NAMES_CANONICALIZED );

각 "범위"는 공백이 없는 문자열입니다.

일반적으로 특정 보안 권한을 선언하는 데 사용됩니다. 다음을 봅시다:

* `users:read` 또는 `users:write`는 일반적인 예시입니다.
* `instagram_basic`은 페이스북/인스타그램에서 사용합니다.
* `https://www.googleapis.com/auth/drive`는 Google에서 사용합니다.

/// 정보

OAuth2에서 "범위"는 필요한 특정 권한을 선언하는 문자열입니다.

`:`과 같은 다른 문자가 있는지 또는 URL인지는 중요하지 않습니다.

이러한 세부 사항은 구현에 따라 다릅니다.

OAuth2의 경우 문자열일 뿐입니다.

///

		ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),
		IsOwner:         false,
	})

	// Check if anonymous (non-owner) has access to upload objects.
	writable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
		Action:          policy.PutObjectAction,
		BucketName:      bucket,
		ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),
		IsOwner:         false,
	})

	"github.com/minio/cli"
	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/credentials"
	"github.com/minio/minio-go/v7/pkg/set"
	"github.com/minio/minio/internal/auth"
	"github.com/minio/minio/internal/bucket/bandwidth"
	"github.com/minio/minio/internal/color"
	"github.com/minio/minio/internal/config"
	"github.com/minio/minio/internal/handlers"
	"github.com/minio/minio/internal/hash/sha256"

	if resp.StatusCode >= 200 && resp.StatusCode <= 299 {
		// accepted HTTP status codes.
		return nil
	} else if resp.StatusCode == http.StatusForbidden {
		return fmt.Errorf("%s returned '%s', please check if your auth token is correctly set", h.Endpoint(), resp.Status)
	}
	return fmt.Errorf("%s returned '%s', please check your endpoint configuration", h.Endpoint(), resp.Status)
}

contexts:
- context:
    cluster: {cluster}
    user: {cluster}
  name: {cluster}
current-context: {cluster}
kind: Config
preferences: {}
users:
- name: {cluster}
  user:
    auth-provider:
      config:
        k1: v1
      name: foobar
`, "{cluster}", fakeClusterName)

	cases := []struct {
		name               string
		in                 *v1.Secret
		context            string