- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 477 for audiences (0.15 sec)
-
tests/integration/security/testdata/authz/jwt.yaml.tmpl
# - Allow request with valid JWT token to access path /jwt1 # - Allow request with valid JWT token of presenter bar to access path with suffix "/presenter" # - Allow request with valid JWT token of audiences foo to access path with suffix "/audiences" apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: {{ .To.ServiceName }} spec: selector: matchLabels: "app": "{{ .To.ServiceName }}"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 3K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-in.yaml
notValues: ["not-requestPrincipals", "not-requestPrincipals-prefix-*", "*-not-suffix-requestPrincipals", "*"] - key: "request.auth.audiences" values: ["audiences", "audiences-prefix-*", "*-suffix-audiences", "*"] notValues: ["not-audiences", "not-audiences-prefix-*", "*-not-suffix-audiences", "*"] - key: "request.auth.presenter" values: ["presenter", "presenter-prefix-*", "*-suffix-presenter", "*"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 4.1K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/oidc.go
ksa := parts[3] if !checkAudience(sa.Aud, j.audiences) { return nil, fmt.Errorf("invalid audiences %v", sa.Aud) } return &security.Caller{ AuthSource: security.AuthSourceIDToken, Identities: []string{spiffe.MustGenSpiffeURI(j.meshHolder.Mesh(), ns, ksa)}, }, nil } // checkAudience() returns true if the audiences to check are in // the expected audiences. Otherwise, return false.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 5.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
if err != nil { klog.ErrorS(err, "Unable to authenticate the request") } failed.ServeHTTP(w, req) return } if !audiencesAreAcceptable(apiAuds, resp.Audiences) { err = fmt.Errorf("unable to match the audience: %v , accepted: %v", resp.Audiences, apiAuds) klog.Error(err) failed.ServeHTTP(w, req) return } // authorization header is not required anymore in case of a successful authentication.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Oct 12 20:54:07 UTC 2023 - 6.4K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-out.yaml
- metadata: filter: istio_authn path: - key: request.auth.audiences value: stringMatch: suffix: -suffix-audiences - metadata: filter: istio_authn path: - key: request.auth.audiences
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 32.6K bytes - Viewed (0) -
tests/integration/security/testdata/requestauthn/aud.yaml.tmpl
- issuer: "******@****.***" jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" audiences: - "foo" - issuer: "******@****.***" jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" audiences: - "bar" --- apiVersion: security.istio.io/v1beta1 kind: RequestAuthentication metadata: name: {{ .To.ServiceName }}-part2
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 08 07:03:01 UTC 2023 - 838 bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/round_trip_test.go
return authenticationv1beta1.TokenReviewStatus{ Authenticated: in.Authenticated, User: v1UserToV1beta1User(in.User), Audiences: in.Audiences, Error: in.Error, } } func v1UserToV1beta1User(u authenticationv1.UserInfo) authenticationv1beta1.UserInfo { var extra map[string]authenticationv1beta1.ExtraValue if u.Extra != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 12 15:48:03 UTC 2023 - 2.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook_v1_test.go
}, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"}, serverResponse: authenticationv1.TokenReviewStatus{ Authenticated: false, }, expectedAuthenticated: false, }, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 18 00:47:42 UTC 2022 - 19.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go
// authentication, and information about the authenticated user. type Response struct { // Audiences is the set of audiences the authenticator was able to validate // the token against. If the authenticator is not audience aware, this field // will be empty. Audiences Audiences // User is the UserInfo associated with the authentication context. User user.Info
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 12 00:55:47 UTC 2020 - 2.3K bytes - Viewed (0) -
pkg/kube/rpc_creds.go
tokenNamespace, tokenServiceAccount string, audiences []string, expirationSeconds int64, ) (*authenticationv1.TokenRequest, error) { return client.Kube().CoreV1().ServiceAccounts(tokenNamespace).CreateToken(ctx, tokenServiceAccount, &authenticationv1.TokenRequest{ Spec: authenticationv1.TokenRequestSpec{ Audiences: audiences, ExpirationSeconds: &expirationSeconds, },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 23 17:08:31 UTC 2023 - 4K bytes - Viewed (0)