- Sort Score
- Result 10 results
- Languages All
Results 61 - 70 of 457 for audiences (0.23 sec)
-
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go
// audiences is the set of acceptable audiences the JWT must be issued to. // At least one of the entries must match the "aud" claim in presented JWTs. // Same value as the --oidc-client-id flag (though this field supports an array). // Required to be non-empty. // +required Audiences []string `json:"audiences"`
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 17:59:05 UTC 2024 - 26.6K bytes - Viewed (0) -
security/pkg/k8s/tokenreview/k8sauthn.go
// aud: list of audiences to check. If empty 1st party tokens will be checked. func ValidateK8sJwt(kubeClient kubernetes.Interface, targetToken string, aud []string) (security.KubernetesInfo, error) { tokenReview := &k8sauth.TokenReview{ Spec: k8sauth.TokenReviewSpec{ Token: targetToken, }, } if aud != nil { tokenReview.Spec.Audiences = aud }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Feb 13 17:12:41 UTC 2023 - 4.3K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/v1.30.0/authentication.k8s.io.v1.TokenRequest.yaml
blockOwnerDeletion: true controller: true kind: kindValue name: nameValue uid: uidValue resourceVersion: resourceVersionValue selfLink: selfLinkValue uid: uidValue spec: audiences: - audiencesValue boundObjectRef: apiVersion: apiVersionValue kind: kindValue name: nameValue uid: uidValue expirationSeconds: 4 status: expirationTimestamp: "2002-01-01T01:01:01Z"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 18 08:52:25 UTC 2024 - 1.1K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/HEAD/authentication.k8s.io.v1.TokenRequest.yaml
blockOwnerDeletion: true controller: true kind: kindValue name: nameValue uid: uidValue resourceVersion: resourceVersionValue selfLink: selfLinkValue uid: uidValue spec: audiences: - audiencesValue boundObjectRef: apiVersion: apiVersionValue kind: kindValue name: nameValue uid: uidValue expirationSeconds: 4 status: expirationTimestamp: "2002-01-01T01:01:01Z"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 06 21:25:20 UTC 2022 - 1.1K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/v1.30.0/authentication.k8s.io.v1.TokenRequest.json
"time": "2004-01-01T01:01:01Z", "fieldsType": "fieldsTypeValue", "fieldsV1": {}, "subresource": "subresourceValue" } ] }, "spec": { "audiences": [ "audiencesValue" ], "expirationSeconds": 4, "boundObjectRef": { "kind": "kindValue", "apiVersion": "apiVersionValue", "name": "nameValue", "uid": "uidValue" }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 18 08:52:25 UTC 2024 - 1.5K bytes - Viewed (0) -
pkg/kubeapiserver/authenticator/config.go
OIDCSigningAlgs []string ServiceAccountKeyFiles []string ServiceAccountLookup bool ServiceAccountIssuers []string APIAudiences authenticator.Audiences WebhookTokenAuthnConfigFile string WebhookTokenAuthnVersion string WebhookTokenAuthnCacheTTL time.Duration // WebhookRetryBackoff specifies the backoff parameters for the authentication webhook retry logic.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 19:29:33 UTC 2024 - 15.4K bytes - Viewed (0) -
api/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.json
"properties": { "audiences": {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Nov 27 20:06:25 UTC 2023 - 41.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/filters/metrics.go
} func recordAuthenticationMetrics(ctx context.Context, resp *authenticator.Response, ok bool, err error, apiAudiences authenticator.Audiences, authStart time.Time, authFinish time.Time) { var resultLabel string switch { case err != nil || (resp != nil && !audiencesAreAcceptable(apiAudiences, resp.Audiences)): resultLabel = errorLabel case !ok: resultLabel = failureLabel default: resultLabel = successLabel
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 20 13:35:55 UTC 2023 - 5.3K bytes - Viewed (0) -
pkg/volume/csi/csi_mounter.go
for _, tokenRequest := range csiDriver.Spec.TokenRequests { audience := tokenRequest.Audience audiences := []string{audience} if audience == "" { audiences = []string{} } tr, err := c.plugin.serviceAccountTokenGetter(c.pod.Namespace, c.pod.Spec.ServiceAccountName, &authenticationv1.TokenRequest{ Spec: authenticationv1.TokenRequestSpec{ Audiences: audiences, ExpirationSeconds: tokenRequest.ExpirationSeconds,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jan 30 10:47:59 UTC 2024 - 21K bytes - Viewed (0) -
pkg/registry/core/serviceaccount/storage/storage.go
*genericregistry.Store Token *TokenREST } // NewREST returns a RESTStorage object that will work against service accounts. func NewREST(optsGetter generic.RESTOptionsGetter, issuer token.TokenGenerator, auds authenticator.Audiences, max time.Duration, podStorage, secretStorage, nodeStorage rest.Getter, extendExpiration bool) (*REST, error) { store := &genericregistry.Store{ NewFunc: func() runtime.Object { return &api.ServiceAccount{} },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Oct 30 21:15:10 UTC 2023 - 3K bytes - Viewed (0)