- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 107 for Aud (0.02 sec)
-
security/pkg/k8s/tokenreview/k8sauthn.go
// aud: list of audiences to check. If empty 1st party tokens will be checked. func ValidateK8sJwt(kubeClient kubernetes.Interface, targetToken string, aud []string) (security.KubernetesInfo, error) { tokenReview := &k8sauth.TokenReview{ Spec: k8sauth.TokenReviewSpec{ Token: targetToken, }, } if aud != nil { tokenReview.Spec.Audiences = aud }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Feb 13 17:12:41 UTC 2023 - 4.3K bytes - Viewed (0) -
security/pkg/credentialfetcher/plugin/gce.go
rotateToken = enable } // GCEPlugin is the plugin object. type GCEPlugin struct { // aud is the unique URI agreed upon by both the instance and the system verifying the instance's identity. // For more info: https://cloud.google.com/compute/docs/instances/verifying-instance-identity aud string // The location to save the identity token jwtPath string // identity provider identityProvider string
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Apr 30 13:56:46 UTC 2024 - 4.7K bytes - Viewed (0) -
istioctl/pkg/xds/client.go
} // Use bearer token aud := tokenAudiences isMCP := strings.HasSuffix(opts.Xds, ".googleapis.com") || strings.HasSuffix(opts.Xds, ".googleapis.com:443") if isMCP { // Special credentials handling when using ASM Managed Control Plane. mem, err := getHubMembership(ctx, kubeClient) if err != nil { return nil, fmt.Errorf("failed to query Hub membership: %w", err) } aud = []string{mem.WorkloadIdentityPool} }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Dec 19 22:42:42 UTC 2023 - 3.7K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go
auds, ok := ctx.Value(audiencesKey).(Audiences) return auds, ok } // Has checks if Audiences contains a specific audiences. func (a Audiences) Has(taud string) bool { for _, aud := range a { if aud == taud { return true } } return false } // Intersect intersects Audiences with a target Audiences and returns all // elements in both.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Oct 31 21:50:11 UTC 2018 - 1.7K bytes - Viewed (0) -
internal/grid/connection_test.go
remoteHost := hosts[1] local, err := NewManager(context.Background(), ManagerOptions{ Dialer: dialer.DialContext, Local: localHost, Hosts: hosts, AddAuth: func(aud string) string { return aud }, AuthRequest: dummyRequestValidate, BlockConnect: connReady, }) errFatal(err) // 1: Echo errFatal(local.RegisterSingleHandler(handlerTest, func(payload []byte) ([]byte, *RemoteErr) {
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Tue Nov 21 01:09:35 UTC 2023 - 6K bytes - Viewed (0) -
internal/config/identity/openid/jwt.go
// case sensitive audValues, ok := policy.GetValuesFromClaims(mclaims, audClaim) if !ok { return errors.New("STS JWT Token has `aud` claim invalid, `aud` must match configured OpenID Client ID") } if !audValues.Contains(pCfg.ClientID) { // if audience claims is missing, look for "azp" claims. // OPTIONAL. Authorized party - the party to which the ID
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Thu May 30 18:10:41 UTC 2024 - 8.3K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/oidc_test.go
claims := `{"iss": "` + server.URL + `", "aud": ["baz.svc.id.goog"], "sub": "system:serviceaccount:bar:foo", "exp": ` + expStr + `}` token, err := generateJWT(&key, []byte(claims)) if err != nil { t.Fatalf("failed to generate JWT: %v", err) } // Create an expired JWT token expiredStr := strconv.FormatInt(time.Now().Add(-time.Hour).Unix(), 10)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 7.3K bytes - Viewed (0) -
tests/common/jwt/jwt_token.go
// Payload { // "aud": foo, // "exp": 4732994801, // "iat": 1579394801, // "iss": "******@****.***", // "sub": "sub-1" // } // Generated by: security/tools/jwt/samples/gen-jwt.py tests/common/jwt/key.pem -jwks=tests/common/jwt/jwks.json // --expire=3153600000 --iss=******@****.*** --sub=sub-1 --aud=foo // nolint: lll
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 12.1K bytes - Viewed (0) -
cmd/jwt_test.go
fn := authenticateNode b.ResetTimer() b.ReportAllocs() for i := 0; i < b.N; i++ { fn(creds.AccessKey, creds.SecretKey, "aud") } }) b.Run("cached", func(b *testing.B) { fn := newCachedAuthToken() b.ResetTimer() b.ReportAllocs() for i := 0; i < b.N; i++ { fn("aud") } })
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Fri Apr 19 16:45:14 UTC 2024 - 4.5K bytes - Viewed (0) -
pkg/test/framework/components/istio/ca.go
} return Cert{certChain, keyPEM, []byte(rootCert)}, nil } // 7 days var saTokenExpiration int64 = 60 * 60 * 24 * 7 func GetServiceAccountToken(c kubernetes.Interface, aud, ns, sa string) (string, error) { san := san(ns, sa) if got, f := cachedTokens.Load(san); f { t := got.(token) if t.expiration.After(time.Now().Add(time.Minute)) { return t.token, nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 27 16:59:05 UTC 2024 - 4.5K bytes - Viewed (0)