func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) {
	auds, _ := authenticator.AudiencesFrom(req.Context())
	return &authenticator.Response{
		User: &user.DefaultInfo{
			Name:   "system:unsecured",
			Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated},
		},
		Audiences: auds,
	}, true, nil

	}

	requestedAudiences, ok := authenticator.AudiencesFrom(ctx)
	if !ok {
		// default to apiserver audiences
		requestedAudiences = j.implicitAuds
	}

	auds := authenticator.Audiences(tokenAudiences).Intersect(requestedAudiences)
	if len(auds) == 0 && len(j.implicitAuds) != 0 {
		return nil, false, fmt.Errorf("token audiences %q is invalid for the target audiences %q", tokenAudiences, requestedAudiences)
	}

				mode = 0600
			}

			var auds []string
			if len(tp.Audience) != 0 {
				auds = []string{tp.Audience}
			}
			tr, err := s.plugin.getServiceAccountToken(s.pod.Namespace, s.pod.Spec.ServiceAccountName, &authenticationv1.TokenRequest{
				Spec: authenticationv1.TokenRequestSpec{
					Audiences:         auds,
					ExpirationSeconds: tp.ExpirationSeconds,

		}
		authn := serviceaccount.JWTTokenAuthenticator([]string{serviceaccount.LegacyIssuer, "bar"}, tc.Keys, auds, validator)

		// An invalid, non-JWT token should always fail
		ctx := authenticator.WithAudiences(context.Background(), auds)
		if _, ok, err := authn.AuthenticateToken(ctx, "invalid token"); err != nil || ok {
			t.Errorf("%s: Expected err=nil, ok=false for non-JWT token", k)

}

type TokenREST struct {
	svcaccts             rest.Getter
	pods                 rest.Getter
	secrets              rest.Getter
	nodes                rest.Getter
	issuer               token.TokenGenerator
	auds                 authenticator.Audiences
	audsSet              sets.String
	maxExpirationSeconds int64
	extendExpiration     bool
}

var _ = rest.NamedCreater(&TokenREST{})

	}
	con := newConnection(peerAddr, stream)
	con.ids = ids
	con.s = s
	return xds.Stream(con)
}

// update the node associated with the connection, after receiving a packet from envoy, also adds the connection
// to the tracking map.
func (s *DiscoveryServer) initConnection(node *core.Node, con *Connection, identities []string) error {
	// Setup the initial proxy metadata
	proxy, err := s.initProxyMetadata(node)

			audToCheck:  []string{"aud1"},
			audExpected: []string{"aud1", "aud2"},
		},
		{
			name:        "audience is NOT in the expected set",
			expectRet:   false,
			audToCheck:  []string{"aud3"},
			audExpected: []string{"aud1", "aud2"},
		},
		{
			name:        "one of the audiences is in the expected set",
			expectRet:   true,
			audToCheck:  []string{"aud1", "aud3"},

	msg, err := json.Marshal(logs)
	if err != nil {
		return fmt.Errorf("failed to sync uds log: %v", err)
	}
	resp, err := u.client.Post(u.url, "application/json", bytes.NewReader(msg))
	if err != nil {
		return fmt.Errorf("failed to send logs to uds server %v: %v", u.url, err)
	}
	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("uds server returns non-ok status %v: %v", u.url, resp.Status)
	}
	return nil
}

}

// StartUDSLogServer starts up a UDS server which receives log reported from CNI network plugin.
func (l *UDSLogger) StartUDSLogServer(sockAddress string, stop <-chan struct{}) error {
	if sockAddress == "" {
		return nil
	}
	log.Info("Start a UDS server for CNI plugin logs")
	unixListener, err := uds.NewListener(sockAddress)
	if err != nil {
		return fmt.Errorf("failed to create UDS listener: %v", err)
	}
	go func() {

Akshay J Nambiar <******@****.***> 1683529381 +0530