- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 12 for audiences (0.18 sec)
-
pilot/pkg/bootstrap/server_test.go
jwtRule: `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`, }, { name: "invalid jwt rule", expectErr: true, jwtRule: "invalid", }, { name: "jwt rule with invalid audiences", expectErr: true, // audiences must be a string array jwtRule: `{"issuer": "foo", "jwks_uri": "baz", "audiences": "aud1"}`, }, } for _, tt := range tests {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 23.1K bytes - Viewed (0) -
pkg/security/security.go
"Reject k8s default tokens, without audience. If false, default K8S token will be accepted") // TokenAudiences specifies a list of audiences for SDS trustworthy JWT. This is to make sure that the CSR requests // contain the JWTs intended for Citadel. TokenAudiences = strings.Split(env.Register("TOKEN_AUDIENCES", "istio-ca", "A list of comma separated audiences to check in the JWT token before issuing a certificate. "+
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 19.1K bytes - Viewed (0) -
pilot/pkg/bootstrap/istio_ca.go
// This value can also be extracted from the mounted token trustedIssuer = env.Register("TOKEN_ISSUER", "", "OIDC token issuer. If set, will be used to check the tokens.") audience = env.Register("AUDIENCE", "", "Expected audience in the tokens. ") caRSAKeySize = env.Register("CITADEL_SELF_SIGNED_CA_RSA_KEY_SIZE", 2048, "Specify the RSA key size to use for self-signed Istio CA certificates.")
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 20.6K bytes - Viewed (0) -
pkg/printers/internalversion/printers.go
} row.Cells = append(row.Cells, storageCapacity) tokenRequests := "<unset>" if obj.Spec.TokenRequests != nil { audiences := []string{} for _, t := range obj.Spec.TokenRequests { audiences = append(audiences, t.Audience) } tokenRequests = strings.Join(audiences, ",") } requiresRepublish := false if obj.Spec.RequiresRepublish != nil { requiresRepublish = *obj.Spec.RequiresRepublish
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 11 14:04:15 UTC 2024 - 128.3K bytes - Viewed (0) -
CHANGELOG/CHANGELOG-1.30.md
- Added audienceMatchPolicy field to AuthenticationConfiguration and support for configuring multiple audiences. The "audienceMatchPolicy" can be empty (or unset) when a single audience is specified in the "audiences" field. The "audienceMatchPolicy" must be set to "MatchAny" when multiple audiences are specified in the "audiences" field. ([#123165](https://github.com/kubernetes/kubernetes/pull/123165), [@aramase](https://github.com/aramase))
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 12 04:05:28 UTC 2024 - 253.2K bytes - Viewed (0) -
pilot/pkg/bootstrap/server.go
// JWTRule is from the JWT_RULE environment variable. // An example of json string for JWTRule is: // `{"issuer": "foo", "jwks_uri": "baz", "audiences": ["aud1", "aud2"]}`. jwtRule := &v1beta1.JWTRule{} err := json.Unmarshal([]byte(args.JwtRule), jwtRule) if err != nil { return nil, fmt.Errorf("failed to unmarshal JWT rule: %v", err) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 17:48:28 UTC 2024 - 46.3K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
token, err := t.Clusters().Default().Kube().CoreV1().ServiceAccounts(apps.Namespace.Name()).CreateToken(context.Background(), "default", &authenticationv1.TokenRequest{ Spec: authenticationv1.TokenRequestSpec{ Audiences: []string{"kubernetes.default.svc"}, ExpirationSeconds: ptr.Of(int64(600)), }, }, metav1.CreateOptions{}) assert.NoError(t, err) for _, src := range svcs { src := src
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
pkg/config/validation/validation.go
if rule == nil { return nil } if len(rule.Issuer) == 0 { errs = multierror.Append(errs, errors.New("issuer must be set")) } for _, audience := range rule.Audiences { if len(audience) == 0 { errs = multierror.Append(errs, errors.New("audience must be non-empty string")) } } if len(rule.JwksUri) != 0 { if _, err := security.ParseJwksURI(rule.JwksUri); err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 04:03:33 UTC 2024 - 107.2K bytes - Viewed (0) -
manifests/charts/ztunnel/templates/daemonset.yaml
volumes: - name: istio-token projected: sources: - serviceAccountToken: path: istio-token expirationSeconds: 43200 audience: istio-ca - name: istiod-ca-cert configMap: name: istio-ca-root-cert - name: cni-ztunnel-sock-dir hostPath: path: /var/run/ztunnel
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jun 11 01:33:52 UTC 2024 - 5.6K bytes - Viewed (0) -
internal/grid/manager.go
Local string // Local host name. Hosts []string // All hosts, including local in the grid. AddAuth AuthFn // Add authentication to the given audience. AuthRequest func(r *http.Request) error // Validate incoming requests. TLSConfig *tls.Config // TLS to apply to the connections. Incoming func(n int64) // Record incoming bytes.
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Mon Jun 10 17:40:33 UTC 2024 - 9.8K bytes - Viewed (0)