- Sort Score
- Result 10 results
- Languages All
Results 81 - 90 of 477 for audiences (0.26 sec)
-
security/tools/jwt/sa-jwt.py
help="iss claim. This should be your service account email.") parser.add_argument("-aud", "--aud", help="aud claim. This is comma-separated-list of audiences") parser.add_argument("-sub", "--sub", help="sub claim. If not provided, it is set to the same as iss claim.") parser.add_argument("-claims", "--claims",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Sep 14 20:15:07 UTC 2019 - 2.6K bytes - Viewed (0) -
pilot/pkg/security/authz/model/generator_test.go
}, { name: "requestAudiencesGenerator", g: requestAudiencesGenerator{}, key: "request.auth.audiences", value: "foo", want: yamlPrincipal(t, ` metadata: filter: istio_authn path: - key: request.auth.audiences value: stringMatch: exact: foo`), }, { name: "requestPresenterGenerator",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 13K bytes - Viewed (0) -
security/pkg/util/jwtutil_test.go
testCases := map[string]struct { jwt string aud []string }{ "no audience": { jwt: firstPartyJwt, }, "one audience string": { jwt: oneAudString, aud: []string{"abc"}, }, "one audience list": { jwt: thirdPartyJwt, aud: []string{"yonggangl-istio-4.svc.id.goog"}, }, "two audiences list": { jwt: twoAudList, aud: []string{"abc", "xyz"}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 16:07:11 UTC 2024 - 6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go
func (in *Issuer) DeepCopyInto(out *Issuer) { *out = *in if in.DiscoveryURL != nil { in, out := &in.DiscoveryURL, &out.DiscoveryURL *out = new(string) **out = **in } if in.Audiences != nil { in, out := &in.Audiences, &out.Audiences *out = make([]string, len(*in)) copy(*out, *in) } return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Mar 05 17:10:34 UTC 2024 - 14.6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go
// If this is nil, then mTLS will not be used. ClientCertificateCAContentProvider dynamiccertificates.CAContentProvider APIAudiences authenticator.Audiences RequestHeaderConfig *RequestHeaderConfig } func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error) { authenticators := []authenticator.Request{}
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 29 07:49:14 UTC 2021 - 5.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go
// neither of these are true for audit annotations set via AddAuditAnnotation. // // for audit annotations, the assumption is that for some period of time (cache TTL), // all requests with the same API audiences and the same bearer token result in the // same annotations. This may not be true if the authenticator sets an annotation // based on the current time, but that may be okay since cache TTLs are generally // small (seconds).
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 9.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go
return &authenticator.Response{ User: &user.DefaultInfo{ Name: "system:unsecured", Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated}, }, Audiences: auds, }, true, nil
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 27 15:58:45 UTC 2021 - 3.2K bytes - Viewed (0) -
pkg/registry/authentication/rest/storage_authentication.go
"k8s.io/kubernetes/pkg/registry/authentication/tokenreview" ) type RESTStorageProvider struct { Authenticator authenticator.Request APIAudiences authenticator.Audiences } func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 02 12:50:40 UTC 2023 - 4.4K bytes - Viewed (0) -
pkg/kubeapiserver/options/authentication.go
if o == nil { return } fs.StringSliceVar(&o.APIAudiences, "api-audiences", o.APIAudiences, ""+ "Identifiers of the API. The service account token authenticator will validate that "+ "tokens used against the API are bound to at least one of these audiences. If the "+ "--service-account-issuer flag is configured and this flag is not, this field "+
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 22:40:22 UTC 2024 - 32.4K bytes - Viewed (0) -
pkg/apis/storage/validation/validation.go
audience := tokenRequest.Audience if _, ok := audiences[audience]; ok { allErrs = append(allErrs, field.Duplicate(path.Child("audience"), audience)) continue } audiences[audience] = true if tokenRequest.ExpirationSeconds == nil { continue } if *tokenRequest.ExpirationSeconds < int64(min.Seconds()) {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 28 00:47:13 UTC 2024 - 25.5K bytes - Viewed (0)