* `kubectl create rolebinding` and `kubectl create clusterrolebinding` invocations must be updated to  specify multiple subjects as repeated  `--user`, `--group`, or `--serviceaccount` arguments instead of comma-separated arguments to a single `--user`, `--group`, or `--serviceaccount`.  E.g. `--user=x,y` must become `--user x --user y`  ([#43903](https://github.com/kubernetes/kubernetes/pull/43903), [@xilabao](https://github.com/xilabao))


### kubeadm

///

La variable `oauth2_scheme` es una instance de `OAuth2PasswordBearer`, pero también es un "callable".

Podría ser llamada como:

```Python
oauth2_scheme(some, parameters)
```

Así que, puede usarse con `Depends`.

### Úsalo { #use-it }

Ahora puedes pasar ese `oauth2_scheme` en una dependencia con `Depends`.

{* ../../docs_src/security/tutorial001_an_py310.py hl[12] *}

					</p>
				</a>
				<ul class="nav nav-treeview">
					<c:if test="${fe:permission('admin-user-view')}">
					<li class="nav-item">
						<a href="${fe:url('/admin/user/')}" class="nav-link <c:if test="${param.menuType=='user'}">active</c:if>" <c:if test="${param.menuType=='user'}">aria-current="page"</c:if>>
							<i class='fa fa-user nav-icon' aria-hidden="true"></i>
							<p><la:message key="labels.menu_user" /></p>

         *   of our TypeVariable implementation.
         *
         * - Under Android, it does.
         *
         * We want users to see the same behavior when they compare a built-in TypeVariable against
         * ours as they do when they perform the same comparison in reverse. To provide that

* [beta] SelfSubjectRulesReview, an API that lets a user see what actions they can perform with a namespace, has been added to the authorization.k8s.io API group. This bulk query is intended to enable UIs to show/hide actions based on the end user, and for users to quickly reason about their own permissions.

     *
     * Unfortunately, we don't distinguish between these two cases in our public API: Joiner.on(...)
     * and Joiner.on(...).useForNull(...) both declare the same return type: plain Joiner. To ensure
     * that users *can* pass null arguments to Joiner, we annotate it as if it always tolerates null
     * inputs, rather than as if it never tolerates them.
     *

   *     directly, or use a combination of {@link #throwIfUnchecked} and {@code throw new
   *     RuntimeException(e)}. But consider whether users would be better off if your API threw a
   *     different type of exception. For background on the deprecation, read <a
   *     href="https://github.com/google/guava/wiki/Why-we-deprecated-Throwables.propagate">Why we

 *       collection. Undefined behavior and bugs will result. It's generally best to avoid using
 *       mutable objects as elements at all, as many users may expect your "immutable" object to be
 *       <i>deeply</i> immutable.
 * </ul>
 *
 * <h4>Performance notes</h4>
 *
 * <ul>

用和先前相同的方式授權應用。

使用下列認證資訊：

Username: `johndoe`
Password: `secret`

/// check | 檢查

注意在程式碼中完全沒有明文密碼「`secret`」，我們只有雜湊後的版本。

///

<img src="/img/tutorial/security/image08.png">

呼叫端點 `/users/me/`，你會得到類似這樣的回應：

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

像之前一样进行授权。

使用以下凭证：

用户名: `johndoe`
密码: `secret`

/// check | 检查

注意，代码中的任何地方都没有明文密码 “`secret`”，我们只有它的哈希版本。

///

<img src="/img/tutorial/security/image08.png">

调用 `/users/me/` 端点，你将得到如下响应：

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">