class Google::Apis::GkehubV1beta1::Authority

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: cloud.google. com/kubernetes-engine/docs/how-to/workload-identity

Attributes

identity_provider[RW]

Output only. An identity provider that reflects the `issuer` in the workload identity pool. Corresponds to the JSON property `identityProvider` @return [String]

issuer[RW]

Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https:// ` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity). Corresponds to the JSON property `issuer` @return [String]

oidc_jwks[RW]

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on `issuer`, and instead OIDC tokens will be validated using this field. Corresponds to the JSON property `oidcJwks` NOTE: Values are automatically base64 encoded/decoded in the client library. @return [String]

workload_identity_pool[RW]

Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in ` PROJECT_ID`, the workload pool format is “PROJECT_ID`.hub.id.goog`, although this is subject to change in newer versions of this API. Corresponds to the JSON property `workloadIdentityPool` @return [String]

Public Class Methods

new(**args) click to toggle source
# File lib/google/apis/gkehub_v1beta1/classes.rb, line 137
def initialize(**args)
   update!(**args)
end

Public Instance Methods

update!(**args) click to toggle source

Update properties of this object

# File lib/google/apis/gkehub_v1beta1/classes.rb, line 142
def update!(**args)
  @identity_provider = args[:identity_provider] if args.key?(:identity_provider)
  @issuer = args[:issuer] if args.key?(:issuer)
  @oidc_jwks = args[:oidc_jwks] if args.key?(:oidc_jwks)
  @workload_identity_pool = args[:workload_identity_pool] if args.key?(:workload_identity_pool)
end