Reference documentation and code samples for the Google Cloud Gke Hub V1 Client class Authority.
Authority encodes how Google will recognize identities from this Membership.
See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Generated from protobuf message google.cloud.gkehub.v1.Authority
Methods
__construct
Constructor.
Parameters | |
---|---|
Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ issuer |
string
Optional. A JSON Web Token (JWT) issuer URI. |
↳ workload_identity_pool |
string
Output only. The name of the workload identity pool in which |
↳ identity_provider |
string
Output only. An identity provider that reflects the |
↳ oidc_jwks |
string
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on |
getIssuer
Optional. A JSON Web Token (JWT) issuer URI. issuer
must start with
https://
and be a valid URL with length <2000 characters.
If set, then Google will allow valid OIDC tokens from this issuer to
authenticate within the workload_identity_pool. OIDC discovery will be
performed on this URI to validate tokens from the issuer.
Clearing issuer
disables Workload Identity. issuer
cannot be directly
modified; it must be cleared (and Workload Identity disabled) before using
a new issuer (and re-enabling Workload Identity).
Returns | |
---|---|
Type | Description |
string |
setIssuer
Optional. A JSON Web Token (JWT) issuer URI. issuer
must start with
https://
and be a valid URL with length <2000 characters.
If set, then Google will allow valid OIDC tokens from this issuer to
authenticate within the workload_identity_pool. OIDC discovery will be
performed on this URI to validate tokens from the issuer.
Clearing issuer
disables Workload Identity. issuer
cannot be directly
modified; it must be cleared (and Workload Identity disabled) before using
a new issuer (and re-enabling Workload Identity).
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getWorkloadIdentityPool
Output only. The name of the workload identity pool in which issuer
will
be recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog
,
although this is subject to change in newer versions of this API.
Returns | |
---|---|
Type | Description |
string |
setWorkloadIdentityPool
Output only. The name of the workload identity pool in which issuer
will
be recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog
,
although this is subject to change in newer versions of this API.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getIdentityProvider
Output only. An identity provider that reflects the issuer
in the
workload identity pool.
Returns | |
---|---|
Type | Description |
string |
setIdentityProvider
Output only. An identity provider that reflects the issuer
in the
workload identity pool.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getOidcJwks
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
When this field is set, OIDC discovery will NOT be performed on issuer
,
and instead OIDC tokens will be validated using this field.
Returns | |
---|---|
Type | Description |
string |
setOidcJwks
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
When this field is set, OIDC discovery will NOT be performed on issuer
,
and instead OIDC tokens will be validated using this field.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |