Google Cloud Gke Hub V1beta1 Client - Class Authority (0.7.1)

Reference documentation and code samples for the Google Cloud Gke Hub V1beta1 Client class Authority.

Authority encodes how Google will recognize identities from this Membership.

See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Generated from protobuf message google.cloud.gkehub.v1beta1.Authority

Namespace

Google \ Cloud \ GkeHub \ V1beta1

Methods

__construct

Constructor.

Parameters
NameDescription
data array

Optional. Data for populating the Message object.

↳ issuer string

Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).

↳ workload_identity_pool string

Output only. The name of the workload identity pool in which issuer will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog, although this is subject to change in newer versions of this API.

↳ identity_provider string

Output only. An identity provider that reflects the issuer in the workload identity pool.

↳ oidc_jwks string

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.

getIssuer

Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters.

If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).

Returns
TypeDescription
string

setIssuer

Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters.

If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getWorkloadIdentityPool

Output only. The name of the workload identity pool in which issuer will be recognized.

There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog, although this is subject to change in newer versions of this API.

Returns
TypeDescription
string

setWorkloadIdentityPool

Output only. The name of the workload identity pool in which issuer will be recognized.

There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog, although this is subject to change in newer versions of this API.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getIdentityProvider

Output only. An identity provider that reflects the issuer in the workload identity pool.

Returns
TypeDescription
string

setIdentityProvider

Output only. An identity provider that reflects the issuer in the workload identity pool.

Parameter
NameDescription
var string
Returns
TypeDescription
$this

getOidcJwks

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).

When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.

Returns
TypeDescription
string

setOidcJwks

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).

When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.

Parameter
NameDescription
var string
Returns
TypeDescription
$this