Authority(mapping=None, *, ignore_unknown_fields=False, **kwargs)Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Attributes | |
|---|---|
| Name | Description |
issuer |
str
Optional. A JSON Web Token (JWT) issuer URI. issuer must
start with https:// and be a valid URL with length <2000 characters.="" if="" set,="" then="" google="" will="" allow="" valid="" oidc="" tokens="" from="" this="" issuer="" to="" authenticate="" within="" the="" workload_identity_pool.="" oidc="" discovery="" will="" be="" performed="" on="" this="" uri="" to="" validate="" tokens="" from="" the="" issuer.="" clearing="">issuer disables Workload Identity. issuer
cannot be directly modified; it must be cleared (and
Workload Identity disabled) before using a new issuer (and
re-enabling Workload Identity).
|
workload_identity_pool |
str
Output only. The name of the workload identity pool in which issuer will be recognized.
There is a single Workload Identity Pool per Hub that is
shared between all Memberships that belong to that Hub. For
a Hub hosted in {PROJECT_ID}, the workload pool format is
{PROJECT_ID}.hub.id.goog, although this is subject to
change in newer versions of this API.
|
identity_provider |
str
Output only. An identity provider that reflects the issuer in the workload identity pool.
|
oidc_jwks |
bytes
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated
using this field.
|