Class Authority

Authority(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Attributes

NameDescription
issuer str
Optional. A JSON Web Token (JWT) issuer URI. ``issuer`` must start with ``https://`` and be a valid URL with length <2000 characters.="" if="" set,="" then="" google="" will="" allow="" valid="" oidc="" tokens="" from="" this="" issuer="" to="" authenticate="" within="" the="" workload_identity_pool.="" oidc="" discovery="" will="" be="" performed="" on="" this="" uri="" to="" validate="" tokens="" from="" the="" issuer.="" clearing="" ``issuer``="" disables="" workload="" identity.="" ``issuer``="" cannot="" be="" directly="" modified;="" it="" must="" be="" cleared="" (and="" workload="" identity="" disabled)="" before="" using="" a="" new="" issuer="" (and="" re-enabling="" workload="" identity).="">
workload_identity_pool str
Output only. The name of the workload identity pool in which ``issuer`` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is ``{PROJECT_ID}.hub.id.goog``, although this is subject to change in newer versions of this API.
identity_provider str
Output only. An identity provider that reflects the ``issuer`` in the workload identity pool.
oidc_jwks bytes
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on ``issuer``, and instead OIDC tokens will be validated using this field.

Inheritance

builtins.object > proto.message.Message > Authority