Class Authority (1.7.1)

Stay organized with collections Save and categorize content based on your preferences.
Authority(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Attributes

NameDescription
issuer str
Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters.="" if="" set,="" then="" google="" will="" allow="" valid="" oidc="" tokens="" from="" this="" issuer="" to="" authenticate="" within="" the="" workload_identity_pool.="" oidc="" discovery="" will="" be="" performed="" on="" this="" uri="" to="" validate="" tokens="" from="" the="" issuer.="" clearing="">issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).
workload_identity_pool str
Output only. The name of the workload identity pool in which issuer will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog, although this is subject to change in newer versions of this API.
identity_provider str
Output only. An identity provider that reflects the issuer in the workload identity pool.
oidc_jwks bytes
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.