Reference documentation and code samples for the Anthos Multi-Cloud V1 API class Google::Cloud::GkeMultiCloud::V1::AttachedOidcConfig.
OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the issuer_url
field
while clusters with private issuers need to provide both
issuer_url
and oidc_jwks
.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#issuer_url
def issuer_url() -> ::String
-
(::String) — A JSON Web Token (JWT) issuer URI.
issuer
must start withhttps://
.
#issuer_url=
def issuer_url=(value) -> ::String
-
value (::String) — A JSON Web Token (JWT) issuer URI.
issuer
must start withhttps://
.
-
(::String) — A JSON Web Token (JWT) issuer URI.
issuer
must start withhttps://
.
#jwks
def jwks() -> ::String
-
(::String) — Optional. OIDC verification keys in JWKS format (RFC 7517).
It contains a list of OIDC verification keys that can be used to verify
OIDC JWTs.
This field is required for cluster that doesn't have a publicly available discovery endpoint. When provided, it will be directly used to verify the OIDC JWT asserted by the IDP.
#jwks=
def jwks=(value) -> ::String
-
value (::String) — Optional. OIDC verification keys in JWKS format (RFC 7517).
It contains a list of OIDC verification keys that can be used to verify
OIDC JWTs.
This field is required for cluster that doesn't have a publicly available discovery endpoint. When provided, it will be directly used to verify the OIDC JWT asserted by the IDP.
-
(::String) — Optional. OIDC verification keys in JWKS format (RFC 7517).
It contains a list of OIDC verification keys that can be used to verify
OIDC JWTs.
This field is required for cluster that doesn't have a publicly available discovery endpoint. When provided, it will be directly used to verify the OIDC JWT asserted by the IDP.