Class Authority
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Implements
Inherited Members
Namespace: Google.Apis.GKEHub.v1beta.Data
Assembly: Google.Apis.GKEHub.v1beta.dll
Syntax
public class Authority : IDirectResponseSchema
Properties
ETag
The ETag of the item.
Declaration
public virtual string ETag { get; set; }
Property Value
Type | Description |
---|---|
string |
IdentityProvider
Output only. An identity provider that reflects the issuer
in the workload identity pool.
Declaration
[JsonProperty("identityProvider")]
public virtual string IdentityProvider { get; set; }
Property Value
Type | Description |
---|---|
string |
Issuer
Optional. A JSON Web Token (JWT) issuer URI. issuer
must start with https://
and be a valid URL with
length <2000 characters, it must use location
rather than zone
for GKE clusters. If set, then
Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC
discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer
disables
Workload Identity. issuer
cannot be directly modified; it must be cleared (and Workload Identity disabled)
before using a new issuer (and re-enabling Workload Identity).
Declaration
[JsonProperty("issuer")]
public virtual string Issuer { get; set; }
Property Value
Type | Description |
---|---|
string |
OidcJwks
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC
discovery will NOT be performed on issuer
, and instead OIDC tokens will be validated using this field.
Declaration
[JsonProperty("oidcJwks")]
public virtual string OidcJwks { get; set; }
Property Value
Type | Description |
---|---|
string |
ScopeTenancyIdentityProvider
Optional. Output only. The identity provider for the scope-tenancy workload identity pool.
Declaration
[JsonProperty("scopeTenancyIdentityProvider")]
public virtual string ScopeTenancyIdentityProvider { get; set; }
Property Value
Type | Description |
---|---|
string |
ScopeTenancyWorkloadIdentityPool
Optional. Output only. The name of the scope-tenancy workload identity pool. This pool is set in the fleet-level feature.
Declaration
[JsonProperty("scopeTenancyWorkloadIdentityPool")]
public virtual string ScopeTenancyWorkloadIdentityPool { get; set; }
Property Value
Type | Description |
---|---|
string |
WorkloadIdentityPool
Output only. The name of the workload identity pool in which issuer
will be recognized. There is a single
Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub
hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog
, although this is subject to
change in newer versions of this API.
Declaration
[JsonProperty("workloadIdentityPool")]
public virtual string WorkloadIdentityPool { get; set; }
Property Value
Type | Description |
---|---|
string |