Authority(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Attributes
Name
Description
issuer
str
Optional. A JSON Web Token (JWT) issuer URI.
issuer
must
start with https://
and be a valid URL with length <2000 characters.="" if="" set,="" then="" google="" will="" allow="" valid="" oidc="" tokens="" from="" this="" issuer="" to="" authenticate="" within="" the="" workload_identity_pool.="" oidc="" discovery="" will="" be="" performed="" on="" this="" uri="" to="" validate="" tokens="" from="" the="" issuer.="" clearing=""> issuer
disables Workload Identity. issuer
cannot be directly modified; it must be cleared (and
Workload Identity disabled) before using a new issuer (and
re-enabling Workload Identity).workload_identity_pool
str
Output only. The name of the workload identity pool in which
issuer
will be recognized.
There is a single Workload Identity Pool per Hub that is
shared between all Memberships that belong to that Hub. For
a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog
, although this is subject to
change in newer versions of this API.identity_provider
str
Output only. An identity provider that reflects the
issuer
in the workload identity pool.oidc_jwks
bytes
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on
issuer
, and instead OIDC tokens will be validated
using this field.