Class: Google::Apis::GkehubV1beta1::Authority

Inherits:

Object

• Object
• Google::Apis::GkehubV1beta1::Authority

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/gkehub_v1beta1/classes.rb,
lib/google/apis/gkehub_v1beta1/representations.rb,
lib/google/apis/gkehub_v1beta1/representations.rb

Overview

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google. com/kubernetes-engine/docs/how-to/workload-identity

Instance Attribute Summary

• #identity_provider ⇒ String

  Output only.

• #issuer ⇒ String

  Optional.

• #oidc_jwks ⇒ String

  Optional.

• #scope_tenancy_identity_provider ⇒ String

  Optional.

• #scope_tenancy_workload_identity_pool ⇒ String

  Optional.

• #workload_identity_pool ⇒ String

  Output only.

Instance Method Summary

• #initialize(**args) ⇒ Authority constructor

  A new instance of Authority.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ Authority

Returns a new instance of Authority.

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 170

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#identity_provider ⇒ String

Output only. An identity provider that reflects the issuer in the workload identity pool. Corresponds to the JSON property identityProvider

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 127

def identity_provider
  @identity_provider
end

#issuer ⇒ String

Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity). Corresponds to the JSON property issuer

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 139

def issuer
  @issuer
end

#oidc_jwks ⇒ String

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field. Corresponds to the JSON property oidcJwks NOTE: Values are automatically base64 encoded/decoded in the client library.

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 147

def oidc_jwks
  @oidc_jwks
end

#scope_tenancy_identity_provider ⇒ String

Optional. Output only. The identity provider for the scope-tenancy workload identity pool. Corresponds to the JSON property scopeTenancyIdentityProvider

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 153

def scope_tenancy_identity_provider
  @scope_tenancy_identity_provider
end

#scope_tenancy_workload_identity_pool ⇒ String

Optional. Output only. The name of the scope-tenancy workload identity pool. This pool is set in the fleet-level feature. Corresponds to the JSON property scopeTenancyWorkloadIdentityPool

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 159

def scope_tenancy_workload_identity_pool
  @scope_tenancy_workload_identity_pool
end

#workload_identity_pool ⇒ String

Output only. The name of the workload identity pool in which issuer will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in PROJECT_ID, the workload pool format is `PROJECT_ID.hub.id.goog, although this is subject to change in newer versions of this API. Corresponds to the JSON propertyworkloadIdentityPool`

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 168

def workload_identity_pool
  @workload_identity_pool
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/gkehub_v1beta1/classes.rb', line 175

def update!(**args)
  @identity_provider = args[:identity_provider] if args.key?(:identity_provider)
  @issuer = args[:issuer] if args.key?(:issuer)
  @oidc_jwks = args[:oidc_jwks] if args.key?(:oidc_jwks)
  @scope_tenancy_identity_provider = args[:scope_tenancy_identity_provider] if args.key?(:scope_tenancy_identity_provider)
  @scope_tenancy_workload_identity_pool = args[:scope_tenancy_workload_identity_pool] if args.key?(:scope_tenancy_workload_identity_pool)
  @workload_identity_pool = args[:workload_identity_pool] if args.key?(:workload_identity_pool)
end