Package com.google.cloud.gkehub.v1

Interface AuthorityOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    Authority, Authority.Builder
    public interface AuthorityOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Detail

      • getIssuer

        String getIssuer()
         Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with
 `https://` and be a valid URL with length <2000 characters.

 If set, then Google will allow valid OIDC tokens from this issuer to
 authenticate within the workload_identity_pool. OIDC discovery will be
 performed on this URI to validate tokens from the issuer.

 Clearing `issuer` disables Workload Identity. `issuer` cannot be directly
 modified; it must be cleared (and Workload Identity disabled) before using
 a new issuer (and re-enabling Workload Identity).
        string issuer = 1 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The issuer.

      • getIssuerBytes

        com.google.protobuf.ByteString getIssuerBytes()
         Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with
 `https://` and be a valid URL with length <2000 characters.

 If set, then Google will allow valid OIDC tokens from this issuer to
 authenticate within the workload_identity_pool. OIDC discovery will be
 performed on this URI to validate tokens from the issuer.

 Clearing `issuer` disables Workload Identity. `issuer` cannot be directly
 modified; it must be cleared (and Workload Identity disabled) before using
 a new issuer (and re-enabling Workload Identity).
        string issuer = 1 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The bytes for issuer.

      • getWorkloadIdentityPool

        String getWorkloadIdentityPool()
         Output only. The name of the workload identity pool in which `issuer` will
 be recognized.

 There is a single Workload Identity Pool per Hub that is shared
 between all Memberships that belong to that Hub. For a Hub hosted in
 {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
 although this is subject to change in newer versions of this API.
        string workload_identity_pool = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The workloadIdentityPool.

      • getWorkloadIdentityPoolBytes

        com.google.protobuf.ByteString getWorkloadIdentityPoolBytes()
         Output only. The name of the workload identity pool in which `issuer` will
 be recognized.

 There is a single Workload Identity Pool per Hub that is shared
 between all Memberships that belong to that Hub. For a Hub hosted in
 {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
 although this is subject to change in newer versions of this API.
        string workload_identity_pool = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The bytes for workloadIdentityPool.

      • getIdentityProvider

        String getIdentityProvider()
         Output only. An identity provider that reflects the `issuer` in the
 workload identity pool.
        string identity_provider = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The identityProvider.

      • getIdentityProviderBytes

        com.google.protobuf.ByteString getIdentityProviderBytes()
         Output only. An identity provider that reflects the `issuer` in the
 workload identity pool.
        string identity_provider = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The bytes for identityProvider.

      • getOidcJwks

        com.google.protobuf.ByteString getOidcJwks()
         Optional. OIDC verification keys for this Membership in JWKS format (RFC
 7517).

 When this field is set, OIDC discovery will NOT be performed on `issuer`,
 and instead OIDC tokens will be validated using this field.
        bytes oidc_jwks = 4 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The oidcJwks.