pulumi-gcp-kotlin/com.pulumi.gcp.iam.kotlin.outputs/GetWorkloadIdentityPoolProviderOidc

GetWorkloadIdentityPoolProviderOidc

data class GetWorkloadIdentityPoolProviderOidc(val allowedAudiences: List<String>, val issuerUri: String, val jwksJson: String)

Constructors

Link copied to clipboard
constructor(allowedAudiences: List<String>, issuerUri: String, jwksJson: String)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val allowedAudiences: List<String>

Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

Link copied to clipboard
val issuerUri: String

The OIDC issuer URL.

Link copied to clipboard
val jwksJson: String

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } } '''