pulumi-google-native-kotlin/com.pulumi.googlenative.gkehub.v1alpha.kotlin.inputs/AuthorityArgs

AuthorityArgs

data class AuthorityArgs(val issuer: Output<String>? = null, val oidcJwks: Output<String>? = null) : ConvertibleToJava<AuthorityArgs>

Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Constructors

Link copied to clipboard
fun AuthorityArgs(issuer: Output<String>? = null, oidcJwks: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): AuthorityArgs

Properties

Link copied to clipboard
val issuer: Output<String>? = null

Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).

Link copied to clipboard
val oidcJwks: Output<String>? = null

Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.