Authority Response
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Constructors
Types
Properties
Optional. A JSON Web Token (JWT) issuer URI. issuer
must start with https://
and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer, unless oidc_jwks
is set. Clearing issuer
disables Workload Identity. issuer
cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).
The name of the workload identity pool in which issuer
will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog
, although this is subject to change in newer versions of this API.