public interface AuthorityOrBuilder
extends com.google.protobuf.MessageOrBuilder
| Modifier and Type | Method and Description |
|---|---|
String |
getIdentityProvider()
Output only.
|
com.google.protobuf.ByteString |
getIdentityProviderBytes()
Output only.
|
String |
getIssuer()
Optional.
|
com.google.protobuf.ByteString |
getIssuerBytes()
Optional.
|
com.google.protobuf.ByteString |
getOidcJwks()
Optional.
|
String |
getWorkloadIdentityPool()
Output only.
|
com.google.protobuf.ByteString |
getWorkloadIdentityPoolBytes()
Output only.
|
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneofString getIssuer()
Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).
string issuer = 1 [(.google.api.field_behavior) = OPTIONAL];com.google.protobuf.ByteString getIssuerBytes()
Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).
string issuer = 1 [(.google.api.field_behavior) = OPTIONAL];String getWorkloadIdentityPool()
Output only. The name of the workload identity pool in which `issuer` will
be recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
although this is subject to change in newer versions of this API.
string workload_identity_pool = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];com.google.protobuf.ByteString getWorkloadIdentityPoolBytes()
Output only. The name of the workload identity pool in which `issuer` will
be recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
although this is subject to change in newer versions of this API.
string workload_identity_pool = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];String getIdentityProvider()
Output only. An identity provider that reflects the `issuer` in the workload identity pool.
string identity_provider = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];com.google.protobuf.ByteString getIdentityProviderBytes()
Output only. An identity provider that reflects the `issuer` in the workload identity pool.
string identity_provider = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];com.google.protobuf.ByteString getOidcJwks()
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on `issuer`, and instead OIDC tokens will be validated using this field.
bytes oidc_jwks = 4 [(.google.api.field_behavior) = OPTIONAL];Copyright © 2025 Google LLC. All rights reserved.