Generated from protobuf message google.cloud.gkehub.v1.Authority
Namespace
Google \ Cloud \ GkeHub \ V1
Methods
__construct
Constructor.
Parameters
Name
Description
data
array
Optional. Data for populating the Message object.
↳ issuer
string
Optional. A JSON Web Token (JWT) issuer URI. issuer must start with https:// and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing issuer disables Workload Identity. issuer cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).
↳ workload_identity_pool
string
Output only. The name of the workload identity pool in which issuer will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog, although this is subject to change in newer versions of this API.
↳ identity_provider
string
Output only. An identity provider that reflects the issuer in the workload identity pool.
↳ oidc_jwks
string
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on issuer, and instead OIDC tokens will be validated using this field.
getIssuer
Optional. A JSON Web Token (JWT) issuer URI. issuer must start with
https:// and be a valid URL with length <2000 characters.
If set, then Google will allow valid OIDC tokens from this issuer to
authenticate within the workload_identity_pool. OIDC discovery will be
performed on this URI to validate tokens from the issuer.
Clearing issuer disables Workload Identity. issuer cannot be directly
modified; it must be cleared (and Workload Identity disabled) before using
a new issuer (and re-enabling Workload Identity).
Returns
Type
Description
string
setIssuer
Optional. A JSON Web Token (JWT) issuer URI. issuer must start with
https:// and be a valid URL with length <2000 characters.
If set, then Google will allow valid OIDC tokens from this issuer to
authenticate within the workload_identity_pool. OIDC discovery will be
performed on this URI to validate tokens from the issuer.
Clearing issuer disables Workload Identity. issuer cannot be directly
modified; it must be cleared (and Workload Identity disabled) before using
a new issuer (and re-enabling Workload Identity).
Parameter
Name
Description
var
string
Returns
Type
Description
$this
getWorkloadIdentityPool
Output only. The name of the workload identity pool in which issuer will
be recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog,
although this is subject to change in newer versions of this API.
Returns
Type
Description
string
setWorkloadIdentityPool
Output only. The name of the workload identity pool in which issuer will
be recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog,
although this is subject to change in newer versions of this API.
Parameter
Name
Description
var
string
Returns
Type
Description
$this
getIdentityProvider
Output only. An identity provider that reflects the issuer in the
workload identity pool.
Returns
Type
Description
string
setIdentityProvider
Output only. An identity provider that reflects the issuer in the
workload identity pool.
Parameter
Name
Description
var
string
Returns
Type
Description
$this
getOidcJwks
Optional. OIDC verification keys for this Membership in JWKS format (RFC
7517).
When this field is set, OIDC discovery will NOT be performed on issuer,
and instead OIDC tokens will be validated using this field.
Returns
Type
Description
string
setOidcJwks
Optional. OIDC verification keys for this Membership in JWKS format (RFC
7517).
When this field is set, OIDC discovery will NOT be performed on issuer,
and instead OIDC tokens will be validated using this field.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Google Cloud Gke Hub V1 Client - Class Authority (1.0.6)\n\nVersion latestkeyboard_arrow_down\n\n- [1.0.6 (latest)](/php/docs/reference/cloud-gke-hub/latest/V1.Authority)\n- [1.0.5](/php/docs/reference/cloud-gke-hub/1.0.5/V1.Authority)\n- [0.10.0](/php/docs/reference/cloud-gke-hub/0.10.0/V1.Authority)\n- [0.9.5](/php/docs/reference/cloud-gke-hub/0.9.5/V1.Authority)\n- [0.8.2](/php/docs/reference/cloud-gke-hub/0.8.2/V1.Authority)\n- [0.7.1](/php/docs/reference/cloud-gke-hub/0.7.1/V1.Authority)\n- [0.6.3](/php/docs/reference/cloud-gke-hub/0.6.3/V1.Authority)\n- [0.5.6](/php/docs/reference/cloud-gke-hub/0.5.6/V1.Authority) \nReference documentation and code samples for the Google Cloud Gke Hub V1 Client class Authority.\n\nAuthority encodes how Google will recognize identities from this Membership.\n\nSee the workload identity documentation for more details:\n\u003chttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\u003e\n\nGenerated from protobuf message `google.cloud.gkehub.v1.Authority`\n\nNamespace\n---------\n\nGoogle \\\\ Cloud \\\\ GkeHub \\\\ V1\n\nMethods\n-------\n\n### __construct\n\nConstructor.\n\n### getIssuer\n\nOptional. A JSON Web Token (JWT) issuer URI. `issuer` must start with\n`https://` and be a valid URL with length \\\u003c2000 characters.\n\nIf set, then Google will allow valid OIDC tokens from this issuer to\nauthenticate within the workload_identity_pool. OIDC discovery will be\nperformed on this URI to validate tokens from the issuer.\nClearing `issuer` disables Workload Identity. `issuer` cannot be directly\nmodified; it must be cleared (and Workload Identity disabled) before using\na new issuer (and re-enabling Workload Identity).\n\n### setIssuer\n\nOptional. A JSON Web Token (JWT) issuer URI. `issuer` must start with\n`https://` and be a valid URL with length \\\u003c2000 characters.\n\nIf set, then Google will allow valid OIDC tokens from this issuer to\nauthenticate within the workload_identity_pool. OIDC discovery will be\nperformed on this URI to validate tokens from the issuer.\nClearing `issuer` disables Workload Identity. `issuer` cannot be directly\nmodified; it must be cleared (and Workload Identity disabled) before using\na new issuer (and re-enabling Workload Identity).\n\n### getWorkloadIdentityPool\n\nOutput only. The name of the workload identity pool in which `issuer` will\nbe recognized.\n\nThere is a single Workload Identity Pool per Hub that is shared\nbetween all Memberships that belong to that Hub. For a Hub hosted in\n{PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,\nalthough this is subject to change in newer versions of this API.\n\n### setWorkloadIdentityPool\n\nOutput only. The name of the workload identity pool in which `issuer` will\nbe recognized.\n\nThere is a single Workload Identity Pool per Hub that is shared\nbetween all Memberships that belong to that Hub. For a Hub hosted in\n{PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,\nalthough this is subject to change in newer versions of this API.\n\n### getIdentityProvider\n\nOutput only. An identity provider that reflects the `issuer` in the\nworkload identity pool.\n\n### setIdentityProvider\n\nOutput only. An identity provider that reflects the `issuer` in the\nworkload identity pool.\n\n### getOidcJwks\n\nOptional. OIDC verification keys for this Membership in JWKS format (RFC\n7517).\n\nWhen this field is set, OIDC discovery will NOT be performed on `issuer`,\nand instead OIDC tokens will be validated using this field.\n\n### setOidcJwks\n\nOptional. OIDC verification keys for this Membership in JWKS format (RFC\n7517).\n\nWhen this field is set, OIDC discovery will NOT be performed on `issuer`,\nand instead OIDC tokens will be validated using this field."]]
