str
Optional. A JSON Web Token (JWT) issuer URI. issuer must
start with https:// and be a valid URL with length <2000 characters.="" if="" set,="" then="" google="" will="" allow="" valid="" oidc="" tokens="" from="" this="" issuer="" to="" authenticate="" within="" the="" workload_identity_pool.="" oidc="" discovery="" will="" be="" performed="" on="" this="" uri="" to="" validate="" tokens="" from="" the="" issuer.="" clearing="">issuer disables Workload Identity. issuer
cannot be directly modified; it must be cleared (and
Workload Identity disabled) before using a new issuer (and
re-enabling Workload Identity).
workload_identity_pool
str
Output only. The name of the workload identity pool in which
issuer will be recognized.
There is a single Workload Identity Pool per Hub that is
shared between all Memberships that belong to that Hub. For
a Hub hosted in {PROJECT_ID}, the workload pool format is
{PROJECT_ID}.hub.id.goog, although this is subject to
change in newer versions of this API.
identity_provider
str
Output only. An identity provider that reflects the
issuer in the workload identity pool.
oidc_jwks
bytes
Optional. OIDC verification keys for this Membership in JWKS
format (RFC 7517).
When this field is set, OIDC discovery will NOT be performed
on issuer, and instead OIDC tokens will be validated
using this field.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Class Authority (1.17.3)\n\nVersion latestkeyboard_arrow_down\n\n- [1.17.3 (latest)](/python/docs/reference/gkehub/latest/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.17.1](/python/docs/reference/gkehub/1.17.1/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.16.0](/python/docs/reference/gkehub/1.16.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.15.1](/python/docs/reference/gkehub/1.15.1/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.14.2](/python/docs/reference/gkehub/1.14.2/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.13.1](/python/docs/reference/gkehub/1.13.1/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.12.1](/python/docs/reference/gkehub/1.12.1/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.11.0](/python/docs/reference/gkehub/1.11.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.10.2](/python/docs/reference/gkehub/1.10.2/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.9.0](/python/docs/reference/gkehub/1.9.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.8.1](/python/docs/reference/gkehub/1.8.1/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.7.1](/python/docs/reference/gkehub/1.7.1/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.6.0](/python/docs/reference/gkehub/1.6.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.5.3](/python/docs/reference/gkehub/1.5.3/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.4.3](/python/docs/reference/gkehub/1.4.3/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.3.0](/python/docs/reference/gkehub/1.3.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.2.0](/python/docs/reference/gkehub/1.2.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.1.0](/python/docs/reference/gkehub/1.1.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [1.0.0](/python/docs/reference/gkehub/1.0.0/google.cloud.gkehub_v1beta1.types.Authority)\n- [0.2.2](/python/docs/reference/gkehub/0.2.2/google.cloud.gkehub_v1beta1.types.Authority)\n- [0.1.2](/python/docs/reference/gkehub/0.1.2/google.cloud.gkehub_v1beta1.types.Authority) \n\n Authority(mapping=None, *, ignore_unknown_fields=False, **kwargs)\n\nAuthority encodes how Google will recognize identities from\nthis Membership. See the workload identity documentation for\nmore details:\n\n\u003chttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\u003e"]]