Struct googapis::google::cloud::gkehub::v1alpha2::Authority [−][src]
pub struct Authority {
pub issuer: String,
pub oidc_jwks: Vec<u8>,
pub identity_provider: String,
pub workload_identity_pool: String,
}
Expand description
Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Fields
issuer: String
Optional. A JSON Web Token (JWT) issuer URI. issuer
must start with <https://
> and
be a valid URL with length <2000 characters.
If set, then Google will allow valid OIDC tokens from this issuer to
authenticate within the workload_identity_pool. OIDC discovery will be
performed on this URI to validate tokens from the issuer, unless
oidc_jwks
is set.
Clearing issuer
disables Workload Identity. issuer
cannot be directly
modified; it must be cleared (and Workload Identity disabled) before using
a new issuer (and re-enabling Workload Identity).
oidc_jwks: Vec<u8>
Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
When this field is set, OIDC discovery will NOT be performed on issuer
,
and instead OIDC tokens will be validated using this field.
identity_provider: String
Output only. An identity provider that reflects the issuer
in the workload identity
pool.
workload_identity_pool: String
Output only. The name of the workload identity pool in which issuer
will be
recognized.
There is a single Workload Identity Pool per Hub that is shared
between all Memberships that belong to that Hub. For a Hub hosted in
{PROJECT_ID}, the workload pool format is {PROJECT_ID}.hub.id.goog
,
although this is subject to change in newer versions of this API.
Trait Implementations
fn merge_field<B>(
&mut self,
tag: u32,
wire_type: WireType,
buf: &mut B,
ctx: DecodeContext
) -> Result<(), DecodeError> where
B: Buf,
Returns the encoded length of the message without a length delimiter.
Encodes the message to a buffer. Read more
Encodes the message to a newly allocated buffer.
Encodes the message with a length-delimiter to a buffer. Read more
Encodes the message with a length-delimiter to a newly allocated buffer.
Decodes an instance of the message from a buffer. Read more
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
Decodes a length-delimited instance of the message from the buffer.
Decodes an instance of the message from a buffer, and merges it into self
. Read more
Decodes a length-delimited instance of the message from buffer, and
merges it into self
. Read more
Auto Trait Implementations
impl RefUnwindSafe for Authority
impl UnwindSafe for Authority
Blanket Implementations
Mutably borrows from an owned value. Read more
Wrap the input message T
in a tonic::Request
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more