Index
MembershipSpec(message)MembershipSpec.AuthMethod(message)MembershipSpec.AuthMethod.AzureADConfig(message)MembershipSpec.AuthMethod.GoogleConfig(message)MembershipSpec.AuthMethod.OidcConfig(message)MembershipState(message)MembershipState.DeploymentState(enum)
MembershipSpec
Anthos Identity Service: Configuration for a single Membership.
| Fields | |
|---|---|
auth_methods[] |
A member may support multiple auth methods. |
AuthMethod
Configuration of an auth method for a member/cluster. Only one authentication method (e.g., OIDC and LDAP) can be set per AuthMethod.
| Fields | |
|---|---|
name |
Identifier for auth config. |
proxy |
Proxy server address to use for auth method. |
Union field auth_config. supported auth configurations. auth_config can be only one of the following: |
|
oidc_config |
OIDC specific configuration. |
azuread_config |
AzureAD specific Configuration. |
google_config |
GoogleConfig specific configuration. |
AzureADConfig
Configuration for the AzureAD Auth flow.
| Fields | |
|---|---|
client_id |
ID for the registered client application that makes authentication requests to the Azure AD identity provider. |
tenant |
Kind of Azure AD account to be authenticated. Supported values are |
kubectl_redirect_uri |
The redirect URL that kubectl uses for authorization. |
client_secret |
Input only. Unencrypted AzureAD client secret will be passed to the GKE Hub CLH. |
encrypted_client_secret |
Output only. Encrypted AzureAD client secret. |
GoogleConfig
Configuration for the Google Plugin Auth flow.
| Fields | |
|---|---|
disable |
Disable automatic configuration of Google Plugin on supported platforms. |
OidcConfig
Configuration for OIDC Auth flow.
| Fields | |
|---|---|
client_id |
ID for OIDC client application. |
certificate_authority_data |
PEM-encoded CA for OIDC provider. |
issuer_uri |
URI for the OIDC provider. This should point to the level below .well-known/openid-configuration. |
kubectl_redirect_uri |
Registered redirect uri to redirect users going through OAuth flow using kubectl plugin. |
scopes |
Comma-separated list of identifiers. |
extra_params |
Comma-separated list of key-value pairs. |
user_claim |
Claim in OIDC ID token that holds username. |
user_prefix |
Prefix to prepend to user name. |
groups_claim |
Claim in OIDC ID token that holds group information. |
group_prefix |
Prefix to prepend to group name. |
deploy_cloud_console_proxy |
Flag to denote if reverse proxy is used to connect to auth provider. This flag should be set to true when provider is not reachable by Google Cloud Console. |
client_secret |
Input only. Unencrypted OIDC client secret will be passed to the GKE Hub CLH. |
encrypted_client_secret |
Output only. Encrypted OIDC Client secret |
enable_access_token |
Enable access token. |
MembershipState
Anthos Identity Service: State for a single Membership.
| Fields | |
|---|---|
installed_version |
Installed AIS version. This is the AIS version installed on this member. The values makes sense iff state is OK. |
state |
Deployment state on this member |
failure_reason |
The reason of the failure. |
member_config |
Last reconciled membership configuration |
DeploymentState
Deployment state enum
| Enums | |
|---|---|
DEPLOYMENT_STATE_UNSPECIFIED |
Unspecified state |
OK |
deployment succeeds |
ERROR |
Failure with error. |