Skip to content

Commit caeee13

Browse files
Google APIscopybara-github
Google APIs
authored and
copybara-github
committed
feat: add optional OIDC JWKs field, add http rules, miscellaneous updates
PiperOrigin-RevId: 357987605
1 parent 8b0cc14 commit caeee13

2 files changed

Lines changed: 49 additions & 1 deletion

File tree

google/cloud/gkehub/v1alpha2/gkehub_v1alpha2.yaml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,12 @@ types:
1111

1212
documentation:
1313
rules:
14+
- selector: google.cloud.location.Locations.GetLocation
15+
description: Gets information about a location.
16+
17+
- selector: google.cloud.location.Locations.ListLocations
18+
description: Lists information about the supported locations for this service.
19+
1420
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
1521
description: |-
1622
Gets the access control policy for a resource. Returns an empty policy
@@ -38,19 +44,55 @@ backend:
3844
rules:
3945
- selector: 'google.cloud.gkehub.v1alpha2.GkeHub.*'
4046
deadline: 60.0
47+
- selector: google.cloud.location.Locations.GetLocation
48+
deadline: 60.0
49+
- selector: google.cloud.location.Locations.ListLocations
50+
deadline: 60.0
4151
- selector: 'google.iam.v1.IAMPolicy.*'
4252
deadline: 60.0
4353
- selector: 'google.longrunning.Operations.*'
4454
deadline: 60.0
4555
- selector: google.longrunning.Operations.GetOperation
4656
deadline: 5.0
4757

58+
http:
59+
rules:
60+
- selector: google.cloud.location.Locations.GetLocation
61+
get: '/v1alpha2/{name=projects/*/locations/*}'
62+
- selector: google.cloud.location.Locations.ListLocations
63+
get: '/v1alpha2/{name=projects/*}/locations'
64+
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
65+
get: '/v1alpha2/{resource=projects/*/locations/*/memberships/*}:getIamPolicy'
66+
- selector: google.iam.v1.IAMPolicy.SetIamPolicy
67+
post: '/v1alpha2/{resource=projects/*/locations/*/memberships/*}:setIamPolicy'
68+
body: '*'
69+
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
70+
post: '/v1alpha2/{resource=projects/*/locations/*/memberships/*}:testIamPermissions'
71+
body: '*'
72+
- selector: google.longrunning.Operations.CancelOperation
73+
post: '/v1alpha2/{name=projects/*/locations/*/operations/*}:cancel'
74+
body: '*'
75+
- selector: google.longrunning.Operations.DeleteOperation
76+
delete: '/v1alpha2/{name=projects/*/locations/*/operations/*}'
77+
- selector: google.longrunning.Operations.GetOperation
78+
get: '/v1alpha2/{name=projects/*/locations/*/operations/*}'
79+
- selector: google.longrunning.Operations.ListOperations
80+
get: '/v1alpha2/{name=projects/*/locations/*}/operations'
81+
4882
authentication:
4983
rules:
5084
- selector: 'google.cloud.gkehub.v1alpha2.GkeHub.*'
5185
oauth:
5286
canonical_scopes: |-
5387
https://www.googleapis.com/auth/cloud-platform
88+
- selector: google.cloud.location.Locations.GetLocation
89+
oauth:
90+
canonical_scopes: |-
91+
https://www.googleapis.com/auth/cloud-platform
92+
- selector: google.cloud.location.Locations.ListLocations
93+
oauth:
94+
canonical_scopes: |-
95+
https://www.googleapis.com/auth/cloud-platform
5496
- selector: 'google.iam.v1.IAMPolicy.*'
5597
oauth:
5698
canonical_scopes: |-

google/cloud/gkehub/v1alpha2/membership.proto

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2020 Google LLC
1+
// Copyright 2021 Google LLC
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -337,6 +337,12 @@ message Authority {
337337
// a new issuer (and re-enabling Workload Identity).
338338
string issuer = 1 [(google.api.field_behavior) = OPTIONAL];
339339

340+
// Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
341+
//
342+
// When this field is set, OIDC discovery will NOT be performed on `issuer`,
343+
// and instead OIDC tokens will be validated using this field.
344+
bytes oidc_jwks = 5 [(google.api.field_behavior) = OPTIONAL];
345+
340346
// Output only. An identity provider that reflects the `issuer` in the workload identity
341347
// pool.
342348
string identity_provider = 3 [(google.api.field_behavior) = OUTPUT_ONLY];

0 commit comments

Comments
 (0)