Package com.oracle.bmc.containerengine.model

Class OpenIdConnectTokenAuthenticationConfig

  • @Generated(value="OracleSDKGenerator",
           comments="API Version: 20180222")
public final class OpenIdConnectTokenAuthenticationConfig
extends com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel
    The properties that configure OIDC token authentication in kube-apiserver.

    For more information, see Configuring the API Server.
    Note: Objects should always be created or deserialized using the OpenIdConnectTokenAuthenticationConfig.Builder. This model distinguishes fields that are null because they are unset from fields that are explicitly set to null. This is done in the setter methods of the OpenIdConnectTokenAuthenticationConfig.Builder, which maintain a set of all explicitly set fields called OpenIdConnectTokenAuthenticationConfig.Builder.__explicitlySet__. The hashCode() and equals(Object) methods are implemented to take the explicitly set fields into account. The constructor, on the other hand, does not take the explicitly set fields into account (since the constructor cannot distinguish explicit null from unset null).

    • Constructor Detail

      • OpenIdConnectTokenAuthenticationConfig

        @Deprecated
@ConstructorProperties({"issuerUrl","clientId","usernameClaim","usernamePrefix","groupsClaim","groupsPrefix","requiredClaims","caCertificate","signingAlgorithms","isOpenIdConnectAuthEnabled","configurationFile"})
public OpenIdConnectTokenAuthenticationConfig​(String issuerUrl,
                                              String clientId,
                                              String usernameClaim,
                                              String usernamePrefix,
                                              String groupsClaim,
                                              String groupsPrefix,
                                              List<KeyValue> requiredClaims,
                                              String caCertificate,
                                              List<String> signingAlgorithms,
                                              Boolean isOpenIdConnectAuthEnabled,
                                              String configurationFile)
        Deprecated.

    • Method Detail

      • getIssuerUrl

        public String getIssuerUrl()
        URL of the provider that allows the API server to discover public signing keys.

        Only URLs that use the https:// scheme are accepted. This is typically the provider’s discovery URL, changed to have an empty path.

        Returns:
        the value

      • getClientId

        public String getClientId()
        A client id that all tokens must be issued for.
        Returns:
        the value

      • getUsernameClaim

        public String getUsernameClaim()
        JWT claim to use as the user name.

        By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.

        Returns:
        the value

      • getUsernamePrefix

        public String getUsernamePrefix()
        Prefix prepended to username claims to prevent clashes with existing names (such as system:users).

        For example, the value oidc: will create usernames like oidc:jane.doe. If this flag isn’t provided and –oidc-username-claim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of –oidc-issuer-url. The value - can be used to disable all prefixing.

        Returns:
        the value

      • getGroupsClaim

        public String getGroupsClaim()
        JWT claim to use as the user’s group.

        If the claim is present it must be an array of strings.

        Returns:
        the value

      • getGroupsPrefix

        public String getGroupsPrefix()
        Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).
        Returns:
        the value

      • getRequiredClaims

        public List<KeyValue> getRequiredClaims()
        A key=value pair that describes a required claim in the ID Token.

        If set, the claim is verified to be present in the ID Token with a matching value. Repeat this flag to specify multiple claims.

        Returns:
        the value

      • getCaCertificate

        public String getCaCertificate()
        A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider’s web certificate.
        Returns:
        the value

      • getSigningAlgorithms

        public List<String> getSigningAlgorithms()
        The signing algorithms accepted.

        Default is [“RS256”].

        Returns:
        the value

      • getIsOpenIdConnectAuthEnabled

        public Boolean getIsOpenIdConnectAuthEnabled()
        Whether the cluster has OIDC Auth Config enabled.

        Defaults to false.

        Returns:
        the value

      • getConfigurationFile

        public String getConfigurationFile()
        A Base64 encoded string of a Kubernetes OIDC Auth Config file.

        More info here

        Returns:
        the value

      • toString

        public String toString()
        Overrides:
        toString in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

      • toString

        public String toString​(boolean includeByteArrayContents)
        Return a string representation of the object.
        Parameters:
        includeByteArrayContents - true to include the full contents of byte arrays
        Returns:
        string representation

      • equals

        public boolean equals​(Object o)
        Overrides:
        equals in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel