Documentation ¶
Index ¶
- Variables
- func RegisterIAMCredentialsServer(s *grpc.Server, srv IAMCredentialsServer)
- type GenerateAccessTokenRequest
- func (*GenerateAccessTokenRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateAccessTokenRequest) GetDelegates() []string
- func (x *GenerateAccessTokenRequest) GetLifetime() *durationpb.Duration
- func (x *GenerateAccessTokenRequest) GetName() string
- func (x *GenerateAccessTokenRequest) GetScope() []string
- func (*GenerateAccessTokenRequest) ProtoMessage()
- func (x *GenerateAccessTokenRequest) ProtoReflect() protoreflect.Message
- func (x *GenerateAccessTokenRequest) Reset()
- func (x *GenerateAccessTokenRequest) String() string
- type GenerateAccessTokenResponse
- func (*GenerateAccessTokenResponse) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateAccessTokenResponse) GetAccessToken() string
- func (x *GenerateAccessTokenResponse) GetExpireTime() *timestamppb.Timestamp
- func (*GenerateAccessTokenResponse) ProtoMessage()
- func (x *GenerateAccessTokenResponse) ProtoReflect() protoreflect.Message
- func (x *GenerateAccessTokenResponse) Reset()
- func (x *GenerateAccessTokenResponse) String() string
- type GenerateIdTokenRequest
- func (*GenerateIdTokenRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateIdTokenRequest) GetAudience() string
- func (x *GenerateIdTokenRequest) GetDelegates() []string
- func (x *GenerateIdTokenRequest) GetIncludeEmail() bool
- func (x *GenerateIdTokenRequest) GetName() string
- func (*GenerateIdTokenRequest) ProtoMessage()
- func (x *GenerateIdTokenRequest) ProtoReflect() protoreflect.Message
- func (x *GenerateIdTokenRequest) Reset()
- func (x *GenerateIdTokenRequest) String() string
- type GenerateIdTokenResponse
- func (*GenerateIdTokenResponse) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateIdTokenResponse) GetToken() string
- func (*GenerateIdTokenResponse) ProtoMessage()
- func (x *GenerateIdTokenResponse) ProtoReflect() protoreflect.Message
- func (x *GenerateIdTokenResponse) Reset()
- func (x *GenerateIdTokenResponse) String() string
- type IAMCredentialsClient
- type IAMCredentialsServer
- type SignBlobRequest
- func (*SignBlobRequest) Descriptor() ([]byte, []int)deprecated
- func (x *SignBlobRequest) GetDelegates() []string
- func (x *SignBlobRequest) GetName() string
- func (x *SignBlobRequest) GetPayload() []byte
- func (*SignBlobRequest) ProtoMessage()
- func (x *SignBlobRequest) ProtoReflect() protoreflect.Message
- func (x *SignBlobRequest) Reset()
- func (x *SignBlobRequest) String() string
- type SignBlobResponse
- func (*SignBlobResponse) Descriptor() ([]byte, []int)deprecated
- func (x *SignBlobResponse) GetKeyId() string
- func (x *SignBlobResponse) GetSignedBlob() []byte
- func (*SignBlobResponse) ProtoMessage()
- func (x *SignBlobResponse) ProtoReflect() protoreflect.Message
- func (x *SignBlobResponse) Reset()
- func (x *SignBlobResponse) String() string
- type SignJwtRequest
- func (*SignJwtRequest) Descriptor() ([]byte, []int)deprecated
- func (x *SignJwtRequest) GetDelegates() []string
- func (x *SignJwtRequest) GetName() string
- func (x *SignJwtRequest) GetPayload() string
- func (*SignJwtRequest) ProtoMessage()
- func (x *SignJwtRequest) ProtoReflect() protoreflect.Message
- func (x *SignJwtRequest) Reset()
- func (x *SignJwtRequest) String() string
- type SignJwtResponse
- func (*SignJwtResponse) Descriptor() ([]byte, []int)deprecated
- func (x *SignJwtResponse) GetKeyId() string
- func (x *SignJwtResponse) GetSignedJwt() string
- func (*SignJwtResponse) ProtoMessage()
- func (x *SignJwtResponse) ProtoReflect() protoreflect.Message
- func (x *SignJwtResponse) Reset()
- func (x *SignJwtResponse) String() string
- type UnimplementedIAMCredentialsServer
- func (*UnimplementedIAMCredentialsServer) GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)
- func (*UnimplementedIAMCredentialsServer) GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)
- func (*UnimplementedIAMCredentialsServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
- func (*UnimplementedIAMCredentialsServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
Constants ¶
This section is empty.
Variables ¶
var File_google_iam_credentials_v1_common_proto protoreflect.FileDescriptor
var File_google_iam_credentials_v1_iamcredentials_proto protoreflect.FileDescriptor
Functions ¶
func RegisterIAMCredentialsServer ¶
func RegisterIAMCredentialsServer(s *grpc.Server, srv IAMCredentialsServer)
Types ¶
type GenerateAccessTokenRequest ¶
type GenerateAccessTokenRequest struct { // Required. The resource name of the service account for which the credentials // are requested, in the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The sequence of service accounts in a delegation chain. Each service // account must be granted the `roles/iam.serviceAccountTokenCreator` role // on its next service account in the chain. The last service account in the // chain must be granted the `roles/iam.serviceAccountTokenCreator` role // on the service account that is specified in the `name` field of the // request. // // The delegates must have the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"` // Required. Code to identify the scopes to be included in the OAuth 2.0 access token. // See https://developers.google.com/identity/protocols/googlescopes for more // information. // At least one value required. Scope []string `protobuf:"bytes,4,rep,name=scope,proto3" json:"scope,omitempty"` // The desired lifetime duration of the access token in seconds. // Must be set to a value less than or equal to 3600 (1 hour). If a value is // not specified, the token's lifetime will be set to a default value of one // hour. Lifetime *durationpb.Duration `protobuf:"bytes,7,opt,name=lifetime,proto3" json:"lifetime,omitempty"` // contains filtered or unexported fields }
func (*GenerateAccessTokenRequest) Descriptor
deprecated
func (*GenerateAccessTokenRequest) Descriptor() ([]byte, []int)
Deprecated: Use GenerateAccessTokenRequest.ProtoReflect.Descriptor instead.
func (*GenerateAccessTokenRequest) GetDelegates ¶
func (x *GenerateAccessTokenRequest) GetDelegates() []string
func (*GenerateAccessTokenRequest) GetLifetime ¶
func (x *GenerateAccessTokenRequest) GetLifetime() *durationpb.Duration
func (*GenerateAccessTokenRequest) GetName ¶
func (x *GenerateAccessTokenRequest) GetName() string
func (*GenerateAccessTokenRequest) GetScope ¶
func (x *GenerateAccessTokenRequest) GetScope() []string
func (*GenerateAccessTokenRequest) ProtoMessage ¶
func (*GenerateAccessTokenRequest) ProtoMessage()
func (*GenerateAccessTokenRequest) ProtoReflect ¶
func (x *GenerateAccessTokenRequest) ProtoReflect() protoreflect.Message
func (*GenerateAccessTokenRequest) Reset ¶
func (x *GenerateAccessTokenRequest) Reset()
func (*GenerateAccessTokenRequest) String ¶
func (x *GenerateAccessTokenRequest) String() string
type GenerateAccessTokenResponse ¶
type GenerateAccessTokenResponse struct { // The OAuth 2.0 access token. AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` // Token expiration time. // The expiration time is always set. ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"` // contains filtered or unexported fields }
func (*GenerateAccessTokenResponse) Descriptor
deprecated
func (*GenerateAccessTokenResponse) Descriptor() ([]byte, []int)
Deprecated: Use GenerateAccessTokenResponse.ProtoReflect.Descriptor instead.
func (*GenerateAccessTokenResponse) GetAccessToken ¶
func (x *GenerateAccessTokenResponse) GetAccessToken() string
func (*GenerateAccessTokenResponse) GetExpireTime ¶
func (x *GenerateAccessTokenResponse) GetExpireTime() *timestamppb.Timestamp
func (*GenerateAccessTokenResponse) ProtoMessage ¶
func (*GenerateAccessTokenResponse) ProtoMessage()
func (*GenerateAccessTokenResponse) ProtoReflect ¶
func (x *GenerateAccessTokenResponse) ProtoReflect() protoreflect.Message
func (*GenerateAccessTokenResponse) Reset ¶
func (x *GenerateAccessTokenResponse) Reset()
func (*GenerateAccessTokenResponse) String ¶
func (x *GenerateAccessTokenResponse) String() string
type GenerateIdTokenRequest ¶
type GenerateIdTokenRequest struct { // Required. The resource name of the service account for which the credentials // are requested, in the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The sequence of service accounts in a delegation chain. Each service // account must be granted the `roles/iam.serviceAccountTokenCreator` role // on its next service account in the chain. The last service account in the // chain must be granted the `roles/iam.serviceAccountTokenCreator` role // on the service account that is specified in the `name` field of the // request. // // The delegates must have the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"` // Required. The audience for the token, such as the API or account that this token // grants access to. Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"` // Include the service account email in the token. If set to `true`, the // token will contain `email` and `email_verified` claims. IncludeEmail bool `protobuf:"varint,4,opt,name=include_email,json=includeEmail,proto3" json:"include_email,omitempty"` // contains filtered or unexported fields }
func (*GenerateIdTokenRequest) Descriptor
deprecated
func (*GenerateIdTokenRequest) Descriptor() ([]byte, []int)
Deprecated: Use GenerateIdTokenRequest.ProtoReflect.Descriptor instead.
func (*GenerateIdTokenRequest) GetAudience ¶
func (x *GenerateIdTokenRequest) GetAudience() string
func (*GenerateIdTokenRequest) GetDelegates ¶
func (x *GenerateIdTokenRequest) GetDelegates() []string
func (*GenerateIdTokenRequest) GetIncludeEmail ¶
func (x *GenerateIdTokenRequest) GetIncludeEmail() bool
func (*GenerateIdTokenRequest) GetName ¶
func (x *GenerateIdTokenRequest) GetName() string
func (*GenerateIdTokenRequest) ProtoMessage ¶
func (*GenerateIdTokenRequest) ProtoMessage()
func (*GenerateIdTokenRequest) ProtoReflect ¶
func (x *GenerateIdTokenRequest) ProtoReflect() protoreflect.Message
func (*GenerateIdTokenRequest) Reset ¶
func (x *GenerateIdTokenRequest) Reset()
func (*GenerateIdTokenRequest) String ¶
func (x *GenerateIdTokenRequest) String() string
type GenerateIdTokenResponse ¶
type GenerateIdTokenResponse struct { // The OpenId Connect ID token. Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` // contains filtered or unexported fields }
func (*GenerateIdTokenResponse) Descriptor
deprecated
func (*GenerateIdTokenResponse) Descriptor() ([]byte, []int)
Deprecated: Use GenerateIdTokenResponse.ProtoReflect.Descriptor instead.
func (*GenerateIdTokenResponse) GetToken ¶
func (x *GenerateIdTokenResponse) GetToken() string
func (*GenerateIdTokenResponse) ProtoMessage ¶
func (*GenerateIdTokenResponse) ProtoMessage()
func (*GenerateIdTokenResponse) ProtoReflect ¶
func (x *GenerateIdTokenResponse) ProtoReflect() protoreflect.Message
func (*GenerateIdTokenResponse) Reset ¶
func (x *GenerateIdTokenResponse) Reset()
func (*GenerateIdTokenResponse) String ¶
func (x *GenerateIdTokenResponse) String() string
type IAMCredentialsClient ¶
type IAMCredentialsClient interface { // Generates an OAuth 2.0 access token for a service account. GenerateAccessToken(ctx context.Context, in *GenerateAccessTokenRequest, opts ...grpc.CallOption) (*GenerateAccessTokenResponse, error) // Generates an OpenID Connect ID token for a service account. GenerateIdToken(ctx context.Context, in *GenerateIdTokenRequest, opts ...grpc.CallOption) (*GenerateIdTokenResponse, error) // Signs a blob using a service account's system-managed private key. SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error) // Signs a JWT using a service account's system-managed private key. SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error) }
IAMCredentialsClient is the client API for IAMCredentials service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewIAMCredentialsClient ¶
func NewIAMCredentialsClient(cc grpc.ClientConnInterface) IAMCredentialsClient
type IAMCredentialsServer ¶
type IAMCredentialsServer interface { // Generates an OAuth 2.0 access token for a service account. GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error) // Generates an OpenID Connect ID token for a service account. GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error) // Signs a blob using a service account's system-managed private key. SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error) // Signs a JWT using a service account's system-managed private key. SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error) }
IAMCredentialsServer is the server API for IAMCredentials service.
type SignBlobRequest ¶
type SignBlobRequest struct { // Required. The resource name of the service account for which the credentials // are requested, in the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The sequence of service accounts in a delegation chain. Each service // account must be granted the `roles/iam.serviceAccountTokenCreator` role // on its next service account in the chain. The last service account in the // chain must be granted the `roles/iam.serviceAccountTokenCreator` role // on the service account that is specified in the `name` field of the // request. // // The delegates must have the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"` // Required. The bytes to sign. Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` // contains filtered or unexported fields }
func (*SignBlobRequest) Descriptor
deprecated
func (*SignBlobRequest) Descriptor() ([]byte, []int)
Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.
func (*SignBlobRequest) GetDelegates ¶
func (x *SignBlobRequest) GetDelegates() []string
func (*SignBlobRequest) GetName ¶
func (x *SignBlobRequest) GetName() string
func (*SignBlobRequest) GetPayload ¶
func (x *SignBlobRequest) GetPayload() []byte
func (*SignBlobRequest) ProtoMessage ¶
func (*SignBlobRequest) ProtoMessage()
func (*SignBlobRequest) ProtoReflect ¶
func (x *SignBlobRequest) ProtoReflect() protoreflect.Message
func (*SignBlobRequest) Reset ¶
func (x *SignBlobRequest) Reset()
func (*SignBlobRequest) String ¶
func (x *SignBlobRequest) String() string
type SignBlobResponse ¶
type SignBlobResponse struct { // The ID of the key used to sign the blob. KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // The signed blob. SignedBlob []byte `protobuf:"bytes,4,opt,name=signed_blob,json=signedBlob,proto3" json:"signed_blob,omitempty"` // contains filtered or unexported fields }
func (*SignBlobResponse) Descriptor
deprecated
func (*SignBlobResponse) Descriptor() ([]byte, []int)
Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.
func (*SignBlobResponse) GetKeyId ¶
func (x *SignBlobResponse) GetKeyId() string
func (*SignBlobResponse) GetSignedBlob ¶
func (x *SignBlobResponse) GetSignedBlob() []byte
func (*SignBlobResponse) ProtoMessage ¶
func (*SignBlobResponse) ProtoMessage()
func (*SignBlobResponse) ProtoReflect ¶
func (x *SignBlobResponse) ProtoReflect() protoreflect.Message
func (*SignBlobResponse) Reset ¶
func (x *SignBlobResponse) Reset()
func (*SignBlobResponse) String ¶
func (x *SignBlobResponse) String() string
type SignJwtRequest ¶
type SignJwtRequest struct { // Required. The resource name of the service account for which the credentials // are requested, in the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The sequence of service accounts in a delegation chain. Each service // account must be granted the `roles/iam.serviceAccountTokenCreator` role // on its next service account in the chain. The last service account in the // chain must be granted the `roles/iam.serviceAccountTokenCreator` role // on the service account that is specified in the `name` field of the // request. // // The delegates must have the following format: // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard // character is required; replacing it with a project ID is invalid. Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"` // Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set. Payload string `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` // contains filtered or unexported fields }
func (*SignJwtRequest) Descriptor
deprecated
func (*SignJwtRequest) Descriptor() ([]byte, []int)
Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.
func (*SignJwtRequest) GetDelegates ¶
func (x *SignJwtRequest) GetDelegates() []string
func (*SignJwtRequest) GetName ¶
func (x *SignJwtRequest) GetName() string
func (*SignJwtRequest) GetPayload ¶
func (x *SignJwtRequest) GetPayload() string
func (*SignJwtRequest) ProtoMessage ¶
func (*SignJwtRequest) ProtoMessage()
func (*SignJwtRequest) ProtoReflect ¶
func (x *SignJwtRequest) ProtoReflect() protoreflect.Message
func (*SignJwtRequest) Reset ¶
func (x *SignJwtRequest) Reset()
func (*SignJwtRequest) String ¶
func (x *SignJwtRequest) String() string
type SignJwtResponse ¶
type SignJwtResponse struct { // The ID of the key used to sign the JWT. KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // The signed JWT. SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"` // contains filtered or unexported fields }
func (*SignJwtResponse) Descriptor
deprecated
func (*SignJwtResponse) Descriptor() ([]byte, []int)
Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.
func (*SignJwtResponse) GetKeyId ¶
func (x *SignJwtResponse) GetKeyId() string
func (*SignJwtResponse) GetSignedJwt ¶
func (x *SignJwtResponse) GetSignedJwt() string
func (*SignJwtResponse) ProtoMessage ¶
func (*SignJwtResponse) ProtoMessage()
func (*SignJwtResponse) ProtoReflect ¶
func (x *SignJwtResponse) ProtoReflect() protoreflect.Message
func (*SignJwtResponse) Reset ¶
func (x *SignJwtResponse) Reset()
func (*SignJwtResponse) String ¶
func (x *SignJwtResponse) String() string
type UnimplementedIAMCredentialsServer ¶
type UnimplementedIAMCredentialsServer struct { }
UnimplementedIAMCredentialsServer can be embedded to have forward compatible implementations.
func (*UnimplementedIAMCredentialsServer) GenerateAccessToken ¶
func (*UnimplementedIAMCredentialsServer) GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)
func (*UnimplementedIAMCredentialsServer) GenerateIdToken ¶
func (*UnimplementedIAMCredentialsServer) GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)
func (*UnimplementedIAMCredentialsServer) SignBlob ¶
func (*UnimplementedIAMCredentialsServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
func (*UnimplementedIAMCredentialsServer) SignJwt ¶
func (*UnimplementedIAMCredentialsServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)