Method: googleapis.integrations.v1.projects.locations.authConfigs.create

Creates an auth config record. Fetch corresponding credentials for specific auth types, e.g. access token for OAuth 2.0, JWT token for JWT. Encrypt the auth config with Cloud KMS and store the encrypted credentials in Spanner. Returns the encrypted auth config.

Arguments

Parameters
parent

string

Required. "projects/{project}/locations/{location}" format.

clientCertificate.encryptedPrivateKey

string

The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines. For example, -----BEGIN CERTIFICATE----- MIICTTCCAbagAwIBAgIJAPT0tSKNxan/MA0GCSqGSIb3DQEBCwUAMCoxFzAVBgNV BAoTDkdvb2dsZSBURVNUSU5HMQ8wDQYDVQQDEwZ0ZXN0Q0EwHhcNMTUwMTAxMDAw MDAwWhcNMjUwMTAxMDAwMDAwWjAuMRcwFQYDVQQKEw5Hb29nbGUgVEVTVElORzET MBEGA1UEAwwKam9lQGJhbmFuYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA vDYFgMgxi5W488d9J7UpCInl0NXmZQpJDEHE4hvkaRlH7pnC71H0DLt0/3zATRP1 JzY2+eqBmbGl4/sgZKYv8UrLnNyQNUTsNx1iZAfPUflf5FwgVsai8BM0pUciq1NB xD429VFcrGZNucvFLh72RuRFIKH8WUpiK/iZNFkWhZ0CAwEAAaN3MHUwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMBkGA1UdDgQSBBCVgnFBCWgL/iwCqnGrhTPQMBsGA1UdIwQUMBKAEKey Um2o4k2WiEVA0ldQvNYwDQYJKoZIhvcNAQELBQADgYEAYK986R4E3L1v+Q6esBtW JrUwA9UmJRSQr0N5w3o9XzarU37/bkjOP0Fw0k/A6Vv1n3vlciYfBFaBIam1qRHr 5dMsYf4CZS6w50r7hyzqyrwDoyNxkLnd2PdcHT/sym1QmflsjEs7pejtnohO6N2H wQW6M0H7Zt8claGRla4fKkg= -----END CERTIFICATE-----

clientCertificate.passphrase

string

'passphrase' should be left unset if private key is not encrypted. Note that 'passphrase' is not the password for web server, but an extra layer of security to protected private key.

clientCertificate.sslCertificate

string

The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines. For example, -----BEGIN CERTIFICATE----- MIICTTCCAbagAwIBAgIJAPT0tSKNxan/MA0GCSqGSIb3DQEBCwUAMCoxFzAVBgNV BAoTDkdvb2dsZSBURVNUSU5HMQ8wDQYDVQQDEwZ0ZXN0Q0EwHhcNMTUwMTAxMDAw MDAwWhcNMjUwMTAxMDAwMDAwWjAuMRcwFQYDVQQKEw5Hb29nbGUgVEVTVElORzET MBEGA1UEAwwKam9lQGJhbmFuYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA vDYFgMgxi5W488d9J7UpCInl0NXmZQpJDEHE4hvkaRlH7pnC71H0DLt0/3zATRP1 JzY2+eqBmbGl4/sgZKYv8UrLnNyQNUTsNx1iZAfPUflf5FwgVsai8BM0pUciq1NB xD429VFcrGZNucvFLh72RuRFIKH8WUpiK/iZNFkWhZ0CAwEAAaN3MHUwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMBkGA1UdDgQSBBCVgnFBCWgL/iwCqnGrhTPQMBsGA1UdIwQUMBKAEKey Um2o4k2WiEVA0ldQvNYwDQYJKoZIhvcNAQELBQADgYEAYK986R4E3L1v+Q6esBtW JrUwA9UmJRSQr0N5w3o9XzarU37/bkjOP0Fw0k/A6Vv1n3vlciYfBFaBIam1qRHr 5dMsYf4CZS6w50r7hyzqyrwDoyNxkLnd2PdcHT/sym1QmflsjEs7pejtnohO6N2H wQW6M0H7Zt8claGRla4fKkg= -----END CERTIFICATE-----

location

string

Location of the HTTP endpoint. For example, if location is set to us-central1, the endpoint https://us-central1-integrations.googleapis.com will be used. If not set, the global endpint will be used. See service endpoints.

body

object (GoogleCloudIntegrationsV1alphaAuthConfig)

Required.

Raised exceptions

Exceptions
ConnectionError In case of a network problem (such as DNS failure or refused connection).
HttpError If the response status is >= 400 (excluding 429 and 503).
TimeoutError If a long-running operation takes longer to finish than the specified timeout limit.
TypeError If an operation or function receives an argument of the wrong type.
ValueError If an operation or function receives an argument of the right type but an inappropriate value. For example, a negative timeout.

Response

If successful, the response contains an instance of GoogleCloudIntegrationsV1alphaAuthConfig.

Subworkflow snippet

Some fields might be optional or required. To identify required fields, refer to the API documentation.

YAML

- create:
    call: googleapis.integrations.v1.projects.locations.authConfigs.create
    args:
        parent: ...
        clientCertificate:
            encryptedPrivateKey: ...
            passphrase: ...
            sslCertificate: ...
        body:
            certificateId: ...
            creatorEmail: ...
            credentialType: ...
            decryptedCredential:
                authToken:
                    token: ...
                    type: ...
                credentialType: ...
                jwt:
                    jwt: ...
                    jwtHeader: ...
                    jwtPayload: ...
                    secret: ...
                oauth2AuthorizationCode:
                    accessToken:
                        accessToken: ...
                        accessTokenExpireTime: ...
                        refreshToken: ...
                        refreshTokenExpireTime: ...
                        tokenType: ...
                    applyReauthPolicy: ...
                    authCode: ...
                    authEndpoint: ...
                    authParams:
                        entries: ...
                        keyType: ...
                        valueType: ...
                    clientId: ...
                    clientSecret: ...
                    requestType: ...
                    scope: ...
                    tokenEndpoint: ...
                    tokenParams: ...
                oauth2ClientCredentials:
                    accessToken: ...
                    clientId: ...
                    clientSecret: ...
                    requestType: ...
                    scope: ...
                    tokenEndpoint: ...
                    tokenParams: ...
                oauth2ResourceOwnerCredentials:
                    accessToken: ...
                    clientId: ...
                    clientSecret: ...
                    password: ...
                    requestType: ...
                    scope: ...
                    tokenEndpoint: ...
                    tokenParams: ...
                    username: ...
                oidcToken:
                    audience: ...
                    serviceAccountEmail: ...
                    token: ...
                    tokenExpireTime: ...
                serviceAccountCredentials:
                    scope: ...
                    serviceAccount: ...
                usernameAndPassword:
                    password: ...
                    username: ...
            description: ...
            displayName: ...
            encryptedCredential: ...
            expiryNotificationDuration: ...
            lastModifierEmail: ...
            name: ...
            overrideValidTime: ...
            reason: ...
            state: ...
            validTime: ...
            visibility: ...
    result: createResult

JSON

[
  {
    "create": {
      "call": "googleapis.integrations.v1.projects.locations.authConfigs.create",
      "args": {
        "parent": "...",
        "clientCertificate": {
          "encryptedPrivateKey": "...",
          "passphrase": "...",
          "sslCertificate": "..."
        },
        "body": {
          "certificateId": "...",
          "creatorEmail": "...",
          "credentialType": "...",
          "decryptedCredential": {
            "authToken": {
              "token": "...",
              "type": "..."
            },
            "credentialType": "...",
            "jwt": {
              "jwt": "...",
              "jwtHeader": "...",
              "jwtPayload": "...",
              "secret": "..."
            },
            "oauth2AuthorizationCode": {
              "accessToken": {
                "accessToken": "...",
                "accessTokenExpireTime": "...",
                "refreshToken": "...",
                "refreshTokenExpireTime": "...",
                "tokenType": "..."
              },
              "applyReauthPolicy": "...",
              "authCode": "...",
              "authEndpoint": "...",
              "authParams": {
                "entries": "...",
                "keyType": "...",
                "valueType": "..."
              },
              "clientId": "...",
              "clientSecret": "...",
              "requestType": "...",
              "scope": "...",
              "tokenEndpoint": "...",
              "tokenParams": "..."
            },
            "oauth2ClientCredentials": {
              "accessToken": "...",
              "clientId": "...",
              "clientSecret": "...",
              "requestType": "...",
              "scope": "...",
              "tokenEndpoint": "...",
              "tokenParams": "..."
            },
            "oauth2ResourceOwnerCredentials": {
              "accessToken": "...",
              "clientId": "...",
              "clientSecret": "...",
              "password": "...",
              "requestType": "...",
              "scope": "...",
              "tokenEndpoint": "...",
              "tokenParams": "...",
              "username": "..."
            },
            "oidcToken": {
              "audience": "...",
              "serviceAccountEmail": "...",
              "token": "...",
              "tokenExpireTime": "..."
            },
            "serviceAccountCredentials": {
              "scope": "...",
              "serviceAccount": "..."
            },
            "usernameAndPassword": {
              "password": "...",
              "username": "..."
            }
          },
          "description": "...",
          "displayName": "...",
          "encryptedCredential": "...",
          "expiryNotificationDuration": "...",
          "lastModifierEmail": "...",
          "name": "...",
          "overrideValidTime": "...",
          "reason": "...",
          "state": "...",
          "validTime": "...",
          "visibility": "..."
        }
      },
      "result": "createResult"
    }
  }
]