Variables
File_google_iam_credentials_v1_common_proto
var File_google_iam_credentials_v1_common_proto protoreflect.FileDescriptorFile_google_iam_credentials_v1_iamcredentials_proto
var File_google_iam_credentials_v1_iamcredentials_proto protoreflect.FileDescriptorFunctions
func RegisterIAMCredentialsServer
func RegisterIAMCredentialsServer(s *grpc.Server, srv IAMCredentialsServer)GenerateAccessTokenRequest
type GenerateAccessTokenRequest struct {
// Required. The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"`
// Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
// See https://developers.google.com/identity/protocols/googlescopes for more
// information.
// At least one value required.
Scope []string `protobuf:"bytes,4,rep,name=scope,proto3" json:"scope,omitempty"`
// The desired lifetime duration of the access token in seconds.
// Must be set to a value less than or equal to 3600 (1 hour). If a value is
// not specified, the token's lifetime will be set to a default value of one
// hour.
Lifetime *duration.Duration `protobuf:"bytes,7,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
// contains filtered or unexported fields
}func (*GenerateAccessTokenRequest) Descriptor
func (*GenerateAccessTokenRequest) Descriptor() ([]byte, []int)Deprecated: Use GenerateAccessTokenRequest.ProtoReflect.Descriptor instead.
func (*GenerateAccessTokenRequest) GetDelegates
func (x *GenerateAccessTokenRequest) GetDelegates() []stringfunc (*GenerateAccessTokenRequest) GetLifetime
func (x *GenerateAccessTokenRequest) GetLifetime() *duration.Durationfunc (*GenerateAccessTokenRequest) GetName
func (x *GenerateAccessTokenRequest) GetName() stringfunc (*GenerateAccessTokenRequest) GetScope
func (x *GenerateAccessTokenRequest) GetScope() []stringfunc (*GenerateAccessTokenRequest) ProtoMessage
func (*GenerateAccessTokenRequest) ProtoMessage()func (*GenerateAccessTokenRequest) ProtoReflect
func (x *GenerateAccessTokenRequest) ProtoReflect() protoreflect.Messagefunc (*GenerateAccessTokenRequest) Reset
func (x *GenerateAccessTokenRequest) Reset()func (*GenerateAccessTokenRequest) String
func (x *GenerateAccessTokenRequest) String() stringGenerateAccessTokenResponse
type GenerateAccessTokenResponse struct {
// The OAuth 2.0 access token.
AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
// Token expiration time.
// The expiration time is always set.
ExpireTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
// contains filtered or unexported fields
}func (*GenerateAccessTokenResponse) Descriptor
func (*GenerateAccessTokenResponse) Descriptor() ([]byte, []int)Deprecated: Use GenerateAccessTokenResponse.ProtoReflect.Descriptor instead.
func (*GenerateAccessTokenResponse) GetAccessToken
func (x *GenerateAccessTokenResponse) GetAccessToken() stringfunc (*GenerateAccessTokenResponse) GetExpireTime
func (x *GenerateAccessTokenResponse) GetExpireTime() *timestamp.Timestampfunc (*GenerateAccessTokenResponse) ProtoMessage
func (*GenerateAccessTokenResponse) ProtoMessage()func (*GenerateAccessTokenResponse) ProtoReflect
func (x *GenerateAccessTokenResponse) ProtoReflect() protoreflect.Messagefunc (*GenerateAccessTokenResponse) Reset
func (x *GenerateAccessTokenResponse) Reset()func (*GenerateAccessTokenResponse) String
func (x *GenerateAccessTokenResponse) String() stringGenerateIdTokenRequest
type GenerateIdTokenRequest struct {
// Required. The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"`
// Required. The audience for the token, such as the API or account that this token
// grants access to.
Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
// Include the service account email in the token. If set to `true`, the
// token will contain `email` and `email_verified` claims.
IncludeEmail bool `protobuf:"varint,4,opt,name=include_email,json=includeEmail,proto3" json:"include_email,omitempty"`
// contains filtered or unexported fields
}func (*GenerateIdTokenRequest) Descriptor
func (*GenerateIdTokenRequest) Descriptor() ([]byte, []int)Deprecated: Use GenerateIdTokenRequest.ProtoReflect.Descriptor instead.
func (*GenerateIdTokenRequest) GetAudience
func (x *GenerateIdTokenRequest) GetAudience() stringfunc (*GenerateIdTokenRequest) GetDelegates
func (x *GenerateIdTokenRequest) GetDelegates() []stringfunc (*GenerateIdTokenRequest) GetIncludeEmail
func (x *GenerateIdTokenRequest) GetIncludeEmail() boolfunc (*GenerateIdTokenRequest) GetName
func (x *GenerateIdTokenRequest) GetName() stringfunc (*GenerateIdTokenRequest) ProtoMessage
func (*GenerateIdTokenRequest) ProtoMessage()func (*GenerateIdTokenRequest) ProtoReflect
func (x *GenerateIdTokenRequest) ProtoReflect() protoreflect.Messagefunc (*GenerateIdTokenRequest) Reset
func (x *GenerateIdTokenRequest) Reset()func (*GenerateIdTokenRequest) String
func (x *GenerateIdTokenRequest) String() stringGenerateIdTokenResponse
type GenerateIdTokenResponse struct {
// The OpenId Connect ID token.
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
// contains filtered or unexported fields
}func (*GenerateIdTokenResponse) Descriptor
func (*GenerateIdTokenResponse) Descriptor() ([]byte, []int)Deprecated: Use GenerateIdTokenResponse.ProtoReflect.Descriptor instead.
func (*GenerateIdTokenResponse) GetToken
func (x *GenerateIdTokenResponse) GetToken() stringfunc (*GenerateIdTokenResponse) ProtoMessage
func (*GenerateIdTokenResponse) ProtoMessage()func (*GenerateIdTokenResponse) ProtoReflect
func (x *GenerateIdTokenResponse) ProtoReflect() protoreflect.Messagefunc (*GenerateIdTokenResponse) Reset
func (x *GenerateIdTokenResponse) Reset()func (*GenerateIdTokenResponse) String
func (x *GenerateIdTokenResponse) String() stringIAMCredentialsClient
type IAMCredentialsClient interface {
// Generates an OAuth 2.0 access token for a service account.
GenerateAccessToken(ctx context.Context, in *GenerateAccessTokenRequest, opts ...grpc.CallOption) (*GenerateAccessTokenResponse, error)
// Generates an OpenID Connect ID token for a service account.
GenerateIdToken(ctx context.Context, in *GenerateIdTokenRequest, opts ...grpc.CallOption) (*GenerateIdTokenResponse, error)
// Signs a blob using a service account's system-managed private key.
SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error)
// Signs a JWT using a service account's system-managed private key.
SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error)
}IAMCredentialsClient is the client API for IAMCredentials service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewIAMCredentialsClient
func NewIAMCredentialsClient(cc grpc.ClientConnInterface) IAMCredentialsClientIAMCredentialsServer
type IAMCredentialsServer interface {
// Generates an OAuth 2.0 access token for a service account.
GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)
// Generates an OpenID Connect ID token for a service account.
GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)
// Signs a blob using a service account's system-managed private key.
SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
// Signs a JWT using a service account's system-managed private key.
SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
}IAMCredentialsServer is the server API for IAMCredentials service.
SignBlobRequest
type SignBlobRequest struct {
// Required. The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"`
// Required. The bytes to sign.
Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
// contains filtered or unexported fields
}func (*SignBlobRequest) Descriptor
func (*SignBlobRequest) Descriptor() ([]byte, []int)Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.
func (*SignBlobRequest) GetDelegates
func (x *SignBlobRequest) GetDelegates() []stringfunc (*SignBlobRequest) GetName
func (x *SignBlobRequest) GetName() stringfunc (*SignBlobRequest) GetPayload
func (x *SignBlobRequest) GetPayload() []bytefunc (*SignBlobRequest) ProtoMessage
func (*SignBlobRequest) ProtoMessage()func (*SignBlobRequest) ProtoReflect
func (x *SignBlobRequest) ProtoReflect() protoreflect.Messagefunc (*SignBlobRequest) Reset
func (x *SignBlobRequest) Reset()func (*SignBlobRequest) String
func (x *SignBlobRequest) String() stringSignBlobResponse
type SignBlobResponse struct {
// The ID of the key used to sign the blob.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// The signed blob.
SignedBlob []byte `protobuf:"bytes,4,opt,name=signed_blob,json=signedBlob,proto3" json:"signed_blob,omitempty"`
// contains filtered or unexported fields
}func (*SignBlobResponse) Descriptor
func (*SignBlobResponse) Descriptor() ([]byte, []int)Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.
func (*SignBlobResponse) GetKeyId
func (x *SignBlobResponse) GetKeyId() stringfunc (*SignBlobResponse) GetSignedBlob
func (x *SignBlobResponse) GetSignedBlob() []bytefunc (*SignBlobResponse) ProtoMessage
func (*SignBlobResponse) ProtoMessage()func (*SignBlobResponse) ProtoReflect
func (x *SignBlobResponse) ProtoReflect() protoreflect.Messagefunc (*SignBlobResponse) Reset
func (x *SignBlobResponse) Reset()func (*SignBlobResponse) String
func (x *SignBlobResponse) String() stringSignJwtRequest
type SignJwtRequest struct {
// Required. The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
// character is required; replacing it with a project ID is invalid.
Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"`
// Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
Payload string `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
// contains filtered or unexported fields
}func (*SignJwtRequest) Descriptor
func (*SignJwtRequest) Descriptor() ([]byte, []int)Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.
func (*SignJwtRequest) GetDelegates
func (x *SignJwtRequest) GetDelegates() []stringfunc (*SignJwtRequest) GetName
func (x *SignJwtRequest) GetName() stringfunc (*SignJwtRequest) GetPayload
func (x *SignJwtRequest) GetPayload() stringfunc (*SignJwtRequest) ProtoMessage
func (*SignJwtRequest) ProtoMessage()func (*SignJwtRequest) ProtoReflect
func (x *SignJwtRequest) ProtoReflect() protoreflect.Messagefunc (*SignJwtRequest) Reset
func (x *SignJwtRequest) Reset()func (*SignJwtRequest) String
func (x *SignJwtRequest) String() stringSignJwtResponse
type SignJwtResponse struct {
// The ID of the key used to sign the JWT.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// The signed JWT.
SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"`
// contains filtered or unexported fields
}func (*SignJwtResponse) Descriptor
func (*SignJwtResponse) Descriptor() ([]byte, []int)Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.
func (*SignJwtResponse) GetKeyId
func (x *SignJwtResponse) GetKeyId() stringfunc (*SignJwtResponse) GetSignedJwt
func (x *SignJwtResponse) GetSignedJwt() stringfunc (*SignJwtResponse) ProtoMessage
func (*SignJwtResponse) ProtoMessage()func (*SignJwtResponse) ProtoReflect
func (x *SignJwtResponse) ProtoReflect() protoreflect.Messagefunc (*SignJwtResponse) Reset
func (x *SignJwtResponse) Reset()func (*SignJwtResponse) String
func (x *SignJwtResponse) String() stringUnimplementedIAMCredentialsServer
type UnimplementedIAMCredentialsServer struct {
}UnimplementedIAMCredentialsServer can be embedded to have forward compatible implementations.
func (*UnimplementedIAMCredentialsServer) GenerateAccessToken
func (*UnimplementedIAMCredentialsServer) GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)func (*UnimplementedIAMCredentialsServer) GenerateIdToken
func (*UnimplementedIAMCredentialsServer) GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)func (*UnimplementedIAMCredentialsServer) SignBlob
func (*UnimplementedIAMCredentialsServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)func (*UnimplementedIAMCredentialsServer) SignJwt
func (*UnimplementedIAMCredentialsServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)