credentialspb

package
v1.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2025 License: Apache-2.0 Imports: 11 Imported by: 48

Documentation

Index

Constants

View Source 
const (
	IAMCredentials_GenerateAccessToken_FullMethodName = "/google.iam.credentials.v1.IAMCredentials/GenerateAccessToken"
	IAMCredentials_GenerateIdToken_FullMethodName     = "/google.iam.credentials.v1.IAMCredentials/GenerateIdToken"
	IAMCredentials_SignBlob_FullMethodName            = "/google.iam.credentials.v1.IAMCredentials/SignBlob"
	IAMCredentials_SignJwt_FullMethodName             = "/google.iam.credentials.v1.IAMCredentials/SignJwt"
)

Variables

View Source 
var File_google_iam_credentials_v1_common_proto protoreflect.FileDescriptor
View Source 
var File_google_iam_credentials_v1_iamcredentials_proto protoreflect.FileDescriptor
View Source 
var IAMCredentials_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "google.iam.credentials.v1.IAMCredentials",
	HandlerType: (*IAMCredentialsServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GenerateAccessToken",
			Handler:    _IAMCredentials_GenerateAccessToken_Handler,
		},
		{
			MethodName: "GenerateIdToken",
			Handler:    _IAMCredentials_GenerateIdToken_Handler,
		},
		{
			MethodName: "SignBlob",
			Handler:    _IAMCredentials_SignBlob_Handler,
		},
		{
			MethodName: "SignJwt",
			Handler:    _IAMCredentials_SignJwt_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "google/iam/credentials/v1/iamcredentials.proto",
}

IAMCredentials_ServiceDesc is the grpc.ServiceDesc for IAMCredentials service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterIAMCredentialsServer 

func RegisterIAMCredentialsServer(s grpc.ServiceRegistrar, srv IAMCredentialsServer)

Types

type GenerateAccessTokenRequest 

type GenerateAccessTokenRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
	// See https://developers.google.com/identity/protocols/googlescopes for more
	// information.
	// At least one value required.
	Scope []string `protobuf:"bytes,4,rep,name=scope,proto3" json:"scope,omitempty"`
	// The desired lifetime duration of the access token in seconds.
	// Must be set to a value less than or equal to 3600 (1 hour). If a value is
	// not specified, the token's lifetime will be set to a default value of one
	// hour.
	Lifetime *durationpb.Duration `protobuf:"bytes,7,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateAccessTokenRequest) Descriptor deprecated 

func (*GenerateAccessTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateAccessTokenRequest.ProtoReflect.Descriptor instead.

func (*GenerateAccessTokenRequest) GetDelegates 

func (x *GenerateAccessTokenRequest) GetDelegates() []string

func (*GenerateAccessTokenRequest) GetLifetime 

func (x *GenerateAccessTokenRequest) GetLifetime() *durationpb.Duration

func (*GenerateAccessTokenRequest) GetName 

func (x *GenerateAccessTokenRequest) GetName() string

func (*GenerateAccessTokenRequest) GetScope 

func (x *GenerateAccessTokenRequest) GetScope() []string

func (*GenerateAccessTokenRequest) ProtoMessage 

func (*GenerateAccessTokenRequest) ProtoMessage()

func (*GenerateAccessTokenRequest) ProtoReflect 

func (x *GenerateAccessTokenRequest) ProtoReflect() protoreflect.Message

func (*GenerateAccessTokenRequest) Reset 

func (x *GenerateAccessTokenRequest) Reset()

func (*GenerateAccessTokenRequest) String 

func (x *GenerateAccessTokenRequest) String() string

type GenerateAccessTokenResponse 

type GenerateAccessTokenResponse struct {

	// The OAuth 2.0 access token.
	AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// Token expiration time.
	// The expiration time is always set.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateAccessTokenResponse) Descriptor deprecated 

func (*GenerateAccessTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateAccessTokenResponse.ProtoReflect.Descriptor instead.

func (*GenerateAccessTokenResponse) GetAccessToken 

func (x *GenerateAccessTokenResponse) GetAccessToken() string

func (*GenerateAccessTokenResponse) GetExpireTime 

func (x *GenerateAccessTokenResponse) GetExpireTime() *timestamppb.Timestamp

func (*GenerateAccessTokenResponse) ProtoMessage 

func (*GenerateAccessTokenResponse) ProtoMessage()

func (*GenerateAccessTokenResponse) ProtoReflect 

func (x *GenerateAccessTokenResponse) ProtoReflect() protoreflect.Message

func (*GenerateAccessTokenResponse) Reset 

func (x *GenerateAccessTokenResponse) Reset()

func (*GenerateAccessTokenResponse) String 

func (x *GenerateAccessTokenResponse) String() string

type GenerateIdTokenRequest 

type GenerateIdTokenRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. The audience for the token, such as the API or account that this token
	// grants access to.
	Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
	// Include the service account email in the token. If set to `true`, the
	// token will contain `email` and `email_verified` claims.
	IncludeEmail bool `protobuf:"varint,4,opt,name=include_email,json=includeEmail,proto3" json:"include_email,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateIdTokenRequest) Descriptor deprecated 

func (*GenerateIdTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateIdTokenRequest.ProtoReflect.Descriptor instead.

func (*GenerateIdTokenRequest) GetAudience 

func (x *GenerateIdTokenRequest) GetAudience() string

func (*GenerateIdTokenRequest) GetDelegates 

func (x *GenerateIdTokenRequest) GetDelegates() []string

func (*GenerateIdTokenRequest) GetIncludeEmail 

func (x *GenerateIdTokenRequest) GetIncludeEmail() bool

func (*GenerateIdTokenRequest) GetName 

func (x *GenerateIdTokenRequest) GetName() string

func (*GenerateIdTokenRequest) ProtoMessage 

func (*GenerateIdTokenRequest) ProtoMessage()

func (*GenerateIdTokenRequest) ProtoReflect 

func (x *GenerateIdTokenRequest) ProtoReflect() protoreflect.Message

func (*GenerateIdTokenRequest) Reset 

func (x *GenerateIdTokenRequest) Reset()

func (*GenerateIdTokenRequest) String 

func (x *GenerateIdTokenRequest) String() string

type GenerateIdTokenResponse 

type GenerateIdTokenResponse struct {

	// The OpenId Connect ID token.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateIdTokenResponse) Descriptor deprecated 

func (*GenerateIdTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateIdTokenResponse.ProtoReflect.Descriptor instead.

func (*GenerateIdTokenResponse) GetToken 

func (x *GenerateIdTokenResponse) GetToken() string

func (*GenerateIdTokenResponse) ProtoMessage 

func (*GenerateIdTokenResponse) ProtoMessage()

func (*GenerateIdTokenResponse) ProtoReflect 

func (x *GenerateIdTokenResponse) ProtoReflect() protoreflect.Message

func (*GenerateIdTokenResponse) Reset 

func (x *GenerateIdTokenResponse) Reset()

func (*GenerateIdTokenResponse) String 

func (x *GenerateIdTokenResponse) String() string

type IAMCredentialsClient 

type IAMCredentialsClient interface {
	// Generates an OAuth 2.0 access token for a service account.
	GenerateAccessToken(ctx context.Context, in *GenerateAccessTokenRequest, opts ...grpc.CallOption) (*GenerateAccessTokenResponse, error)
	// Generates an OpenID Connect ID token for a service account.
	GenerateIdToken(ctx context.Context, in *GenerateIdTokenRequest, opts ...grpc.CallOption) (*GenerateIdTokenResponse, error)
	// Signs a blob using a service account's system-managed private key.
	SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error)
	// Signs a JWT using a service account's system-managed private key.
	SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error)
}

IAMCredentialsClient is the client API for IAMCredentials service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewIAMCredentialsClient 

func NewIAMCredentialsClient(cc grpc.ClientConnInterface) IAMCredentialsClient

type IAMCredentialsServer 

type IAMCredentialsServer interface {
	// Generates an OAuth 2.0 access token for a service account.
	GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)
	// Generates an OpenID Connect ID token for a service account.
	GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)
	// Signs a blob using a service account's system-managed private key.
	SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
	// Signs a JWT using a service account's system-managed private key.
	SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
}

IAMCredentialsServer is the server API for IAMCredentials service. All implementations should embed UnimplementedIAMCredentialsServer for forward compatibility

type SignBlobRequest 

type SignBlobRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. The bytes to sign.
	Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

func (*SignBlobRequest) Descriptor deprecated 

func (*SignBlobRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.

func (*SignBlobRequest) GetDelegates 

func (x *SignBlobRequest) GetDelegates() []string

func (*SignBlobRequest) GetName 

func (x *SignBlobRequest) GetName() string

func (*SignBlobRequest) GetPayload 

func (x *SignBlobRequest) GetPayload() []byte

func (*SignBlobRequest) ProtoMessage 

func (*SignBlobRequest) ProtoMessage()

func (*SignBlobRequest) ProtoReflect 

func (x *SignBlobRequest) ProtoReflect() protoreflect.Message

func (*SignBlobRequest) Reset 

func (x *SignBlobRequest) Reset()

func (*SignBlobRequest) String 

func (x *SignBlobRequest) String() string

type SignBlobResponse 

type SignBlobResponse struct {

	// The ID of the key used to sign the blob.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// The signed blob.
	SignedBlob []byte `protobuf:"bytes,4,opt,name=signed_blob,json=signedBlob,proto3" json:"signed_blob,omitempty"`
	// contains filtered or unexported fields
}

func (*SignBlobResponse) Descriptor deprecated 

func (*SignBlobResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.

func (*SignBlobResponse) GetKeyId 

func (x *SignBlobResponse) GetKeyId() string

func (*SignBlobResponse) GetSignedBlob 

func (x *SignBlobResponse) GetSignedBlob() []byte

func (*SignBlobResponse) ProtoMessage 

func (*SignBlobResponse) ProtoMessage()

func (*SignBlobResponse) ProtoReflect 

func (x *SignBlobResponse) ProtoReflect() protoreflect.Message

func (*SignBlobResponse) Reset 

func (x *SignBlobResponse) Reset()

func (*SignBlobResponse) String 

func (x *SignBlobResponse) String() string

type SignJwtRequest 

type SignJwtRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
	Payload string `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

func (*SignJwtRequest) Descriptor deprecated 

func (*SignJwtRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.

func (*SignJwtRequest) GetDelegates 

func (x *SignJwtRequest) GetDelegates() []string

func (*SignJwtRequest) GetName 

func (x *SignJwtRequest) GetName() string

func (*SignJwtRequest) GetPayload 

func (x *SignJwtRequest) GetPayload() string

func (*SignJwtRequest) ProtoMessage 

func (*SignJwtRequest) ProtoMessage()

func (*SignJwtRequest) ProtoReflect 

func (x *SignJwtRequest) ProtoReflect() protoreflect.Message

func (*SignJwtRequest) Reset 

func (x *SignJwtRequest) Reset()

func (*SignJwtRequest) String 

func (x *SignJwtRequest) String() string

type SignJwtResponse 

type SignJwtResponse struct {

	// The ID of the key used to sign the JWT.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// The signed JWT.
	SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"`
	// contains filtered or unexported fields
}

func (*SignJwtResponse) Descriptor deprecated 

func (*SignJwtResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.

func (*SignJwtResponse) GetKeyId 

func (x *SignJwtResponse) GetKeyId() string

func (*SignJwtResponse) GetSignedJwt 

func (x *SignJwtResponse) GetSignedJwt() string

func (*SignJwtResponse) ProtoMessage 

func (*SignJwtResponse) ProtoMessage()

func (*SignJwtResponse) ProtoReflect 

func (x *SignJwtResponse) ProtoReflect() protoreflect.Message

func (*SignJwtResponse) Reset 

func (x *SignJwtResponse) Reset()

func (*SignJwtResponse) String 

func (x *SignJwtResponse) String() string

type UnimplementedIAMCredentialsServer 

type UnimplementedIAMCredentialsServer struct {
}

UnimplementedIAMCredentialsServer should be embedded to have forward compatible implementations.

func (UnimplementedIAMCredentialsServer) GenerateAccessToken 

func (UnimplementedIAMCredentialsServer) GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)

func (UnimplementedIAMCredentialsServer) GenerateIdToken 

func (UnimplementedIAMCredentialsServer) GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)

func (UnimplementedIAMCredentialsServer) SignBlob 

func (UnimplementedIAMCredentialsServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)

func (UnimplementedIAMCredentialsServer) SignJwt 

func (UnimplementedIAMCredentialsServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)

type UnsafeIAMCredentialsServer added in v1.5.3 

type UnsafeIAMCredentialsServer interface {
	// contains filtered or unexported methods
}

UnsafeIAMCredentialsServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to IAMCredentialsServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.