iamcredentials

package
v0.154.0-20231227-2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 27, 2023 License: BSD-3-Clause Imports: 16 Imported by: 0

Documentation

Overview

Package iamcredentials provides access to the IAM Service Account Credentials API.

For product documentation, see: https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials

Library status

These client libraries are officially supported by Google. However, this library is considered complete and is in maintenance mode. This means that we will address critical bugs and security issues but will not add any new features.

When possible, we recommend using our newer [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) that are still actively being worked and iterated on.

Creating a client

Usage example: 

import "google.golang.org/api/iamcredentials/v1"
...
ctx := context.Background()
iamcredentialsService, err := iamcredentials.NewService(ctx)

In this example, Google Application Default Credentials are used for authentication. For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.

Other authentication options

To use an API key for authentication (note: some APIs do not support API keys), use google.golang.org/api/option.WithAPIKey: 

iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithAPIKey("AIza..."))

To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow, use google.golang.org/api/option.WithTokenSource: 

config := &oauth2.Config{...}
// ...
token, err := config.Exchange(ctx, ...)
iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))

See google.golang.org/api/option.ClientOption for details on options.

Index

Constants

View Source 
const (
	// See, edit, configure, and delete your Google Cloud data and see the
	// email address for your Google Account.
	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)

OAuth2 scopes used by this API.

Variables

This section is empty.

Functions

This section is empty.

Types

type GenerateAccessTokenRequest 

type GenerateAccessTokenRequest struct {
	// Delegates: The sequence of service accounts in a delegation chain.
	// This field is required for delegated requests
	// (https://cloud.google.com/iam/help/credentials/delegated-request).
	// For direct requests
	// (https://cloud.google.com/iam/help/credentials/direct-request), which
	// are more common, do not specify this field. Each service account must
	// be granted the `roles/iam.serviceAccountTokenCreator` role on its
	// next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request. The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
	// wildcard character is required; replacing it with a project ID is
	// invalid.
	Delegates []string `json:"delegates,omitempty"`

	// Lifetime: The desired lifetime duration of the access token in
	// seconds. By default, the maximum allowed value is 1 hour. To set a
	// lifetime of up to 12 hours, you can add the service account as an
	// allowed value in an Organization Policy that enforces the
	// `constraints/iam.allowServiceAccountCredentialLifetimeExtension`
	// constraint. See detailed instructions at
	// https://cloud.google.com/iam/help/credentials/lifetime If a value is
	// not specified, the token's lifetime will be set to a default value of
	// 1 hour.
	Lifetime string `json:"lifetime,omitempty"`

	// Scope: Required. Code to identify the scopes to be included in the
	// OAuth 2.0 access token. See
	// https://developers.google.com/identity/protocols/googlescopes for
	// more information. At least one value required.
	Scope []string `json:"scope,omitempty"`

	// ForceSendFields is a list of field names (e.g. "Delegates") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "Delegates") to include in
	// API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*GenerateAccessTokenRequest) MarshalJSON 

func (s *GenerateAccessTokenRequest) MarshalJSON() ([]byte, error)

type GenerateAccessTokenResponse 

type GenerateAccessTokenResponse struct {
	// AccessToken: The OAuth 2.0 access token.
	AccessToken string `json:"accessToken,omitempty"`

	// ExpireTime: Token expiration time. The expiration time is always set.
	ExpireTime string `json:"expireTime,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the
	// server.
	googleapi.ServerResponse `json:"-"`

	// ForceSendFields is a list of field names (e.g. "AccessToken") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "AccessToken") to include
	// in API requests with the JSON null value. By default, fields with
	// empty values are omitted from API requests. However, any field with
	// an empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*GenerateAccessTokenResponse) MarshalJSON 

func (s *GenerateAccessTokenResponse) MarshalJSON() ([]byte, error)

type GenerateIdTokenRequest 

type GenerateIdTokenRequest struct {
	// Audience: Required. The audience for the token, such as the API or
	// account that this token grants access to.
	Audience string `json:"audience,omitempty"`

	// Delegates: The sequence of service accounts in a delegation chain.
	// Each service account must be granted the
	// `roles/iam.serviceAccountTokenCreator` role on its next service
	// account in the chain. The last service account in the chain must be
	// granted the `roles/iam.serviceAccountTokenCreator` role on the
	// service account that is specified in the `name` field of the request.
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
	// wildcard character is required; replacing it with a project ID is
	// invalid.
	Delegates []string `json:"delegates,omitempty"`

	// IncludeEmail: Include the service account email in the token. If set
	// to `true`, the token will contain `email` and `email_verified`
	// claims.
	IncludeEmail bool `json:"includeEmail,omitempty"`

	// ForceSendFields is a list of field names (e.g. "Audience") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "Audience") to include in
	// API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*GenerateIdTokenRequest) MarshalJSON 

func (s *GenerateIdTokenRequest) MarshalJSON() ([]byte, error)

type GenerateIdTokenResponse 

type GenerateIdTokenResponse struct {
	// Token: The OpenId Connect ID token.
	Token string `json:"token,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the
	// server.
	googleapi.ServerResponse `json:"-"`

	// ForceSendFields is a list of field names (e.g. "Token") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "Token") to include in API
	// requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*GenerateIdTokenResponse) MarshalJSON 

func (s *GenerateIdTokenResponse) MarshalJSON() ([]byte, error)

type ProjectsService 

type ProjectsService struct {
	ServiceAccounts *ProjectsServiceAccountsService
	// contains filtered or unexported fields
}

func NewProjectsService 

func NewProjectsService(s *Service) *ProjectsService

type ProjectsServiceAccountsGenerateAccessTokenCall 

type ProjectsServiceAccountsGenerateAccessTokenCall struct {
	// contains filtered or unexported fields
}

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Context 

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateAccessTokenCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Do 

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Do(opts ...googleapi.CallOption) (*GenerateAccessTokenResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.generateAccessToken" call. Exactly one of *GenerateAccessTokenResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *GenerateAccessTokenResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Fields 

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateAccessTokenCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Header 

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type ProjectsServiceAccountsGenerateIdTokenCall 

type ProjectsServiceAccountsGenerateIdTokenCall struct {
	// contains filtered or unexported fields
}

func (*ProjectsServiceAccountsGenerateIdTokenCall) Context 

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateIdTokenCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsGenerateIdTokenCall) Do 

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Do(opts ...googleapi.CallOption) (*GenerateIdTokenResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.generateIdToken" call. Exactly one of *GenerateIdTokenResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *GenerateIdTokenResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsGenerateIdTokenCall) Fields 

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateIdTokenCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsGenerateIdTokenCall) Header 

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type ProjectsServiceAccountsService 

type ProjectsServiceAccountsService struct {
	// contains filtered or unexported fields
}

func NewProjectsServiceAccountsService 

func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService

func (*ProjectsServiceAccountsService) GenerateAccessToken 

func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall

GenerateAccessToken: Generates an OAuth 2.0 access token for a service account.

  • name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.

func (*ProjectsServiceAccountsService) GenerateIdToken 

func (r *ProjectsServiceAccountsService) GenerateIdToken(name string, generateidtokenrequest *GenerateIdTokenRequest) *ProjectsServiceAccountsGenerateIdTokenCall

GenerateIdToken: Generates an OpenID Connect ID token for a service account.

  • name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.

func (*ProjectsServiceAccountsService) SignBlob 

func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall

SignBlob: Signs a blob using a service account's system-managed private key.

  • name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.

func (*ProjectsServiceAccountsService) SignJwt 

func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall

SignJwt: Signs a JWT using a service account's system-managed private key.

  • name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.

type ProjectsServiceAccountsSignBlobCall 

type ProjectsServiceAccountsSignBlobCall struct {
	// contains filtered or unexported fields
}

func (*ProjectsServiceAccountsSignBlobCall) Context 

func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsSignBlobCall) Do 

func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.signBlob" call. Exactly one of *SignBlobResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *SignBlobResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsSignBlobCall) Fields 

func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsSignBlobCall) Header 

func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type ProjectsServiceAccountsSignJwtCall 

type ProjectsServiceAccountsSignJwtCall struct {
	// contains filtered or unexported fields
}

func (*ProjectsServiceAccountsSignJwtCall) Context 

func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsSignJwtCall) Do 

func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.signJwt" call. Exactly one of *SignJwtResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *SignJwtResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsSignJwtCall) Fields 

func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsSignJwtCall) Header 

func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type Service 

type Service struct {
	BasePath  string // API endpoint base URL
	UserAgent string // optional additional User-Agent fragment

	Projects *ProjectsService
	// contains filtered or unexported fields
}

func New deprecated 

func New(client *http.Client) (*Service, error)

New creates a new Service. It uses the provided http.Client for requests.

Deprecated: please use NewService instead. To provide a custom HTTP client, use option.WithHTTPClient. If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.

func NewService 

func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error)

NewService creates a new Service.

type SignBlobRequest 

type SignBlobRequest struct {
	// Delegates: The sequence of service accounts in a delegation chain.
	// Each service account must be granted the
	// `roles/iam.serviceAccountTokenCreator` role on its next service
	// account in the chain. The last service account in the chain must be
	// granted the `roles/iam.serviceAccountTokenCreator` role on the
	// service account that is specified in the `name` field of the request.
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
	// wildcard character is required; replacing it with a project ID is
	// invalid.
	Delegates []string `json:"delegates,omitempty"`

	// Payload: Required. The bytes to sign.
	Payload string `json:"payload,omitempty"`

	// ForceSendFields is a list of field names (e.g. "Delegates") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "Delegates") to include in
	// API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*SignBlobRequest) MarshalJSON 

func (s *SignBlobRequest) MarshalJSON() ([]byte, error)

type SignBlobResponse 

type SignBlobResponse struct {
	// KeyId: The ID of the key used to sign the blob. The key used for
	// signing will remain valid for at least 12 hours after the blob is
	// signed. To verify the signature, you can retrieve the public key in
	// several formats from the following endpoints: - RSA public key
	// wrapped in an X.509 v3 certificate:
	// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT
	// _EMAIL}` - Raw key in JSON format:
	// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_
	// EMAIL}` - JSON Web Key (JWK):
	// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_
	// EMAIL}`
	KeyId string `json:"keyId,omitempty"`

	// SignedBlob: The signature for the blob. Does not include the original
	// blob. After the key pair referenced by the `key_id` response field
	// expires, Google no longer exposes the public key that can be used to
	// verify the blob. As a result, the receiver can no longer verify the
	// signature.
	SignedBlob string `json:"signedBlob,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the
	// server.
	googleapi.ServerResponse `json:"-"`

	// ForceSendFields is a list of field names (e.g. "KeyId") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "KeyId") to include in API
	// requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*SignBlobResponse) MarshalJSON 

func (s *SignBlobResponse) MarshalJSON() ([]byte, error)

type SignJwtRequest 

type SignJwtRequest struct {
	// Delegates: The sequence of service accounts in a delegation chain.
	// Each service account must be granted the
	// `roles/iam.serviceAccountTokenCreator` role on its next service
	// account in the chain. The last service account in the chain must be
	// granted the `roles/iam.serviceAccountTokenCreator` role on the
	// service account that is specified in the `name` field of the request.
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
	// wildcard character is required; replacing it with a project ID is
	// invalid.
	Delegates []string `json:"delegates,omitempty"`

	// Payload: Required. The JWT payload to sign. Must be a serialized JSON
	// object that contains a JWT Claims Set. For example: `{"sub":
	// "user@example.com", "iat": 313435}` If the JWT Claims Set contains an
	// expiration time (`exp`) claim, it must be an integer timestamp that
	// is not in the past and no more than 12 hours in the future.
	Payload string `json:"payload,omitempty"`

	// ForceSendFields is a list of field names (e.g. "Delegates") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "Delegates") to include in
	// API requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*SignJwtRequest) MarshalJSON 

func (s *SignJwtRequest) MarshalJSON() ([]byte, error)

type SignJwtResponse 

type SignJwtResponse struct {
	// KeyId: The ID of the key used to sign the JWT. The key used for
	// signing will remain valid for at least 12 hours after the JWT is
	// signed. To verify the signature, you can retrieve the public key in
	// several formats from the following endpoints: - RSA public key
	// wrapped in an X.509 v3 certificate:
	// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT
	// _EMAIL}` - Raw key in JSON format:
	// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_
	// EMAIL}` - JSON Web Key (JWK):
	// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_
	// EMAIL}`
	KeyId string `json:"keyId,omitempty"`

	// SignedJwt: The signed JWT. Contains the automatically generated
	// header; the client-supplied payload; and the signature, which is
	// generated using the key referenced by the `kid` field in the header.
	// After the key pair referenced by the `key_id` response field expires,
	// Google no longer exposes the public key that can be used to verify
	// the JWT. As a result, the receiver can no longer verify the
	// signature.
	SignedJwt string `json:"signedJwt,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the
	// server.
	googleapi.ServerResponse `json:"-"`

	// ForceSendFields is a list of field names (e.g. "KeyId") to
	// unconditionally include in API requests. By default, fields with
	// empty or default values are omitted from API requests. However, any
	// non-pointer, non-interface field appearing in ForceSendFields will be
	// sent to the server regardless of whether the field is empty or not.
	// This may be used to include empty fields in Patch requests.
	ForceSendFields []string `json:"-"`

	// NullFields is a list of field names (e.g. "KeyId") to include in API
	// requests with the JSON null value. By default, fields with empty
	// values are omitted from API requests. However, any field with an
	// empty value appearing in NullFields will be sent to the server as
	// null. It is an error if a field in this list has a non-empty value.
	// This may be used to include null fields in Patch requests.
	NullFields []string `json:"-"`
}

func (*SignJwtResponse) MarshalJSON 

func (s *SignJwtResponse) MarshalJSON() ([]byte, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.