Documentation
¶
Overview ¶
Package iamcredentials provides access to the IAM Service Account Credentials API.
For product documentation, see: https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
Creating a client ¶
Usage example:
import "google.golang.org/api/iamcredentials/v1" ... ctx := context.Background() iamcredentialsService, err := iamcredentials.NewService(ctx)
In this example, Google Application Default Credentials are used for authentication.
For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
Other authentication options ¶
To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithAPIKey("AIza..."))
To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
config := &oauth2.Config{...}
// ...
token, err := config.Exchange(ctx, ...)
iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
See https://godoc.org/google.golang.org/api/option/ for details on options.
Index ¶
- Constants
- type GenerateAccessTokenRequest
- type GenerateAccessTokenResponse
- type GenerateIdTokenRequest
- type GenerateIdTokenResponse
- type ProjectsService
- type ProjectsServiceAccountsGenerateAccessTokenCall
- func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateAccessTokenCall
- func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Do(opts ...googleapi.CallOption) (*GenerateAccessTokenResponse, error)
- func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateAccessTokenCall
- func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Header() http.Header
- type ProjectsServiceAccountsGenerateIdTokenCall
- func (c *ProjectsServiceAccountsGenerateIdTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateIdTokenCall
- func (c *ProjectsServiceAccountsGenerateIdTokenCall) Do(opts ...googleapi.CallOption) (*GenerateIdTokenResponse, error)
- func (c *ProjectsServiceAccountsGenerateIdTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateIdTokenCall
- func (c *ProjectsServiceAccountsGenerateIdTokenCall) Header() http.Header
- type ProjectsServiceAccountsService
- func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall
- func (r *ProjectsServiceAccountsService) GenerateIdToken(name string, generateidtokenrequest *GenerateIdTokenRequest) *ProjectsServiceAccountsGenerateIdTokenCall
- func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall
- func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall
- type ProjectsServiceAccountsSignBlobCall
- func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall
- func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error)
- func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall
- func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header
- type ProjectsServiceAccountsSignJwtCall
- func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall
- func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error)
- func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall
- func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header
- type Service
- type SignBlobRequest
- type SignBlobResponse
- type SignJwtRequest
- type SignJwtResponse
Constants ¶
View Source
const ( // See, edit, configure, and delete your Google Cloud data and see the // email address for your Google Account. CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" )
OAuth2 scopes used by this API.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GenerateAccessTokenRequest ¶
type GenerateAccessTokenRequest struct {
// Delegates: The sequence of service accounts in a delegation chain.
// This field is required for delegated requests
// (https://cloud.google.com/iam/help/credentials/delegated-request).
// For direct requests
// (https://cloud.google.com/iam/help/credentials/direct-request), which
// are more common, do not specify this field. Each service account must
// be granted the `roles/iam.serviceAccountTokenCreator` role on its
// next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request. The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
Delegates []string `json:"delegates,omitempty"`
// Lifetime: The desired lifetime duration of the access token in
// seconds. By default, the maximum allowed value is 1 hour. To set a
// lifetime of up to 12 hours, you can add the service account as an
// allowed value in an Organization Policy that enforces the
// `constraints/iam.allowServiceAccountCredentialLifetimeExtension`
// constraint. See detailed instructions at
// https://cloud.google.com/iam/help/credentials/lifetime If a value is
// not specified, the token's lifetime will be set to a default value of
// 1 hour.
Lifetime string `json:"lifetime,omitempty"`
// Scope: Required. Code to identify the scopes to be included in the
// OAuth 2.0 access token. See
// https://developers.google.com/identity/protocols/googlescopes for
// more information. At least one value required.
Scope []string `json:"scope,omitempty"`
// ForceSendFields is a list of field names (e.g. "Delegates") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Delegates") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*GenerateAccessTokenRequest) MarshalJSON ¶
func (s *GenerateAccessTokenRequest) MarshalJSON() ([]byte, error)
type GenerateAccessTokenResponse ¶
type GenerateAccessTokenResponse struct {
// AccessToken: The OAuth 2.0 access token.
AccessToken string `json:"accessToken,omitempty"`
// ExpireTime: Token expiration time. The expiration time is always set.
ExpireTime string `json:"expireTime,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "AccessToken") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AccessToken") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*GenerateAccessTokenResponse) MarshalJSON ¶
func (s *GenerateAccessTokenResponse) MarshalJSON() ([]byte, error)
type GenerateIdTokenRequest ¶
type GenerateIdTokenRequest struct {
// Audience: Required. The audience for the token, such as the API or
// account that this token grants access to.
Audience string `json:"audience,omitempty"`
// Delegates: The sequence of service accounts in a delegation chain.
// Each service account must be granted the
// `roles/iam.serviceAccountTokenCreator` role on its next service
// account in the chain. The last service account in the chain must be
// granted the `roles/iam.serviceAccountTokenCreator` role on the
// service account that is specified in the `name` field of the request.
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
Delegates []string `json:"delegates,omitempty"`
// IncludeEmail: Include the service account email in the token. If set
// to `true`, the token will contain `email` and `email_verified`
// claims.
IncludeEmail bool `json:"includeEmail,omitempty"`
// ForceSendFields is a list of field names (e.g. "Audience") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Audience") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*GenerateIdTokenRequest) MarshalJSON ¶
func (s *GenerateIdTokenRequest) MarshalJSON() ([]byte, error)
type GenerateIdTokenResponse ¶
type GenerateIdTokenResponse struct {
// Token: The OpenId Connect ID token.
Token string `json:"token,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Token") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Token") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*GenerateIdTokenResponse) MarshalJSON ¶
func (s *GenerateIdTokenResponse) MarshalJSON() ([]byte, error)
type ProjectsService ¶
type ProjectsService struct {
ServiceAccounts *ProjectsServiceAccountsService
// contains filtered or unexported fields
}
func NewProjectsService ¶
func NewProjectsService(s *Service) *ProjectsService
type ProjectsServiceAccountsGenerateAccessTokenCall ¶
type ProjectsServiceAccountsGenerateAccessTokenCall struct {
// contains filtered or unexported fields
}
func (*ProjectsServiceAccountsGenerateAccessTokenCall) Context ¶
func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateAccessTokenCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*ProjectsServiceAccountsGenerateAccessTokenCall) Do ¶
func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Do(opts ...googleapi.CallOption) (*GenerateAccessTokenResponse, error)
Do executes the "iamcredentials.projects.serviceAccounts.generateAccessToken" call. Exactly one of *GenerateAccessTokenResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *GenerateAccessTokenResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*ProjectsServiceAccountsGenerateAccessTokenCall) Fields ¶
func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateAccessTokenCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*ProjectsServiceAccountsGenerateAccessTokenCall) Header ¶
func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type ProjectsServiceAccountsGenerateIdTokenCall ¶
type ProjectsServiceAccountsGenerateIdTokenCall struct {
// contains filtered or unexported fields
}
func (*ProjectsServiceAccountsGenerateIdTokenCall) Context ¶
func (c *ProjectsServiceAccountsGenerateIdTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateIdTokenCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*ProjectsServiceAccountsGenerateIdTokenCall) Do ¶
func (c *ProjectsServiceAccountsGenerateIdTokenCall) Do(opts ...googleapi.CallOption) (*GenerateIdTokenResponse, error)
Do executes the "iamcredentials.projects.serviceAccounts.generateIdToken" call. Exactly one of *GenerateIdTokenResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *GenerateIdTokenResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*ProjectsServiceAccountsGenerateIdTokenCall) Fields ¶
func (c *ProjectsServiceAccountsGenerateIdTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateIdTokenCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*ProjectsServiceAccountsGenerateIdTokenCall) Header ¶
func (c *ProjectsServiceAccountsGenerateIdTokenCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type ProjectsServiceAccountsService ¶
type ProjectsServiceAccountsService struct {
// contains filtered or unexported fields
}
func NewProjectsServiceAccountsService ¶
func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService
func (*ProjectsServiceAccountsService) GenerateAccessToken ¶
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall
GenerateAccessToken: Generates an OAuth 2.0 access token for a service account.
- name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
func (*ProjectsServiceAccountsService) GenerateIdToken ¶
func (r *ProjectsServiceAccountsService) GenerateIdToken(name string, generateidtokenrequest *GenerateIdTokenRequest) *ProjectsServiceAccountsGenerateIdTokenCall
GenerateIdToken: Generates an OpenID Connect ID token for a service account.
- name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
func (*ProjectsServiceAccountsService) SignBlob ¶
func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall
SignBlob: Signs a blob using a service account's system-managed private key.
- name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
func (*ProjectsServiceAccountsService) SignJwt ¶
func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall
SignJwt: Signs a JWT using a service account's system-managed private key.
- name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
type ProjectsServiceAccountsSignBlobCall ¶
type ProjectsServiceAccountsSignBlobCall struct {
// contains filtered or unexported fields
}
func (*ProjectsServiceAccountsSignBlobCall) Context ¶
func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*ProjectsServiceAccountsSignBlobCall) Do ¶
func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error)
Do executes the "iamcredentials.projects.serviceAccounts.signBlob" call. Exactly one of *SignBlobResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *SignBlobResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*ProjectsServiceAccountsSignBlobCall) Fields ¶
func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*ProjectsServiceAccountsSignBlobCall) Header ¶
func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type ProjectsServiceAccountsSignJwtCall ¶
type ProjectsServiceAccountsSignJwtCall struct {
// contains filtered or unexported fields
}
func (*ProjectsServiceAccountsSignJwtCall) Context ¶
func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*ProjectsServiceAccountsSignJwtCall) Do ¶
func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error)
Do executes the "iamcredentials.projects.serviceAccounts.signJwt" call. Exactly one of *SignJwtResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *SignJwtResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*ProjectsServiceAccountsSignJwtCall) Fields ¶
func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*ProjectsServiceAccountsSignJwtCall) Header ¶
func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type Service ¶
type Service struct {
BasePath string // API endpoint base URL
UserAgent string // optional additional User-Agent fragment
Projects *ProjectsService
// contains filtered or unexported fields
}
func New
deprecated
New creates a new Service. It uses the provided http.Client for requests.
Deprecated: please use NewService instead. To provide a custom HTTP client, use option.WithHTTPClient. If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
func NewService ¶ added in v0.3.0
NewService creates a new Service.
type SignBlobRequest ¶
type SignBlobRequest struct {
// Delegates: The sequence of service accounts in a delegation chain.
// Each service account must be granted the
// `roles/iam.serviceAccountTokenCreator` role on its next service
// account in the chain. The last service account in the chain must be
// granted the `roles/iam.serviceAccountTokenCreator` role on the
// service account that is specified in the `name` field of the request.
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
Delegates []string `json:"delegates,omitempty"`
// Payload: Required. The bytes to sign.
Payload string `json:"payload,omitempty"`
// ForceSendFields is a list of field names (e.g. "Delegates") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Delegates") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*SignBlobRequest) MarshalJSON ¶
func (s *SignBlobRequest) MarshalJSON() ([]byte, error)
type SignBlobResponse ¶
type SignBlobResponse struct {
// KeyId: The ID of the key used to sign the blob. The key used for
// signing will remain valid for at least 12 hours after the blob is
// signed. To verify the signature, you can retrieve the public key in
// several formats from the following endpoints: - RSA public key
// wrapped in an X.509 v3 certificate:
// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT
// _EMAIL}` - Raw key in JSON format:
// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_
// EMAIL}` - JSON Web Key (JWK):
// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_
// EMAIL}`
KeyId string `json:"keyId,omitempty"`
// SignedBlob: The signature for the blob. Does not include the original
// blob. After the key pair referenced by the `key_id` response field
// expires, Google no longer exposes the public key that can be used to
// verify the blob. As a result, the receiver can no longer verify the
// signature.
SignedBlob string `json:"signedBlob,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "KeyId") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyId") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*SignBlobResponse) MarshalJSON ¶
func (s *SignBlobResponse) MarshalJSON() ([]byte, error)
type SignJwtRequest ¶
type SignJwtRequest struct {
// Delegates: The sequence of service accounts in a delegation chain.
// Each service account must be granted the
// `roles/iam.serviceAccountTokenCreator` role on its next service
// account in the chain. The last service account in the chain must be
// granted the `roles/iam.serviceAccountTokenCreator` role on the
// service account that is specified in the `name` field of the request.
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
Delegates []string `json:"delegates,omitempty"`
// Payload: Required. The JWT payload to sign. Must be a serialized JSON
// object that contains a JWT Claims Set. For example: `{"sub":
// "user@example.com", "iat": 313435}` If the JWT Claims Set contains an
// expiration time (`exp`) claim, it must be an integer timestamp that
// is not in the past and no more than 12 hours in the future.
Payload string `json:"payload,omitempty"`
// ForceSendFields is a list of field names (e.g. "Delegates") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Delegates") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*SignJwtRequest) MarshalJSON ¶
func (s *SignJwtRequest) MarshalJSON() ([]byte, error)
type SignJwtResponse ¶
type SignJwtResponse struct {
// KeyId: The ID of the key used to sign the JWT. The key used for
// signing will remain valid for at least 12 hours after the JWT is
// signed. To verify the signature, you can retrieve the public key in
// several formats from the following endpoints: - RSA public key
// wrapped in an X.509 v3 certificate:
// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT
// _EMAIL}` - Raw key in JSON format:
// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_
// EMAIL}` - JSON Web Key (JWK):
// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_
// EMAIL}`
KeyId string `json:"keyId,omitempty"`
// SignedJwt: The signed JWT. Contains the automatically generated
// header; the client-supplied payload; and the signature, which is
// generated using the key referenced by the `kid` field in the header.
// After the key pair referenced by the `key_id` response field expires,
// Google no longer exposes the public key that can be used to verify
// the JWT. As a result, the receiver can no longer verify the
// signature.
SignedJwt string `json:"signedJwt,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "KeyId") to
// unconditionally include in API requests. By default, fields with
// empty or default values are omitted from API requests. However, any
// non-pointer, non-interface field appearing in ForceSendFields will be
// sent to the server regardless of whether the field is empty or not.
// This may be used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyId") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (*SignJwtResponse) MarshalJSON ¶
func (s *SignJwtResponse) MarshalJSON() ([]byte, error)
Source Files
Click to show internal directories.
Click to hide internal directories.