api: google.golang.org/api/iamcredentials/v1 Index | Files

package iamcredentials

import "google.golang.org/api/iamcredentials/v1"

Package iamcredentials provides access to the IAM Service Account Credentials API.

For product documentation, see: https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials

Creating a client

Usage example:

import "google.golang.org/api/iamcredentials/v1"
...
ctx := context.Background()
iamcredentialsService, err := iamcredentials.NewService(ctx)

In this example, Google Application Default Credentials are used for authentication.

For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.

Other authentication options

To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:

iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithAPIKey("AIza..."))

To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:

config := &oauth2.Config{...}
// ...
token, err := config.Exchange(ctx, ...)
iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))

See https://godoc.org/google.golang.org/api/option/ for details on options.

Index

Package Files

iamcredentials-gen.go

Constants

const (
    // View and manage your data across Google Cloud Platform services
    CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)

OAuth2 scopes used by this API.

type GenerateAccessTokenRequest Uses

type GenerateAccessTokenRequest struct {
    // Delegates: The sequence of service accounts in a delegation chain.
    // Each service
    // account must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on its next service account in the chain. The last service account in
    // the
    // chain must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on the service account that is specified in the `name` field of
    // the
    // request.
    //
    // The delegates must have the following
    // format:
    // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
    // wildcard
    // character is required; replacing it with a project ID is invalid.
    Delegates []string `json:"delegates,omitempty"`

    // Lifetime: The desired lifetime duration of the access token in
    // seconds.
    // Must be set to a value less than or equal to 3600 (1 hour). If a
    // value is
    // not specified, the token's lifetime will be set to a default value of
    // one
    // hour.
    Lifetime string `json:"lifetime,omitempty"`

    // Scope: Code to identify the scopes to be included in the OAuth 2.0
    // access token.
    // See https://developers.google.com/identity/protocols/googlescopes for
    // more
    // information.
    // At least one value required.
    Scope []string `json:"scope,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Delegates") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Delegates") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*GenerateAccessTokenRequest) MarshalJSON Uses

func (s *GenerateAccessTokenRequest) MarshalJSON() ([]byte, error)

type GenerateAccessTokenResponse Uses

type GenerateAccessTokenResponse struct {
    // AccessToken: The OAuth 2.0 access token.
    AccessToken string `json:"accessToken,omitempty"`

    // ExpireTime: Token expiration time.
    // The expiration time is always set.
    ExpireTime string `json:"expireTime,omitempty"`

    // ServerResponse contains the HTTP response code and headers from the
    // server.
    googleapi.ServerResponse `json:"-"`

    // ForceSendFields is a list of field names (e.g. "AccessToken") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "AccessToken") to include
    // in API requests with the JSON null value. By default, fields with
    // empty values are omitted from API requests. However, any field with
    // an empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*GenerateAccessTokenResponse) MarshalJSON Uses

func (s *GenerateAccessTokenResponse) MarshalJSON() ([]byte, error)

type GenerateIdTokenRequest Uses

type GenerateIdTokenRequest struct {
    // Audience: The audience for the token, such as the API or account that
    // this token
    // grants access to.
    Audience string `json:"audience,omitempty"`

    // Delegates: The sequence of service accounts in a delegation chain.
    // Each service
    // account must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on its next service account in the chain. The last service account in
    // the
    // chain must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on the service account that is specified in the `name` field of
    // the
    // request.
    //
    // The delegates must have the following
    // format:
    // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
    // wildcard
    // character is required; replacing it with a project ID is invalid.
    Delegates []string `json:"delegates,omitempty"`

    // IncludeEmail: Include the service account email in the token. If set
    // to `true`, the
    // token will contain `email` and `email_verified` claims.
    IncludeEmail bool `json:"includeEmail,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Audience") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Audience") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*GenerateIdTokenRequest) MarshalJSON Uses

func (s *GenerateIdTokenRequest) MarshalJSON() ([]byte, error)

type GenerateIdTokenResponse Uses

type GenerateIdTokenResponse struct {
    // Token: The OpenId Connect ID token.
    Token string `json:"token,omitempty"`

    // ServerResponse contains the HTTP response code and headers from the
    // server.
    googleapi.ServerResponse `json:"-"`

    // ForceSendFields is a list of field names (e.g. "Token") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Token") to include in API
    // requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*GenerateIdTokenResponse) MarshalJSON Uses

func (s *GenerateIdTokenResponse) MarshalJSON() ([]byte, error)

type ProjectsService Uses

type ProjectsService struct {
    ServiceAccounts *ProjectsServiceAccountsService
    // contains filtered or unexported fields
}

func NewProjectsService Uses

func NewProjectsService(s *Service) *ProjectsService

type ProjectsServiceAccountsGenerateAccessTokenCall Uses

type ProjectsServiceAccountsGenerateAccessTokenCall struct {
    // contains filtered or unexported fields
}

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Context Uses

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateAccessTokenCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Do Uses

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Do(opts ...googleapi.CallOption) (*GenerateAccessTokenResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.generateAccessToken" call. Exactly one of *GenerateAccessTokenResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *GenerateAccessTokenResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Fields Uses

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateAccessTokenCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsGenerateAccessTokenCall) Header Uses

func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type ProjectsServiceAccountsGenerateIdTokenCall Uses

type ProjectsServiceAccountsGenerateIdTokenCall struct {
    // contains filtered or unexported fields
}

func (*ProjectsServiceAccountsGenerateIdTokenCall) Context Uses

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateIdTokenCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsGenerateIdTokenCall) Do Uses

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Do(opts ...googleapi.CallOption) (*GenerateIdTokenResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.generateIdToken" call. Exactly one of *GenerateIdTokenResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *GenerateIdTokenResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsGenerateIdTokenCall) Fields Uses

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateIdTokenCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsGenerateIdTokenCall) Header Uses

func (c *ProjectsServiceAccountsGenerateIdTokenCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type ProjectsServiceAccountsService Uses

type ProjectsServiceAccountsService struct {
    // contains filtered or unexported fields
}

func NewProjectsServiceAccountsService Uses

func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService

func (*ProjectsServiceAccountsService) GenerateAccessToken Uses

func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall

GenerateAccessToken: Generates an OAuth 2.0 access token for a service account.

func (*ProjectsServiceAccountsService) GenerateIdToken Uses

func (r *ProjectsServiceAccountsService) GenerateIdToken(name string, generateidtokenrequest *GenerateIdTokenRequest) *ProjectsServiceAccountsGenerateIdTokenCall

GenerateIdToken: Generates an OpenID Connect ID token for a service account.

func (*ProjectsServiceAccountsService) SignBlob Uses

func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall

SignBlob: Signs a blob using a service account's system-managed private key.

func (*ProjectsServiceAccountsService) SignJwt Uses

func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall

SignJwt: Signs a JWT using a service account's system-managed private key.

type ProjectsServiceAccountsSignBlobCall Uses

type ProjectsServiceAccountsSignBlobCall struct {
    // contains filtered or unexported fields
}

func (*ProjectsServiceAccountsSignBlobCall) Context Uses

func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsSignBlobCall) Do Uses

func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.signBlob" call. Exactly one of *SignBlobResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *SignBlobResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsSignBlobCall) Fields Uses

func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsSignBlobCall) Header Uses

func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type ProjectsServiceAccountsSignJwtCall Uses

type ProjectsServiceAccountsSignJwtCall struct {
    // contains filtered or unexported fields
}

func (*ProjectsServiceAccountsSignJwtCall) Context Uses

func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*ProjectsServiceAccountsSignJwtCall) Do Uses

func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error)

Do executes the "iamcredentials.projects.serviceAccounts.signJwt" call. Exactly one of *SignJwtResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *SignJwtResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*ProjectsServiceAccountsSignJwtCall) Fields Uses

func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*ProjectsServiceAccountsSignJwtCall) Header Uses

func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type Service Uses

type Service struct {
    BasePath  string // API endpoint base URL
    UserAgent string // optional additional User-Agent fragment

    Projects *ProjectsService
    // contains filtered or unexported fields
}

func New Uses

func New(client *http.Client) (*Service, error)

New creates a new Service. It uses the provided http.Client for requests.

Deprecated: please use NewService instead. To provide a custom HTTP client, use option.WithHTTPClient. If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.

func NewService Uses

func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error)

NewService creates a new Service.

type SignBlobRequest Uses

type SignBlobRequest struct {
    // Delegates: The sequence of service accounts in a delegation chain.
    // Each service
    // account must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on its next service account in the chain. The last service account in
    // the
    // chain must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on the service account that is specified in the `name` field of
    // the
    // request.
    //
    // The delegates must have the following
    // format:
    // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
    // wildcard
    // character is required; replacing it with a project ID is invalid.
    Delegates []string `json:"delegates,omitempty"`

    // Payload: The bytes to sign.
    Payload string `json:"payload,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Delegates") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Delegates") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*SignBlobRequest) MarshalJSON Uses

func (s *SignBlobRequest) MarshalJSON() ([]byte, error)

type SignBlobResponse Uses

type SignBlobResponse struct {
    // KeyId: The ID of the key used to sign the blob.
    KeyId string `json:"keyId,omitempty"`

    // SignedBlob: The signed blob.
    SignedBlob string `json:"signedBlob,omitempty"`

    // ServerResponse contains the HTTP response code and headers from the
    // server.
    googleapi.ServerResponse `json:"-"`

    // ForceSendFields is a list of field names (e.g. "KeyId") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "KeyId") to include in API
    // requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*SignBlobResponse) MarshalJSON Uses

func (s *SignBlobResponse) MarshalJSON() ([]byte, error)

type SignJwtRequest Uses

type SignJwtRequest struct {
    // Delegates: The sequence of service accounts in a delegation chain.
    // Each service
    // account must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on its next service account in the chain. The last service account in
    // the
    // chain must be granted the `roles/iam.serviceAccountTokenCreator`
    // role
    // on the service account that is specified in the `name` field of
    // the
    // request.
    //
    // The delegates must have the following
    // format:
    // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
    // wildcard
    // character is required; replacing it with a project ID is invalid.
    Delegates []string `json:"delegates,omitempty"`

    // Payload: The JWT payload to sign: a JSON object that contains a JWT
    // Claims Set.
    Payload string `json:"payload,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Delegates") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Delegates") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*SignJwtRequest) MarshalJSON Uses

func (s *SignJwtRequest) MarshalJSON() ([]byte, error)

type SignJwtResponse Uses

type SignJwtResponse struct {
    // KeyId: The ID of the key used to sign the JWT.
    KeyId string `json:"keyId,omitempty"`

    // SignedJwt: The signed JWT.
    SignedJwt string `json:"signedJwt,omitempty"`

    // ServerResponse contains the HTTP response code and headers from the
    // server.
    googleapi.ServerResponse `json:"-"`

    // ForceSendFields is a list of field names (e.g. "KeyId") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "KeyId") to include in API
    // requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

func (*SignJwtResponse) MarshalJSON Uses

func (s *SignJwtResponse) MarshalJSON() ([]byte, error)

Package iamcredentials imports 14 packages (graph) and is imported by 1 packages. Updated 2019-07-12. Refresh now. Tools for package owners.