iamcredentials

type GenerateAccessTokenRequest struct {
	// Delegates: The sequence of service accounts in a delegation chain. This
	// field is required for delegated requests
	// (https://cloud.google.com/iam/help/credentials/delegated-request). For
	// direct requests
	// (https://cloud.google.com/iam/help/credentials/direct-request), which are
	// more common, do not specify this field. Each service account must be granted
	// the `roles/iam.serviceAccountTokenCreator` role on its next service account
	// in the chain. The last service account in the chain must be granted the
	// `roles/iam.serviceAccountTokenCreator` role on the service account that is
	// specified in the `name` field of the request. The delegates must have the
	// following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
	// The `-` wildcard character is required; replacing it with a project ID is
	// invalid.
	Delegates []string `json:"delegates,omitempty"`
	// Lifetime: The desired lifetime duration of the access token in seconds. By
	// default, the maximum allowed value is 1 hour. To set a lifetime of up to 12
	// hours, you can add the service account as an allowed value in an
	// Organization Policy that enforces the
	// `constraints/iam.allowServiceAccountCredentialLifetimeExtension` constraint.
	// See detailed instructions at
	// https://cloud.google.com/iam/help/credentials/lifetime If a value is not
	// specified, the token's lifetime will be set to a default value of 1 hour.
	Lifetime string `json:"lifetime,omitempty"`
	// Scope: Required. Code to identify the scopes to be included in the OAuth 2.0
	// access token. See
	// https://developers.google.com/identity/protocols/googlescopes for more
	// information. At least one value required.
	Scope []string `json:"scope,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Delegates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Delegates") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type GenerateAccessTokenResponse struct {
	// AccessToken: The OAuth 2.0 access token.
	AccessToken string `json:"accessToken,omitempty"`
	// ExpireTime: Token expiration time. The expiration time is always set.
	ExpireTime string `json:"expireTime,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "AccessToken") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "AccessToken") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type GenerateIdTokenRequest struct {
	// Audience: Required. The audience for the token, such as the API or account
	// that this token grants access to.
	Audience string `json:"audience,omitempty"`
	// Delegates: The sequence of service accounts in a delegation chain. Each
	// service account must be granted the `roles/iam.serviceAccountTokenCreator`
	// role on its next service account in the chain. The last service account in
	// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on
	// the service account that is specified in the `name` field of the request.
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `json:"delegates,omitempty"`
	// IncludeEmail: Include the service account email in the token. If set to
	// `true`, the token will contain `email` and `email_verified` claims.
	IncludeEmail bool `json:"includeEmail,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Audience") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Audience") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type GenerateIdTokenResponse struct {
	// Token: The OpenId Connect ID token.
	Token string `json:"token,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "Token") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Token") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type ProjectsService struct {
	ServiceAccounts *ProjectsServiceAccountsService
	// contains filtered or unexported fields
}

type ProjectsServiceAccountsGenerateAccessTokenCall struct {
	// contains filtered or unexported fields
}

type ProjectsServiceAccountsGenerateIdTokenCall struct {
	// contains filtered or unexported fields
}

type ProjectsServiceAccountsService struct {
	// contains filtered or unexported fields
}

type ProjectsServiceAccountsSignBlobCall struct {
	// contains filtered or unexported fields
}

type ProjectsServiceAccountsSignJwtCall struct {
	// contains filtered or unexported fields
}

type Service struct {
	BasePath  string // API endpoint base URL
	UserAgent string // optional additional User-Agent fragment

	Projects *ProjectsService
	// contains filtered or unexported fields
}

type SignBlobRequest struct {
	// Delegates: The sequence of service accounts in a delegation chain. Each
	// service account must be granted the `roles/iam.serviceAccountTokenCreator`
	// role on its next service account in the chain. The last service account in
	// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on
	// the service account that is specified in the `name` field of the request.
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `json:"delegates,omitempty"`
	// Payload: Required. The bytes to sign.
	Payload string `json:"payload,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Delegates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Delegates") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type SignBlobResponse struct {
	// KeyId: The ID of the key used to sign the blob. The key used for signing
	// will remain valid for at least 12 hours after the blob is signed. To verify
	// the signature, you can retrieve the public key in several formats from the
	// following endpoints: - RSA public key wrapped in an X.509 v3 certificate:
	// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}
	// ` - Raw key in JSON format:
	// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`
	//  - JSON Web Key (JWK):
	// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`
	KeyId string `json:"keyId,omitempty"`
	// SignedBlob: The signature for the blob. Does not include the original blob.
	// After the key pair referenced by the `key_id` response field expires, Google
	// no longer exposes the public key that can be used to verify the blob. As a
	// result, the receiver can no longer verify the signature.
	SignedBlob string `json:"signedBlob,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "KeyId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type SignJwtRequest struct {
	// Delegates: The sequence of service accounts in a delegation chain. Each
	// service account must be granted the `roles/iam.serviceAccountTokenCreator`
	// role on its next service account in the chain. The last service account in
	// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on
	// the service account that is specified in the `name` field of the request.
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `json:"delegates,omitempty"`
	// Payload: Required. The JWT payload to sign. Must be a serialized JSON object
	// that contains a JWT Claims Set. For example: `{"sub": "user@example.com",
	// "iat": 313435}` If the JWT Claims Set contains an expiration time (`exp`)
	// claim, it must be an integer timestamp that is not in the past and no more
	// than 12 hours in the future.
	Payload string `json:"payload,omitempty"`
	// ForceSendFields is a list of field names (e.g. "Delegates") to
	// unconditionally include in API requests. By default, fields with empty or
	// default values are omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "Delegates") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}

type SignJwtResponse struct {
	// KeyId: The ID of the key used to sign the JWT. The key used for signing will
	// remain valid for at least 12 hours after the JWT is signed. To verify the
	// signature, you can retrieve the public key in several formats from the
	// following endpoints: - RSA public key wrapped in an X.509 v3 certificate:
	// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}
	// ` - Raw key in JSON format:
	// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`
	//  - JSON Web Key (JWK):
	// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`
	KeyId string `json:"keyId,omitempty"`
	// SignedJwt: The signed JWT. Contains the automatically generated header; the
	// client-supplied payload; and the signature, which is generated using the key
	// referenced by the `kid` field in the header. After the key pair referenced
	// by the `key_id` response field expires, Google no longer exposes the public
	// key that can be used to verify the JWT. As a result, the receiver can no
	// longer verify the signature.
	SignedJwt string `json:"signedJwt,omitempty"`

	// ServerResponse contains the HTTP response code and headers from the server.
	googleapi.ServerResponse `json:"-"`
	// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally
	// include in API requests. By default, fields with empty or default values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
	// details.
	ForceSendFields []string `json:"-"`
	// NullFields is a list of field names (e.g. "KeyId") to include in API
	// requests with the JSON null value. By default, fields with empty values are
	// omitted from API requests. See
	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
	NullFields []string `json:"-"`
}