Movatterモバイル変換

[0]ホーム
URL:

iamcredentials

package
v0.257.0Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Dec 2, 2025 License:BSD-3-ClauseImports:18Imported by:72

Details

Repository

github.com/googleapis/google-api-go-client

Links

Documentation

Overview

Package iamcredentials provides access to the IAM Service Account Credentials API.

For product documentation, see:https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials

Library status

These client libraries are officially supported by Google. However, thislibrary is considered complete and is in maintenance mode. This meansthat we will address critical bugs and security issues but will not addany new features.

When possible, we recommend using our newer[Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go)that are still actively being worked and iterated on.

Creating a client

Usage example:

import "google.golang.org/api/iamcredentials/v1"...ctx := context.Background()iamcredentialsService, err := iamcredentials.NewService(ctx)

In this example, Google Application Default Credentials are used forauthentication. For information on how to create and obtain ApplicationDefault Credentials, seehttps://developers.google.com/identity/protocols/application-default-credentials.

Other authentication options

To use an API key for authentication (note: some APIs do not support APIkeys), usegoogle.golang.org/api/option.WithAPIKey:

iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithAPIKey("AIza..."))

To use an OAuth token (e.g., a user token obtained via a three-legged OAuthflow, usegoogle.golang.org/api/option.WithTokenSource:

config := &oauth2.Config{...}// ...token, err := config.Exchange(ctx, ...)iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))

Seegoogle.golang.org/api/option.ClientOption for details on options.

Index

Constants

View Source
const (// See, edit, configure, and delete your Google Cloud data and see the email// address for your Google Account.CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform")

OAuth2 scopes used by this API.

Variables

This section is empty.

Functions

This section is empty.

Types

typeGenerateAccessTokenRequest

type GenerateAccessTokenRequest struct {// Delegates: The sequence of service accounts in a delegation chain. This// field is required for delegated requests// (https://cloud.google.com/iam/help/credentials/delegated-request). For// direct requests// (https://cloud.google.com/iam/help/credentials/direct-request), which are// more common, do not specify this field. Each service account must be granted// the `roles/iam.serviceAccountTokenCreator` role on its next service account// in the chain. The last service account in the chain must be granted the// `roles/iam.serviceAccountTokenCreator` role on the service account that is// specified in the `name` field of the request. The delegates must have the// following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.// The `-` wildcard character is required; replacing it with a project ID is// invalid.Delegates []string `json:"delegates,omitempty"`// Lifetime: The desired lifetime duration of the access token in seconds. By// default, the maximum allowed value is 1 hour. To set a lifetime of up to 12// hours, you can add the service account as an allowed value in an// Organization Policy that enforces the// `constraints/iam.allowServiceAccountCredentialLifetimeExtension` constraint.// See detailed instructions at//https://cloud.google.com/iam/help/credentials/lifetime If a value is not// specified, the token's lifetime will be set to a default value of 1 hour.Lifetimestring `json:"lifetime,omitempty"`// Scope: Required. Code to identify the scopes to be included in the OAuth 2.0// access token. See//https://developers.google.com/identity/protocols/googlescopes for more// information. At least one value required.Scope []string `json:"scope,omitempty"`// ForceSendFields is a list of field names (e.g. "Delegates") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "Delegates") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (GenerateAccessTokenRequest)MarshalJSON

func (sGenerateAccessTokenRequest) MarshalJSON() ([]byte,error)

typeGenerateAccessTokenResponse

type GenerateAccessTokenResponse struct {// AccessToken: The OAuth 2.0 access token.AccessTokenstring `json:"accessToken,omitempty"`// ExpireTime: Token expiration time. The expiration time is always set.ExpireTimestring `json:"expireTime,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "AccessToken") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "AccessToken") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (GenerateAccessTokenResponse)MarshalJSON

func (sGenerateAccessTokenResponse) MarshalJSON() ([]byte,error)

typeGenerateIdTokenRequest

type GenerateIdTokenRequest struct {// Audience: Required. The audience for the token, such as the API or account// that this token grants access to.Audiencestring `json:"audience,omitempty"`// Delegates: The sequence of service accounts in a delegation chain. Each// service account must be granted the `roles/iam.serviceAccountTokenCreator`// role on its next service account in the chain. The last service account in// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on// the service account that is specified in the `name` field of the request.// The delegates must have the following format:// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard// character is required; replacing it with a project ID is invalid.Delegates []string `json:"delegates,omitempty"`// IncludeEmail: Include the service account email in the token. If set to// `true`, the token will contain `email` and `email_verified` claims.IncludeEmailbool `json:"includeEmail,omitempty"`// OrganizationNumberIncluded: Include the organization number of the service// account in the token. If set to `true`, the token will contain a// `google.organization_number` claim. The value of the claim will be `null` if// the service account isn't associated with an organization.OrganizationNumberIncludedbool `json:"organizationNumberIncluded,omitempty"`// ForceSendFields is a list of field names (e.g. "Audience") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "Audience") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (GenerateIdTokenRequest)MarshalJSON

func (sGenerateIdTokenRequest) MarshalJSON() ([]byte,error)

typeGenerateIdTokenResponse

type GenerateIdTokenResponse struct {// Token: The OpenId Connect ID token. The token is a JSON Web Token (JWT) that// contains a payload with claims. See the JSON Web Token spec// (https://tools.ietf.org/html/rfc7519) for more information. Here is an// example of a decoded JWT payload: “` { "iss":// "https://accounts.google.com", "iat": 1496953245, "exp": 1496953245, "aud":// "https://www.example.com", "sub": "107517467455664443765", "azp":// "107517467455664443765", "email":// "my-iam-account@my-project.iam.gserviceaccount.com", "email_verified": true,// "google": { "organization_number": 123456 } } “`Tokenstring `json:"token,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "Token") to unconditionally// include in API requests. By default, fields with empty or default values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "Token") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (GenerateIdTokenResponse)MarshalJSON

func (sGenerateIdTokenResponse) MarshalJSON() ([]byte,error)

typeLocationsServiceadded inv0.231.0

type LocationsService struct {WorkforcePools *LocationsWorkforcePoolsService// contains filtered or unexported fields}

funcNewLocationsServiceadded inv0.231.0

func NewLocationsService(s *Service) *LocationsService

typeLocationsWorkforcePoolsGetAllowedLocationsCalladded inv0.231.0

type LocationsWorkforcePoolsGetAllowedLocationsCall struct {// contains filtered or unexported fields}

func (*LocationsWorkforcePoolsGetAllowedLocationsCall)Contextadded inv0.231.0

Context sets the context to be used in this call's Do method.

func (*LocationsWorkforcePoolsGetAllowedLocationsCall)Doadded inv0.231.0

Do executes the "iamcredentials.locations.workforcePools.getAllowedLocations" call.Any non-2xx status code is an error. Response headers are in either*WorkforcePoolAllowedLocations.ServerResponse.Header or (if a response wasreturned at all) in error.(*googleapi.Error).Header. Usegoogleapi.IsNotModified to check whether the returned error was becausehttp.StatusNotModified was returned.

func (*LocationsWorkforcePoolsGetAllowedLocationsCall)Fieldsadded inv0.231.0

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*LocationsWorkforcePoolsGetAllowedLocationsCall)Headeradded inv0.231.0

Header returns a http.Header that can be modified by the caller to addheaders to the request.

func (*LocationsWorkforcePoolsGetAllowedLocationsCall)IfNoneMatchadded inv0.231.0

IfNoneMatch sets an optional parameter which makes the operation fail if theobject's ETag matches the given value. This is useful for getting updatesonly after the object has changed since the last request.

typeLocationsWorkforcePoolsServiceadded inv0.231.0

type LocationsWorkforcePoolsService struct {// contains filtered or unexported fields}

funcNewLocationsWorkforcePoolsServiceadded inv0.231.0

func NewLocationsWorkforcePoolsService(s *Service) *LocationsWorkforcePoolsService

func (*LocationsWorkforcePoolsService)GetAllowedLocationsadded inv0.231.0

GetAllowedLocations: Returns the trust boundary info for a given workforcepool.

- name: Resource name of workforce pool.

typeProjectsLocationsServiceadded inv0.231.0

type ProjectsLocationsService struct {WorkloadIdentityPools *ProjectsLocationsWorkloadIdentityPoolsService// contains filtered or unexported fields}

funcNewProjectsLocationsServiceadded inv0.231.0

func NewProjectsLocationsService(s *Service) *ProjectsLocationsService

typeProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCalladded inv0.231.0

type ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall struct {// contains filtered or unexported fields}

func (*ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall)Contextadded inv0.231.0

Context sets the context to be used in this call's Do method.

func (*ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall)Doadded inv0.231.0

Do executes the "iamcredentials.projects.locations.workloadIdentityPools.getAllowedLocations" call.Any non-2xx status code is an error. Response headers are in either*WorkloadIdentityPoolAllowedLocations.ServerResponse.Header or (if aresponse was returned at all) in error.(*googleapi.Error).Header. Usegoogleapi.IsNotModified to check whether the returned error was becausehttp.StatusNotModified was returned.

func (*ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall)Fieldsadded inv0.231.0

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall)Headeradded inv0.231.0

Header returns a http.Header that can be modified by the caller to addheaders to the request.

func (*ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall)IfNoneMatchadded inv0.231.0

IfNoneMatch sets an optional parameter which makes the operation fail if theobject's ETag matches the given value. This is useful for getting updatesonly after the object has changed since the last request.

typeProjectsLocationsWorkloadIdentityPoolsServiceadded inv0.231.0

type ProjectsLocationsWorkloadIdentityPoolsService struct {// contains filtered or unexported fields}

funcNewProjectsLocationsWorkloadIdentityPoolsServiceadded inv0.231.0

func NewProjectsLocationsWorkloadIdentityPoolsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsService

func (*ProjectsLocationsWorkloadIdentityPoolsService)GetAllowedLocationsadded inv0.231.0

GetAllowedLocations: Returns the trust boundary info for a given workloadidentity pool.

- name: Resource name of workload identity pool.

typeProjectsService

type ProjectsService struct {Locations *ProjectsLocationsServiceServiceAccounts *ProjectsServiceAccountsService// contains filtered or unexported fields}

funcNewProjectsService

func NewProjectsService(s *Service) *ProjectsService

typeProjectsServiceAccountsGenerateAccessTokenCall

type ProjectsServiceAccountsGenerateAccessTokenCall struct {// contains filtered or unexported fields}

func (*ProjectsServiceAccountsGenerateAccessTokenCall)Context

Context sets the context to be used in this call's Do method.

func (*ProjectsServiceAccountsGenerateAccessTokenCall)Do

Do executes the "iamcredentials.projects.serviceAccounts.generateAccessToken" call.Any non-2xx status code is an error. Response headers are in either*GenerateAccessTokenResponse.ServerResponse.Header or (if a response wasreturned at all) in error.(*googleapi.Error).Header. Usegoogleapi.IsNotModified to check whether the returned error was becausehttp.StatusNotModified was returned.

func (*ProjectsServiceAccountsGenerateAccessTokenCall)Fields

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*ProjectsServiceAccountsGenerateAccessTokenCall)Header

Header returns a http.Header that can be modified by the caller to addheaders to the request.

typeProjectsServiceAccountsGenerateIdTokenCall

type ProjectsServiceAccountsGenerateIdTokenCall struct {// contains filtered or unexported fields}

func (*ProjectsServiceAccountsGenerateIdTokenCall)Context

Context sets the context to be used in this call's Do method.

func (*ProjectsServiceAccountsGenerateIdTokenCall)Do

Do executes the "iamcredentials.projects.serviceAccounts.generateIdToken" call.Any non-2xx status code is an error. Response headers are in either*GenerateIdTokenResponse.ServerResponse.Header or (if a response wasreturned at all) in error.(*googleapi.Error).Header. Usegoogleapi.IsNotModified to check whether the returned error was becausehttp.StatusNotModified was returned.

func (*ProjectsServiceAccountsGenerateIdTokenCall)Fields

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*ProjectsServiceAccountsGenerateIdTokenCall)Header

Header returns a http.Header that can be modified by the caller to addheaders to the request.

typeProjectsServiceAccountsGetAllowedLocationsCalladded inv0.204.0

type ProjectsServiceAccountsGetAllowedLocationsCall struct {// contains filtered or unexported fields}

func (*ProjectsServiceAccountsGetAllowedLocationsCall)Contextadded inv0.204.0

Context sets the context to be used in this call's Do method.

func (*ProjectsServiceAccountsGetAllowedLocationsCall)Doadded inv0.204.0

Do executes the "iamcredentials.projects.serviceAccounts.getAllowedLocations" call.Any non-2xx status code is an error. Response headers are in either*ServiceAccountAllowedLocations.ServerResponse.Header or (if a response wasreturned at all) in error.(*googleapi.Error).Header. Usegoogleapi.IsNotModified to check whether the returned error was becausehttp.StatusNotModified was returned.

func (*ProjectsServiceAccountsGetAllowedLocationsCall)Fieldsadded inv0.204.0

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*ProjectsServiceAccountsGetAllowedLocationsCall)Headeradded inv0.204.0

Header returns a http.Header that can be modified by the caller to addheaders to the request.

func (*ProjectsServiceAccountsGetAllowedLocationsCall)IfNoneMatchadded inv0.204.0

IfNoneMatch sets an optional parameter which makes the operation fail if theobject's ETag matches the given value. This is useful for getting updatesonly after the object has changed since the last request.

typeProjectsServiceAccountsService

type ProjectsServiceAccountsService struct {// contains filtered or unexported fields}

funcNewProjectsServiceAccountsService

func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService

func (*ProjectsServiceAccountsService)GenerateAccessToken

GenerateAccessToken: Generates an OAuth 2.0 access token for a serviceaccount.

  • name: The resource name of the service account for which the credentialsare requested, in the following format:`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcardcharacter is required; replacing it with a project ID is invalid.

func (*ProjectsServiceAccountsService)GenerateIdToken

GenerateIdToken: Generates an OpenID Connect ID token for a service account.

  • name: The resource name of the service account for which the credentialsare requested, in the following format:`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcardcharacter is required; replacing it with a project ID is invalid.

func (*ProjectsServiceAccountsService)GetAllowedLocationsadded inv0.204.0

GetAllowedLocations: Returns the trust boundary info for a given serviceaccount.

- name: Resource name of service account.

func (*ProjectsServiceAccountsService)SignBlob

SignBlob: Signs a blob using a service account's system-managed private key.

  • name: The resource name of the service account for which the credentialsare requested, in the following format:`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcardcharacter is required; replacing it with a project ID is invalid.

func (*ProjectsServiceAccountsService)SignJwt

SignJwt: Signs a JWT using a service account's system-managed private key.

  • name: The resource name of the service account for which the credentialsare requested, in the following format:`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcardcharacter is required; replacing it with a project ID is invalid.

typeProjectsServiceAccountsSignBlobCall

type ProjectsServiceAccountsSignBlobCall struct {// contains filtered or unexported fields}

func (*ProjectsServiceAccountsSignBlobCall)Context

Context sets the context to be used in this call's Do method.

func (*ProjectsServiceAccountsSignBlobCall)Do

Do executes the "iamcredentials.projects.serviceAccounts.signBlob" call.Any non-2xx status code is an error. Response headers are in either*SignBlobResponse.ServerResponse.Header or (if a response was returned atall) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified tocheck whether the returned error was because http.StatusNotModified wasreturned.

func (*ProjectsServiceAccountsSignBlobCall)Fields

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*ProjectsServiceAccountsSignBlobCall)Header

Header returns a http.Header that can be modified by the caller to addheaders to the request.

typeProjectsServiceAccountsSignJwtCall

type ProjectsServiceAccountsSignJwtCall struct {// contains filtered or unexported fields}

func (*ProjectsServiceAccountsSignJwtCall)Context

Context sets the context to be used in this call's Do method.

func (*ProjectsServiceAccountsSignJwtCall)Do

Do executes the "iamcredentials.projects.serviceAccounts.signJwt" call.Any non-2xx status code is an error. Response headers are in either*SignJwtResponse.ServerResponse.Header or (if a response was returned atall) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified tocheck whether the returned error was because http.StatusNotModified wasreturned.

func (*ProjectsServiceAccountsSignJwtCall)Fields

Fields allows partial responses to be retrieved. Seehttps://developers.google.com/gdata/docs/2.0/basics#PartialResponse for moredetails.

func (*ProjectsServiceAccountsSignJwtCall)Header

Header returns a http.Header that can be modified by the caller to addheaders to the request.

typeService

type Service struct {BasePathstring// API endpoint base URLUserAgentstring// optional additional User-Agent fragmentLocations *LocationsServiceProjects *ProjectsService// contains filtered or unexported fields}

funcNewdeprecated

func New(client *http.Client) (*Service,error)

New creates a new Service. It uses the provided http.Client for requests.

Deprecated: please use NewService instead.To provide a custom HTTP client, use option.WithHTTPClient.If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.

funcNewServiceadded inv0.3.0

func NewService(ctxcontext.Context, opts ...option.ClientOption) (*Service,error)

NewService creates a new Service.

typeServiceAccountAllowedLocationsadded inv0.204.0

type ServiceAccountAllowedLocations struct {// EncodedLocations: Output only. The hex encoded bitmap of the trust boundary// locationsEncodedLocationsstring `json:"encodedLocations,omitempty"`// Locations: Output only. The human readable trust boundary locations. For// example, ["us-central1", "europe-west1"]Locations []string `json:"locations,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "EncodedLocations") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "EncodedLocations") to include in// API requests with the JSON null value. By default, fields with empty values// are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

ServiceAccountAllowedLocations: Represents a list of allowed locations forgiven service account.

func (ServiceAccountAllowedLocations)MarshalJSONadded inv0.204.0

func (sServiceAccountAllowedLocations) MarshalJSON() ([]byte,error)

typeSignBlobRequest

type SignBlobRequest struct {// Delegates: The sequence of service accounts in a delegation chain. Each// service account must be granted the `roles/iam.serviceAccountTokenCreator`// role on its next service account in the chain. The last service account in// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on// the service account that is specified in the `name` field of the request.// The delegates must have the following format:// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard// character is required; replacing it with a project ID is invalid.Delegates []string `json:"delegates,omitempty"`// Payload: Required. The bytes to sign.Payloadstring `json:"payload,omitempty"`// ForceSendFields is a list of field names (e.g. "Delegates") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "Delegates") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (SignBlobRequest)MarshalJSON

func (sSignBlobRequest) MarshalJSON() ([]byte,error)

typeSignBlobResponse

type SignBlobResponse struct {// KeyId: The ID of the key used to sign the blob. The key used for signing// will remain valid for at least 12 hours after the blob is signed. To verify// the signature, you can retrieve the public key in several formats from the// following endpoints: - RSA public key wrapped in an X.509 v3 certificate:// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}// ` - Raw key in JSON format:// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`//  - JSON Web Key (JWK):// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`KeyIdstring `json:"keyId,omitempty"`// SignedBlob: The signature for the blob. Does not include the original blob.// After the key pair referenced by the `key_id` response field expires, Google// no longer exposes the public key that can be used to verify the blob. As a// result, the receiver can no longer verify the signature.SignedBlobstring `json:"signedBlob,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally// include in API requests. By default, fields with empty or default values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "KeyId") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (SignBlobResponse)MarshalJSON

func (sSignBlobResponse) MarshalJSON() ([]byte,error)

typeSignJwtRequest

type SignJwtRequest struct {// Delegates: The sequence of service accounts in a delegation chain. Each// service account must be granted the `roles/iam.serviceAccountTokenCreator`// role on its next service account in the chain. The last service account in// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on// the service account that is specified in the `name` field of the request.// The delegates must have the following format:// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard// character is required; replacing it with a project ID is invalid.Delegates []string `json:"delegates,omitempty"`// Payload: Required. The JWT payload to sign. Must be a serialized JSON object// that contains a JWT Claims Set. For example: `{"sub": "user@example.com",// "iat": 313435}` If the JWT Claims Set contains an expiration time (`exp`)// claim, it must be an integer timestamp that is not in the past and no more// than 12 hours in the future.Payloadstring `json:"payload,omitempty"`// ForceSendFields is a list of field names (e.g. "Delegates") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "Delegates") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (SignJwtRequest)MarshalJSON

func (sSignJwtRequest) MarshalJSON() ([]byte,error)

typeSignJwtResponse

type SignJwtResponse struct {// KeyId: The ID of the key used to sign the JWT. The key used for signing will// remain valid for at least 12 hours after the JWT is signed. To verify the// signature, you can retrieve the public key in several formats from the// following endpoints: - RSA public key wrapped in an X.509 v3 certificate:// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}// ` - Raw key in JSON format:// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`//  - JSON Web Key (JWK):// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`KeyIdstring `json:"keyId,omitempty"`// SignedJwt: The signed JWT. Contains the automatically generated header; the// client-supplied payload; and the signature, which is generated using the key// referenced by the `kid` field in the header. After the key pair referenced// by the `key_id` response field expires, Google no longer exposes the public// key that can be used to verify the JWT. As a result, the receiver can no// longer verify the signature.SignedJwtstring `json:"signedJwt,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally// include in API requests. By default, fields with empty or default values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "KeyId") to include in API// requests with the JSON null value. By default, fields with empty values are// omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

func (SignJwtResponse)MarshalJSON

func (sSignJwtResponse) MarshalJSON() ([]byte,error)

typeWorkforcePoolAllowedLocationsadded inv0.231.0

type WorkforcePoolAllowedLocations struct {// EncodedLocations: Output only. The hex encoded bitmap of the trust boundary// locationsEncodedLocationsstring `json:"encodedLocations,omitempty"`// Locations: Output only. The human readable trust boundary locations. For// example, ["us-central1", "europe-west1"]Locations []string `json:"locations,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "EncodedLocations") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "EncodedLocations") to include in// API requests with the JSON null value. By default, fields with empty values// are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

WorkforcePoolAllowedLocations: Represents a list of allowed locations forgiven workforce pool.

func (WorkforcePoolAllowedLocations)MarshalJSONadded inv0.231.0

func (sWorkforcePoolAllowedLocations) MarshalJSON() ([]byte,error)

typeWorkloadIdentityPoolAllowedLocationsadded inv0.231.0

type WorkloadIdentityPoolAllowedLocations struct {// EncodedLocations: Output only. The hex encoded bitmap of the trust boundary// locationsEncodedLocationsstring `json:"encodedLocations,omitempty"`// Locations: Output only. The human readable trust boundary locations. For// example, ["us-central1", "europe-west1"]Locations []string `json:"locations,omitempty"`// ServerResponse contains the HTTP response code and headers from the server.googleapi.ServerResponse `json:"-"`// ForceSendFields is a list of field names (e.g. "EncodedLocations") to// unconditionally include in API requests. By default, fields with empty or// default values are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more// details.ForceSendFields []string `json:"-"`// NullFields is a list of field names (e.g. "EncodedLocations") to include in// API requests with the JSON null value. By default, fields with empty values// are omitted from API requests. See//https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.NullFields []string `json:"-"`}

WorkloadIdentityPoolAllowedLocations: Represents a list of allowed locationsfor given workload identity pool.

func (WorkloadIdentityPoolAllowedLocations)MarshalJSONadded inv0.231.0

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp