| // Code generated by protoc-gen-go. DO NOT EDIT. |
| // source: google/iam/credentials/v1/common.proto |
| |
| package credentials |
| |
| import ( |
| fmt "fmt" |
| proto "github.com/golang/protobuf/proto" |
| duration "github.com/golang/protobuf/ptypes/duration" |
| timestamp "github.com/golang/protobuf/ptypes/timestamp" |
| math "math" |
| ) |
| |
| // Reference imports to suppress errors if they are not otherwise used. |
| var _ = proto.Marshal |
| var _ = fmt.Errorf |
| var _ = math.Inf |
| |
| // This is a compile-time assertion to ensure that this generated file |
| // is compatible with the proto package it is being compiled against. |
| // A compilation error at this line likely means your copy of the |
| // proto package needs to be updated. |
| const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package |
| |
| type GenerateAccessTokenRequest struct { |
| // The resource name of the service account for which the credentials |
| // are requested, in the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // The sequence of service accounts in a delegation chain. Each service |
| // account must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on its next service account in the chain. The last service account in the |
| // chain must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on the service account that is specified in the `name` field of the |
| // request. |
| // |
| // The delegates must have the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}` |
| Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"` |
| // Code to identify the scopes to be included in the OAuth 2.0 access token. |
| // See https://developers.google.com/identity/protocols/googlescopes for more |
| // information. |
| // At least one value required. |
| Scope []string `protobuf:"bytes,4,rep,name=scope,proto3" json:"scope,omitempty"` |
| // The desired lifetime duration of the access token in seconds. |
| // Must be set to a value less than or equal to 3600 (1 hour). If a value is |
| // not specified, the token's lifetime will be set to a default value of one |
| // hour. |
| Lifetime *duration.Duration `protobuf:"bytes,7,opt,name=lifetime,proto3" json:"lifetime,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *GenerateAccessTokenRequest) Reset() { *m = GenerateAccessTokenRequest{} } |
| func (m *GenerateAccessTokenRequest) String() string { return proto.CompactTextString(m) } |
| func (*GenerateAccessTokenRequest) ProtoMessage() {} |
| func (*GenerateAccessTokenRequest) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{0} |
| } |
| |
| func (m *GenerateAccessTokenRequest) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_GenerateAccessTokenRequest.Unmarshal(m, b) |
| } |
| func (m *GenerateAccessTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_GenerateAccessTokenRequest.Marshal(b, m, deterministic) |
| } |
| func (m *GenerateAccessTokenRequest) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_GenerateAccessTokenRequest.Merge(m, src) |
| } |
| func (m *GenerateAccessTokenRequest) XXX_Size() int { |
| return xxx_messageInfo_GenerateAccessTokenRequest.Size(m) |
| } |
| func (m *GenerateAccessTokenRequest) XXX_DiscardUnknown() { |
| xxx_messageInfo_GenerateAccessTokenRequest.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_GenerateAccessTokenRequest proto.InternalMessageInfo |
| |
| func (m *GenerateAccessTokenRequest) GetName() string { |
| if m != nil { |
| return m.Name |
| } |
| return "" |
| } |
| |
| func (m *GenerateAccessTokenRequest) GetDelegates() []string { |
| if m != nil { |
| return m.Delegates |
| } |
| return nil |
| } |
| |
| func (m *GenerateAccessTokenRequest) GetScope() []string { |
| if m != nil { |
| return m.Scope |
| } |
| return nil |
| } |
| |
| func (m *GenerateAccessTokenRequest) GetLifetime() *duration.Duration { |
| if m != nil { |
| return m.Lifetime |
| } |
| return nil |
| } |
| |
| type GenerateAccessTokenResponse struct { |
| // The OAuth 2.0 access token. |
| AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` |
| // Token expiration time. |
| // The expiration time is always set. |
| ExpireTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *GenerateAccessTokenResponse) Reset() { *m = GenerateAccessTokenResponse{} } |
| func (m *GenerateAccessTokenResponse) String() string { return proto.CompactTextString(m) } |
| func (*GenerateAccessTokenResponse) ProtoMessage() {} |
| func (*GenerateAccessTokenResponse) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{1} |
| } |
| |
| func (m *GenerateAccessTokenResponse) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_GenerateAccessTokenResponse.Unmarshal(m, b) |
| } |
| func (m *GenerateAccessTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_GenerateAccessTokenResponse.Marshal(b, m, deterministic) |
| } |
| func (m *GenerateAccessTokenResponse) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_GenerateAccessTokenResponse.Merge(m, src) |
| } |
| func (m *GenerateAccessTokenResponse) XXX_Size() int { |
| return xxx_messageInfo_GenerateAccessTokenResponse.Size(m) |
| } |
| func (m *GenerateAccessTokenResponse) XXX_DiscardUnknown() { |
| xxx_messageInfo_GenerateAccessTokenResponse.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_GenerateAccessTokenResponse proto.InternalMessageInfo |
| |
| func (m *GenerateAccessTokenResponse) GetAccessToken() string { |
| if m != nil { |
| return m.AccessToken |
| } |
| return "" |
| } |
| |
| func (m *GenerateAccessTokenResponse) GetExpireTime() *timestamp.Timestamp { |
| if m != nil { |
| return m.ExpireTime |
| } |
| return nil |
| } |
| |
| type SignBlobRequest struct { |
| // The resource name of the service account for which the credentials |
| // are requested, in the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // The sequence of service accounts in a delegation chain. Each service |
| // account must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on its next service account in the chain. The last service account in the |
| // chain must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on the service account that is specified in the `name` field of the |
| // request. |
| // |
| // The delegates must have the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}` |
| Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"` |
| // The bytes to sign. |
| Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *SignBlobRequest) Reset() { *m = SignBlobRequest{} } |
| func (m *SignBlobRequest) String() string { return proto.CompactTextString(m) } |
| func (*SignBlobRequest) ProtoMessage() {} |
| func (*SignBlobRequest) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{2} |
| } |
| |
| func (m *SignBlobRequest) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_SignBlobRequest.Unmarshal(m, b) |
| } |
| func (m *SignBlobRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_SignBlobRequest.Marshal(b, m, deterministic) |
| } |
| func (m *SignBlobRequest) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_SignBlobRequest.Merge(m, src) |
| } |
| func (m *SignBlobRequest) XXX_Size() int { |
| return xxx_messageInfo_SignBlobRequest.Size(m) |
| } |
| func (m *SignBlobRequest) XXX_DiscardUnknown() { |
| xxx_messageInfo_SignBlobRequest.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_SignBlobRequest proto.InternalMessageInfo |
| |
| func (m *SignBlobRequest) GetName() string { |
| if m != nil { |
| return m.Name |
| } |
| return "" |
| } |
| |
| func (m *SignBlobRequest) GetDelegates() []string { |
| if m != nil { |
| return m.Delegates |
| } |
| return nil |
| } |
| |
| func (m *SignBlobRequest) GetPayload() []byte { |
| if m != nil { |
| return m.Payload |
| } |
| return nil |
| } |
| |
| type SignBlobResponse struct { |
| // The ID of the key used to sign the blob. |
| KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` |
| // The signed blob. |
| SignedBlob []byte `protobuf:"bytes,4,opt,name=signed_blob,json=signedBlob,proto3" json:"signed_blob,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *SignBlobResponse) Reset() { *m = SignBlobResponse{} } |
| func (m *SignBlobResponse) String() string { return proto.CompactTextString(m) } |
| func (*SignBlobResponse) ProtoMessage() {} |
| func (*SignBlobResponse) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{3} |
| } |
| |
| func (m *SignBlobResponse) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_SignBlobResponse.Unmarshal(m, b) |
| } |
| func (m *SignBlobResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_SignBlobResponse.Marshal(b, m, deterministic) |
| } |
| func (m *SignBlobResponse) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_SignBlobResponse.Merge(m, src) |
| } |
| func (m *SignBlobResponse) XXX_Size() int { |
| return xxx_messageInfo_SignBlobResponse.Size(m) |
| } |
| func (m *SignBlobResponse) XXX_DiscardUnknown() { |
| xxx_messageInfo_SignBlobResponse.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_SignBlobResponse proto.InternalMessageInfo |
| |
| func (m *SignBlobResponse) GetKeyId() string { |
| if m != nil { |
| return m.KeyId |
| } |
| return "" |
| } |
| |
| func (m *SignBlobResponse) GetSignedBlob() []byte { |
| if m != nil { |
| return m.SignedBlob |
| } |
| return nil |
| } |
| |
| type SignJwtRequest struct { |
| // The resource name of the service account for which the credentials |
| // are requested, in the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // The sequence of service accounts in a delegation chain. Each service |
| // account must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on its next service account in the chain. The last service account in the |
| // chain must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on the service account that is specified in the `name` field of the |
| // request. |
| // |
| // The delegates must have the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}` |
| Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"` |
| // The JWT payload to sign: a JSON object that contains a JWT Claims Set. |
| Payload string `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *SignJwtRequest) Reset() { *m = SignJwtRequest{} } |
| func (m *SignJwtRequest) String() string { return proto.CompactTextString(m) } |
| func (*SignJwtRequest) ProtoMessage() {} |
| func (*SignJwtRequest) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{4} |
| } |
| |
| func (m *SignJwtRequest) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_SignJwtRequest.Unmarshal(m, b) |
| } |
| func (m *SignJwtRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_SignJwtRequest.Marshal(b, m, deterministic) |
| } |
| func (m *SignJwtRequest) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_SignJwtRequest.Merge(m, src) |
| } |
| func (m *SignJwtRequest) XXX_Size() int { |
| return xxx_messageInfo_SignJwtRequest.Size(m) |
| } |
| func (m *SignJwtRequest) XXX_DiscardUnknown() { |
| xxx_messageInfo_SignJwtRequest.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_SignJwtRequest proto.InternalMessageInfo |
| |
| func (m *SignJwtRequest) GetName() string { |
| if m != nil { |
| return m.Name |
| } |
| return "" |
| } |
| |
| func (m *SignJwtRequest) GetDelegates() []string { |
| if m != nil { |
| return m.Delegates |
| } |
| return nil |
| } |
| |
| func (m *SignJwtRequest) GetPayload() string { |
| if m != nil { |
| return m.Payload |
| } |
| return "" |
| } |
| |
| type SignJwtResponse struct { |
| // The ID of the key used to sign the JWT. |
| KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` |
| // The signed JWT. |
| SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *SignJwtResponse) Reset() { *m = SignJwtResponse{} } |
| func (m *SignJwtResponse) String() string { return proto.CompactTextString(m) } |
| func (*SignJwtResponse) ProtoMessage() {} |
| func (*SignJwtResponse) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{5} |
| } |
| |
| func (m *SignJwtResponse) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_SignJwtResponse.Unmarshal(m, b) |
| } |
| func (m *SignJwtResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_SignJwtResponse.Marshal(b, m, deterministic) |
| } |
| func (m *SignJwtResponse) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_SignJwtResponse.Merge(m, src) |
| } |
| func (m *SignJwtResponse) XXX_Size() int { |
| return xxx_messageInfo_SignJwtResponse.Size(m) |
| } |
| func (m *SignJwtResponse) XXX_DiscardUnknown() { |
| xxx_messageInfo_SignJwtResponse.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_SignJwtResponse proto.InternalMessageInfo |
| |
| func (m *SignJwtResponse) GetKeyId() string { |
| if m != nil { |
| return m.KeyId |
| } |
| return "" |
| } |
| |
| func (m *SignJwtResponse) GetSignedJwt() string { |
| if m != nil { |
| return m.SignedJwt |
| } |
| return "" |
| } |
| |
| type GenerateIdTokenRequest struct { |
| // The resource name of the service account for which the credentials |
| // are requested, in the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // The sequence of service accounts in a delegation chain. Each service |
| // account must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on its next service account in the chain. The last service account in the |
| // chain must be granted the `roles/iam.serviceAccountTokenCreator` role |
| // on the service account that is specified in the `name` field of the |
| // request. |
| // |
| // The delegates must have the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}` |
| Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"` |
| // The audience for the token, such as the API or account that this token |
| // grants access to. |
| Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"` |
| // Include the service account email in the token. If set to `true`, the |
| // token will contain `email` and `email_verified` claims. |
| IncludeEmail bool `protobuf:"varint,4,opt,name=include_email,json=includeEmail,proto3" json:"include_email,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *GenerateIdTokenRequest) Reset() { *m = GenerateIdTokenRequest{} } |
| func (m *GenerateIdTokenRequest) String() string { return proto.CompactTextString(m) } |
| func (*GenerateIdTokenRequest) ProtoMessage() {} |
| func (*GenerateIdTokenRequest) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{6} |
| } |
| |
| func (m *GenerateIdTokenRequest) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_GenerateIdTokenRequest.Unmarshal(m, b) |
| } |
| func (m *GenerateIdTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_GenerateIdTokenRequest.Marshal(b, m, deterministic) |
| } |
| func (m *GenerateIdTokenRequest) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_GenerateIdTokenRequest.Merge(m, src) |
| } |
| func (m *GenerateIdTokenRequest) XXX_Size() int { |
| return xxx_messageInfo_GenerateIdTokenRequest.Size(m) |
| } |
| func (m *GenerateIdTokenRequest) XXX_DiscardUnknown() { |
| xxx_messageInfo_GenerateIdTokenRequest.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_GenerateIdTokenRequest proto.InternalMessageInfo |
| |
| func (m *GenerateIdTokenRequest) GetName() string { |
| if m != nil { |
| return m.Name |
| } |
| return "" |
| } |
| |
| func (m *GenerateIdTokenRequest) GetDelegates() []string { |
| if m != nil { |
| return m.Delegates |
| } |
| return nil |
| } |
| |
| func (m *GenerateIdTokenRequest) GetAudience() string { |
| if m != nil { |
| return m.Audience |
| } |
| return "" |
| } |
| |
| func (m *GenerateIdTokenRequest) GetIncludeEmail() bool { |
| if m != nil { |
| return m.IncludeEmail |
| } |
| return false |
| } |
| |
| type GenerateIdTokenResponse struct { |
| // The OpenId Connect ID token. |
| Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *GenerateIdTokenResponse) Reset() { *m = GenerateIdTokenResponse{} } |
| func (m *GenerateIdTokenResponse) String() string { return proto.CompactTextString(m) } |
| func (*GenerateIdTokenResponse) ProtoMessage() {} |
| func (*GenerateIdTokenResponse) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{7} |
| } |
| |
| func (m *GenerateIdTokenResponse) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_GenerateIdTokenResponse.Unmarshal(m, b) |
| } |
| func (m *GenerateIdTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_GenerateIdTokenResponse.Marshal(b, m, deterministic) |
| } |
| func (m *GenerateIdTokenResponse) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_GenerateIdTokenResponse.Merge(m, src) |
| } |
| func (m *GenerateIdTokenResponse) XXX_Size() int { |
| return xxx_messageInfo_GenerateIdTokenResponse.Size(m) |
| } |
| func (m *GenerateIdTokenResponse) XXX_DiscardUnknown() { |
| xxx_messageInfo_GenerateIdTokenResponse.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_GenerateIdTokenResponse proto.InternalMessageInfo |
| |
| func (m *GenerateIdTokenResponse) GetToken() string { |
| if m != nil { |
| return m.Token |
| } |
| return "" |
| } |
| |
| type GenerateIdentityBindingAccessTokenRequest struct { |
| // The resource name of the service account for which the credentials |
| // are requested, in the following format: |
| // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // Code to identify the scopes to be included in the OAuth 2.0 access token. |
| // See https://developers.google.com/identity/protocols/googlescopes for more |
| // information. |
| // At least one value required. |
| Scope []string `protobuf:"bytes,2,rep,name=scope,proto3" json:"scope,omitempty"` |
| // Required. Input token. |
| // Must be in JWT format according to |
| // RFC7523 (https://tools.ietf.org/html/rfc7523) |
| // and must have 'kid' field in the header. |
| // Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon). |
| // Mandatory payload fields (along the lines of RFC 7523, section 3): |
| // - iss: issuer of the token. Must provide a discovery document at |
| // $iss/.well-known/openid-configuration . The document needs to be |
| // formatted according to section 4.2 of the OpenID Connect Discovery |
| // 1.0 specification. |
| // - iat: Issue time in seconds since epoch. Must be in the past. |
| // - exp: Expiration time in seconds since epoch. Must be less than 48 hours |
| // after iat. We recommend to create tokens that last shorter than 6 |
| // hours to improve security unless business reasons mandate longer |
| // expiration times. Shorter token lifetimes are generally more secure |
| // since tokens that have been exfiltrated by attackers can be used for |
| // a shorter time. you can configure the maximum lifetime of the |
| // incoming token in the configuration of the mapper. |
| // The resulting Google token will expire within an hour or at "exp", |
| // whichever is earlier. |
| // - sub: JWT subject, identity asserted in the JWT. |
| // - aud: Configured in the mapper policy. By default the service account |
| // email. |
| // |
| // Claims from the incoming token can be transferred into the output token |
| // accoding to the mapper configuration. The outgoing claim size is limited. |
| // Outgoing claims size must be less than 4kB serialized as JSON without |
| // whitespace. |
| // |
| // Example header: |
| // { |
| // "alg": "RS256", |
| // "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8" |
| // } |
| // Example payload: |
| // { |
| // "iss": "https://accounts.google.com", |
| // "iat": 1517963104, |
| // "exp": 1517966704, |
| // "aud": "https://iamcredentials.googleapis.com/", |
| // "sub": "113475438248934895348", |
| // "my_claims": { |
| // "additional_claim": "value" |
| // } |
| // } |
| Jwt string `protobuf:"bytes,3,opt,name=jwt,proto3" json:"jwt,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenRequest) Reset() { |
| *m = GenerateIdentityBindingAccessTokenRequest{} |
| } |
| func (m *GenerateIdentityBindingAccessTokenRequest) String() string { return proto.CompactTextString(m) } |
| func (*GenerateIdentityBindingAccessTokenRequest) ProtoMessage() {} |
| func (*GenerateIdentityBindingAccessTokenRequest) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{8} |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenRequest) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_GenerateIdentityBindingAccessTokenRequest.Unmarshal(m, b) |
| } |
| func (m *GenerateIdentityBindingAccessTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_GenerateIdentityBindingAccessTokenRequest.Marshal(b, m, deterministic) |
| } |
| func (m *GenerateIdentityBindingAccessTokenRequest) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_GenerateIdentityBindingAccessTokenRequest.Merge(m, src) |
| } |
| func (m *GenerateIdentityBindingAccessTokenRequest) XXX_Size() int { |
| return xxx_messageInfo_GenerateIdentityBindingAccessTokenRequest.Size(m) |
| } |
| func (m *GenerateIdentityBindingAccessTokenRequest) XXX_DiscardUnknown() { |
| xxx_messageInfo_GenerateIdentityBindingAccessTokenRequest.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_GenerateIdentityBindingAccessTokenRequest proto.InternalMessageInfo |
| |
| func (m *GenerateIdentityBindingAccessTokenRequest) GetName() string { |
| if m != nil { |
| return m.Name |
| } |
| return "" |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenRequest) GetScope() []string { |
| if m != nil { |
| return m.Scope |
| } |
| return nil |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenRequest) GetJwt() string { |
| if m != nil { |
| return m.Jwt |
| } |
| return "" |
| } |
| |
| type GenerateIdentityBindingAccessTokenResponse struct { |
| // The OAuth 2.0 access token. |
| AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` |
| // Token expiration time. |
| // The expiration time is always set. |
| ExpireTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenResponse) Reset() { |
| *m = GenerateIdentityBindingAccessTokenResponse{} |
| } |
| func (m *GenerateIdentityBindingAccessTokenResponse) String() string { |
| return proto.CompactTextString(m) |
| } |
| func (*GenerateIdentityBindingAccessTokenResponse) ProtoMessage() {} |
| func (*GenerateIdentityBindingAccessTokenResponse) Descriptor() ([]byte, []int) { |
| return fileDescriptor_e91212214ea1422e, []int{9} |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenResponse) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_GenerateIdentityBindingAccessTokenResponse.Unmarshal(m, b) |
| } |
| func (m *GenerateIdentityBindingAccessTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_GenerateIdentityBindingAccessTokenResponse.Marshal(b, m, deterministic) |
| } |
| func (m *GenerateIdentityBindingAccessTokenResponse) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_GenerateIdentityBindingAccessTokenResponse.Merge(m, src) |
| } |
| func (m *GenerateIdentityBindingAccessTokenResponse) XXX_Size() int { |
| return xxx_messageInfo_GenerateIdentityBindingAccessTokenResponse.Size(m) |
| } |
| func (m *GenerateIdentityBindingAccessTokenResponse) XXX_DiscardUnknown() { |
| xxx_messageInfo_GenerateIdentityBindingAccessTokenResponse.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_GenerateIdentityBindingAccessTokenResponse proto.InternalMessageInfo |
| |
| func (m *GenerateIdentityBindingAccessTokenResponse) GetAccessToken() string { |
| if m != nil { |
| return m.AccessToken |
| } |
| return "" |
| } |
| |
| func (m *GenerateIdentityBindingAccessTokenResponse) GetExpireTime() *timestamp.Timestamp { |
| if m != nil { |
| return m.ExpireTime |
| } |
| return nil |
| } |
| |
| func init() { |
| proto.RegisterType((*GenerateAccessTokenRequest)(nil), "google.iam.credentials.v1.GenerateAccessTokenRequest") |
| proto.RegisterType((*GenerateAccessTokenResponse)(nil), "google.iam.credentials.v1.GenerateAccessTokenResponse") |
| proto.RegisterType((*SignBlobRequest)(nil), "google.iam.credentials.v1.SignBlobRequest") |
| proto.RegisterType((*SignBlobResponse)(nil), "google.iam.credentials.v1.SignBlobResponse") |
| proto.RegisterType((*SignJwtRequest)(nil), "google.iam.credentials.v1.SignJwtRequest") |
| proto.RegisterType((*SignJwtResponse)(nil), "google.iam.credentials.v1.SignJwtResponse") |
| proto.RegisterType((*GenerateIdTokenRequest)(nil), "google.iam.credentials.v1.GenerateIdTokenRequest") |
| proto.RegisterType((*GenerateIdTokenResponse)(nil), "google.iam.credentials.v1.GenerateIdTokenResponse") |
| proto.RegisterType((*GenerateIdentityBindingAccessTokenRequest)(nil), "google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest") |
| proto.RegisterType((*GenerateIdentityBindingAccessTokenResponse)(nil), "google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse") |
| } |
| |
| func init() { |
| proto.RegisterFile("google/iam/credentials/v1/common.proto", fileDescriptor_e91212214ea1422e) |
| } |
| |
| var fileDescriptor_e91212214ea1422e = []byte{ |
| // 560 bytes of a gzipped FileDescriptorProto |
| 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0x4d, 0x6f, 0xd3, 0x4c, |
| 0x10, 0x96, 0xf3, 0xd1, 0xc6, 0x93, 0xbc, 0x2f, 0x95, 0x55, 0xc0, 0x09, 0x94, 0x06, 0x23, 0xa1, |
| 0xc0, 0xc1, 0x56, 0x41, 0x9c, 0x7a, 0x6a, 0x5a, 0x54, 0x25, 0x12, 0x52, 0x65, 0x7a, 0x42, 0x20, |
| 0x6b, 0x63, 0x4f, 0xad, 0x25, 0xf6, 0xae, 0xf1, 0x6e, 0x1a, 0x72, 0xe0, 0xc8, 0x09, 0xfe, 0x01, |
| 0x7f, 0x94, 0x23, 0xf2, 0xae, 0x13, 0x47, 0x6d, 0x41, 0xe1, 0xe3, 0xb6, 0xf3, 0xcc, 0xc7, 0xf3, |
| 0xcc, 0xec, 0xce, 0xc2, 0xe3, 0x98, 0xf3, 0x38, 0x41, 0x8f, 0x92, 0xd4, 0x0b, 0x73, 0x8c, 0x90, |
| 0x49, 0x4a, 0x12, 0xe1, 0x5d, 0x1e, 0x78, 0x21, 0x4f, 0x53, 0xce, 0xdc, 0x2c, 0xe7, 0x92, 0x5b, |
| 0x5d, 0x1d, 0xe7, 0x52, 0x92, 0xba, 0x6b, 0x71, 0xee, 0xe5, 0x41, 0xef, 0x41, 0x59, 0x42, 0x05, |
| 0x4e, 0x66, 0x17, 0x5e, 0x34, 0xcb, 0x89, 0xa4, 0xcb, 0xd4, 0xde, 0xfe, 0x55, 0xbf, 0xa4, 0x29, |
| 0x0a, 0x49, 0xd2, 0x4c, 0x07, 0x38, 0xdf, 0x0c, 0xe8, 0x9d, 0x22, 0xc3, 0x9c, 0x48, 0x3c, 0x0a, |
| 0x43, 0x14, 0xe2, 0x9c, 0x4f, 0x91, 0xf9, 0xf8, 0x61, 0x86, 0x42, 0x5a, 0x16, 0x34, 0x18, 0x49, |
| 0xd1, 0x36, 0xfa, 0xc6, 0xc0, 0xf4, 0xd5, 0xd9, 0xba, 0x0f, 0x66, 0x84, 0x09, 0xc6, 0x44, 0xa2, |
| 0xb0, 0x6b, 0xfd, 0xfa, 0xc0, 0xf4, 0x2b, 0xc0, 0xda, 0x85, 0xa6, 0x08, 0x79, 0x86, 0x76, 0x43, |
| 0x79, 0xb4, 0x61, 0xbd, 0x80, 0x56, 0x42, 0x2f, 0xb0, 0x60, 0xb7, 0xb7, 0xfb, 0xc6, 0xa0, 0xfd, |
| 0xac, 0xeb, 0x96, 0x5d, 0x2d, 0xa5, 0xb9, 0x27, 0xa5, 0x74, 0x7f, 0x15, 0xea, 0x7c, 0x82, 0x7b, |
| 0x37, 0x8a, 0x13, 0x19, 0x67, 0x02, 0xad, 0x87, 0xd0, 0x21, 0x0a, 0x0e, 0x64, 0x81, 0x97, 0x2a, |
| 0xdb, 0xa4, 0x0a, 0xb5, 0x0e, 0xa1, 0x8d, 0x1f, 0x33, 0x9a, 0x63, 0xa0, 0xb8, 0xeb, 0x8a, 0xbb, |
| 0x77, 0x8d, 0xfb, 0x7c, 0x39, 0x16, 0x1f, 0x74, 0x78, 0x01, 0x38, 0xef, 0xe0, 0xd6, 0x6b, 0x1a, |
| 0xb3, 0x61, 0xc2, 0x27, 0x1b, 0x0f, 0xa4, 0x7e, 0x75, 0x20, 0x36, 0x6c, 0x67, 0x64, 0x91, 0x70, |
| 0x12, 0xd9, 0xcd, 0xbe, 0x31, 0xe8, 0xf8, 0x4b, 0xd3, 0x19, 0xc3, 0x4e, 0x55, 0xbe, 0x6c, 0xe9, |
| 0x36, 0x6c, 0x4d, 0x71, 0x11, 0xd0, 0xa8, 0x64, 0x68, 0x4e, 0x71, 0x31, 0x8a, 0xac, 0x7d, 0x68, |
| 0x0b, 0x1a, 0x33, 0x8c, 0x82, 0x49, 0xc2, 0x27, 0x76, 0x43, 0x15, 0x02, 0x0d, 0x15, 0xf9, 0xce, |
| 0x5b, 0xf8, 0xbf, 0xa8, 0x35, 0x9e, 0xcb, 0x7f, 0xa6, 0xd4, 0xac, 0x94, 0x9e, 0xea, 0x41, 0xa8, |
| 0xea, 0xbf, 0x16, 0xba, 0x07, 0xa5, 0xaa, 0xe0, 0xfd, 0x5c, 0xda, 0x35, 0xe5, 0x32, 0x35, 0x32, |
| 0x9e, 0x4b, 0xe7, 0x8b, 0x01, 0x77, 0x96, 0x37, 0x3a, 0x8a, 0xfe, 0xf2, 0xa9, 0xf5, 0xa0, 0x45, |
| 0x66, 0x11, 0x45, 0x16, 0xea, 0x8b, 0x35, 0xfd, 0x95, 0x6d, 0x3d, 0x82, 0xff, 0x28, 0x0b, 0x93, |
| 0x59, 0x84, 0x01, 0xa6, 0x84, 0x26, 0x6a, 0x64, 0x2d, 0xbf, 0x53, 0x82, 0x2f, 0x0b, 0xcc, 0xf1, |
| 0xe0, 0xee, 0x35, 0x31, 0x65, 0x7b, 0xbb, 0xd0, 0x5c, 0x7f, 0x53, 0xda, 0x70, 0x62, 0x78, 0x52, |
| 0x25, 0x14, 0x6b, 0x28, 0x17, 0x43, 0xca, 0x22, 0xca, 0xe2, 0x0d, 0x77, 0x67, 0xb5, 0x1d, 0xb5, |
| 0xf5, 0xed, 0xd8, 0x81, 0x7a, 0x31, 0x2d, 0xdd, 0x43, 0x71, 0x74, 0xbe, 0x1a, 0xf0, 0x74, 0x13, |
| 0xa6, 0x3f, 0x5e, 0x84, 0xda, 0xef, 0x2c, 0xc2, 0xf0, 0xb3, 0x01, 0x7b, 0x21, 0x4f, 0xdd, 0x9f, |
| 0x7e, 0x44, 0xc3, 0xee, 0xe8, 0xe8, 0xd5, 0x71, 0x05, 0x1d, 0xab, 0xff, 0xeb, 0xac, 0xa8, 0x7a, |
| 0x66, 0xbc, 0x39, 0x29, 0xf3, 0x62, 0x9e, 0x10, 0x16, 0xbb, 0x3c, 0x8f, 0xbd, 0x18, 0x99, 0xe2, |
| 0xf4, 0xb4, 0x8b, 0x64, 0x54, 0xdc, 0xf0, 0x0f, 0x1e, 0xae, 0x99, 0xdf, 0x0d, 0x63, 0xb2, 0xa5, |
| 0x72, 0x9e, 0xff, 0x08, 0x00, 0x00, 0xff, 0xff, 0x19, 0x24, 0xb3, 0xc7, 0x3a, 0x05, 0x00, 0x00, |
| } |