package credentialspb

const (
	IAMCredentials_GenerateAccessToken_FullMethodName = "/google.iam.credentials.v1.IAMCredentials/GenerateAccessToken"
	IAMCredentials_GenerateIdToken_FullMethodName     = "/google.iam.credentials.v1.IAMCredentials/GenerateIdToken"
	IAMCredentials_SignBlob_FullMethodName            = "/google.iam.credentials.v1.IAMCredentials/SignBlob"
	IAMCredentials_SignJwt_FullMethodName             = "/google.iam.credentials.v1.IAMCredentials/SignJwt"
)

Variables ¶

var File_google_iam_credentials_v1_common_proto protoreflect.FileDescriptor

var File_google_iam_credentials_v1_iamcredentials_proto protoreflect.FileDescriptor

var IAMCredentials_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "google.iam.credentials.v1.IAMCredentials",
	HandlerType: (*IAMCredentialsServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GenerateAccessToken",
			Handler:    _IAMCredentials_GenerateAccessToken_Handler,
		},
		{
			MethodName: "GenerateIdToken",
			Handler:    _IAMCredentials_GenerateIdToken_Handler,
		},
		{
			MethodName: "SignBlob",
			Handler:    _IAMCredentials_SignBlob_Handler,
		},
		{
			MethodName: "SignJwt",
			Handler:    _IAMCredentials_SignJwt_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "google/iam/credentials/v1/iamcredentials.proto",
}

IAMCredentials_ServiceDesc is the grpc.ServiceDesc for IAMCredentials service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions ¶

func RegisterIAMCredentialsServer ¶

func RegisterIAMCredentialsServer(s grpc.ServiceRegistrar, srv IAMCredentialsServer)

Types ¶

type GenerateAccessTokenRequest ¶

type GenerateAccessTokenRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
	// See https://developers.google.com/identity/protocols/googlescopes for more
	// information.
	// At least one value required.
	Scope []string `protobuf:"bytes,4,rep,name=scope,proto3" json:"scope,omitempty"`
	// The desired lifetime duration of the access token in seconds.
	// Must be set to a value less than or equal to 3600 (1 hour). If a value is
	// not specified, the token's lifetime will be set to a default value of one
	// hour.
	Lifetime *durationpb.Duration `protobuf:"bytes,7,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateAccessTokenRequest) Descriptor ¶

func (*GenerateAccessTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateAccessTokenRequest.ProtoReflect.Descriptor instead.

func (*GenerateAccessTokenRequest) GetDelegates ¶

func (x *GenerateAccessTokenRequest) GetDelegates() []string

func (*GenerateAccessTokenRequest) GetLifetime ¶

func (x *GenerateAccessTokenRequest) GetLifetime() *durationpb.Duration

func (*GenerateAccessTokenRequest) GetName ¶

func (x *GenerateAccessTokenRequest) GetName() string

func (*GenerateAccessTokenRequest) GetScope ¶

func (x *GenerateAccessTokenRequest) GetScope() []string

func (*GenerateAccessTokenRequest) ProtoMessage ¶

func (*GenerateAccessTokenRequest) ProtoMessage()

func (*GenerateAccessTokenRequest) ProtoReflect ¶

func (x *GenerateAccessTokenRequest) ProtoReflect() protoreflect.Message

func (*GenerateAccessTokenRequest) Reset ¶

func (x *GenerateAccessTokenRequest) Reset()

func (*GenerateAccessTokenRequest) String ¶

func (x *GenerateAccessTokenRequest) String() string

type GenerateAccessTokenResponse ¶

type GenerateAccessTokenResponse struct {

	// The OAuth 2.0 access token.
	AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// Token expiration time.
	// The expiration time is always set.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateAccessTokenResponse) Descriptor ¶

func (*GenerateAccessTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateAccessTokenResponse.ProtoReflect.Descriptor instead.

func (*GenerateAccessTokenResponse) GetAccessToken ¶

func (x *GenerateAccessTokenResponse) GetAccessToken() string

func (*GenerateAccessTokenResponse) GetExpireTime ¶

func (x *GenerateAccessTokenResponse) GetExpireTime() *timestamppb.Timestamp

func (*GenerateAccessTokenResponse) ProtoMessage ¶

func (*GenerateAccessTokenResponse) ProtoMessage()

func (*GenerateAccessTokenResponse) ProtoReflect ¶

func (x *GenerateAccessTokenResponse) ProtoReflect() protoreflect.Message

func (*GenerateAccessTokenResponse) Reset ¶

func (x *GenerateAccessTokenResponse) Reset()

func (*GenerateAccessTokenResponse) String ¶

func (x *GenerateAccessTokenResponse) String() string

type GenerateIdTokenRequest ¶

type GenerateIdTokenRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,2,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. The audience for the token, such as the API or account that this token
	// grants access to.
	Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
	// Include the service account email in the token. If set to `true`, the
	// token will contain `email` and `email_verified` claims.
	IncludeEmail bool `protobuf:"varint,4,opt,name=include_email,json=includeEmail,proto3" json:"include_email,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateIdTokenRequest) Descriptor ¶

func (*GenerateIdTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateIdTokenRequest.ProtoReflect.Descriptor instead.

func (*GenerateIdTokenRequest) GetAudience ¶

func (x *GenerateIdTokenRequest) GetAudience() string

func (*GenerateIdTokenRequest) GetDelegates ¶

func (x *GenerateIdTokenRequest) GetDelegates() []string

func (*GenerateIdTokenRequest) GetIncludeEmail ¶

func (x *GenerateIdTokenRequest) GetIncludeEmail() bool

func (*GenerateIdTokenRequest) GetName ¶

func (x *GenerateIdTokenRequest) GetName() string

func (*GenerateIdTokenRequest) ProtoMessage ¶

func (*GenerateIdTokenRequest) ProtoMessage()

func (*GenerateIdTokenRequest) ProtoReflect ¶

func (x *GenerateIdTokenRequest) ProtoReflect() protoreflect.Message

func (*GenerateIdTokenRequest) Reset ¶

func (x *GenerateIdTokenRequest) Reset()

func (*GenerateIdTokenRequest) String ¶

func (x *GenerateIdTokenRequest) String() string

type GenerateIdTokenResponse ¶

type GenerateIdTokenResponse struct {

	// The OpenId Connect ID token.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateIdTokenResponse) Descriptor ¶

func (*GenerateIdTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateIdTokenResponse.ProtoReflect.Descriptor instead.

func (*GenerateIdTokenResponse) GetToken ¶

func (x *GenerateIdTokenResponse) GetToken() string

func (*GenerateIdTokenResponse) ProtoMessage ¶

func (*GenerateIdTokenResponse) ProtoMessage()

func (*GenerateIdTokenResponse) ProtoReflect ¶

func (x *GenerateIdTokenResponse) ProtoReflect() protoreflect.Message

func (*GenerateIdTokenResponse) Reset ¶

func (x *GenerateIdTokenResponse) Reset()

func (*GenerateIdTokenResponse) String ¶

func (x *GenerateIdTokenResponse) String() string

type IAMCredentialsClient ¶

type IAMCredentialsClient interface {
	// Generates an OAuth 2.0 access token for a service account.
	GenerateAccessToken(ctx context.Context, in *GenerateAccessTokenRequest, opts ...grpc.CallOption) (*GenerateAccessTokenResponse, error)
	// Generates an OpenID Connect ID token for a service account.
	GenerateIdToken(ctx context.Context, in *GenerateIdTokenRequest, opts ...grpc.CallOption) (*GenerateIdTokenResponse, error)
	// Signs a blob using a service account's system-managed private key.
	SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error)
	// Signs a JWT using a service account's system-managed private key.
	SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error)
}

IAMCredentialsClient is the client API for IAMCredentials service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewIAMCredentialsClient ¶

func NewIAMCredentialsClient(cc grpc.ClientConnInterface) IAMCredentialsClient

type IAMCredentialsServer ¶

type IAMCredentialsServer interface {
	// Generates an OAuth 2.0 access token for a service account.
	GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)
	// Generates an OpenID Connect ID token for a service account.
	GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)
	// Signs a blob using a service account's system-managed private key.
	SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
	// Signs a JWT using a service account's system-managed private key.
	SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
}

IAMCredentialsServer is the server API for IAMCredentials service. All implementations should embed UnimplementedIAMCredentialsServer for forward compatibility

type SignBlobRequest ¶

type SignBlobRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. The bytes to sign.
	Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

func (*SignBlobRequest) Descriptor ¶

func (*SignBlobRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.

func (*SignBlobRequest) GetDelegates ¶

func (x *SignBlobRequest) GetDelegates() []string

func (*SignBlobRequest) GetName ¶

func (x *SignBlobRequest) GetName() string

func (*SignBlobRequest) GetPayload ¶

func (x *SignBlobRequest) GetPayload() []byte

func (*SignBlobRequest) ProtoMessage ¶

func (*SignBlobRequest) ProtoMessage()

func (*SignBlobRequest) ProtoReflect ¶

func (x *SignBlobRequest) ProtoReflect() protoreflect.Message

func (*SignBlobRequest) Reset ¶

func (x *SignBlobRequest) Reset()

func (*SignBlobRequest) String ¶

func (x *SignBlobRequest) String() string

type SignBlobResponse ¶

type SignBlobResponse struct {

	// The ID of the key used to sign the blob.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// The signed blob.
	SignedBlob []byte `protobuf:"bytes,4,opt,name=signed_blob,json=signedBlob,proto3" json:"signed_blob,omitempty"`
	// contains filtered or unexported fields
}

func (*SignBlobResponse) Descriptor ¶

func (*SignBlobResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.

func (*SignBlobResponse) GetKeyId ¶

func (x *SignBlobResponse) GetKeyId() string

func (*SignBlobResponse) GetSignedBlob ¶

func (x *SignBlobResponse) GetSignedBlob() []byte

func (*SignBlobResponse) ProtoMessage ¶

func (*SignBlobResponse) ProtoMessage()

func (*SignBlobResponse) ProtoReflect ¶

func (x *SignBlobResponse) ProtoReflect() protoreflect.Message

func (*SignBlobResponse) Reset ¶

func (x *SignBlobResponse) Reset()

func (*SignBlobResponse) String ¶

func (x *SignBlobResponse) String() string

type SignJwtRequest ¶

type SignJwtRequest struct {

	// Required. The resource name of the service account for which the credentials
	// are requested, in the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The sequence of service accounts in a delegation chain. Each service
	// account must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on its next service account in the chain. The last service account in the
	// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
	// on the service account that is specified in the `name` field of the
	// request.
	//
	// The delegates must have the following format:
	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
	// character is required; replacing it with a project ID is invalid.
	Delegates []string `protobuf:"bytes,3,rep,name=delegates,proto3" json:"delegates,omitempty"`
	// Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
	Payload string `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

func (*SignJwtRequest) Descriptor ¶

func (*SignJwtRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.

func (*SignJwtRequest) GetDelegates ¶

func (x *SignJwtRequest) GetDelegates() []string

func (*SignJwtRequest) GetName ¶

func (x *SignJwtRequest) GetName() string

func (*SignJwtRequest) GetPayload ¶

func (x *SignJwtRequest) GetPayload() string

func (*SignJwtRequest) ProtoMessage ¶

func (*SignJwtRequest) ProtoMessage()

func (*SignJwtRequest) ProtoReflect ¶

func (x *SignJwtRequest) ProtoReflect() protoreflect.Message

func (*SignJwtRequest) Reset ¶

func (x *SignJwtRequest) Reset()

func (*SignJwtRequest) String ¶

func (x *SignJwtRequest) String() string

type SignJwtResponse ¶

type SignJwtResponse struct {

	// The ID of the key used to sign the JWT.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// The signed JWT.
	SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"`
	// contains filtered or unexported fields
}

func (*SignJwtResponse) Descriptor ¶

func (*SignJwtResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.

func (*SignJwtResponse) GetKeyId ¶

func (x *SignJwtResponse) GetKeyId() string

func (*SignJwtResponse) GetSignedJwt ¶

func (x *SignJwtResponse) GetSignedJwt() string

func (*SignJwtResponse) ProtoMessage ¶

func (*SignJwtResponse) ProtoMessage()

func (*SignJwtResponse) ProtoReflect ¶

func (x *SignJwtResponse) ProtoReflect() protoreflect.Message

func (*SignJwtResponse) Reset ¶

func (x *SignJwtResponse) Reset()

func (*SignJwtResponse) String ¶

func (x *SignJwtResponse) String() string

type UnimplementedIAMCredentialsServer ¶

type UnimplementedIAMCredentialsServer struct {
}

UnimplementedIAMCredentialsServer should be embedded to have forward compatible implementations.

func (UnimplementedIAMCredentialsServer) GenerateAccessToken ¶

func (UnimplementedIAMCredentialsServer) GenerateAccessToken(context.Context, *GenerateAccessTokenRequest) (*GenerateAccessTokenResponse, error)

func (UnimplementedIAMCredentialsServer) GenerateIdToken ¶

func (UnimplementedIAMCredentialsServer) GenerateIdToken(context.Context, *GenerateIdTokenRequest) (*GenerateIdTokenResponse, error)

func (UnimplementedIAMCredentialsServer) SignBlob ¶

func (UnimplementedIAMCredentialsServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)

func (UnimplementedIAMCredentialsServer) SignJwt ¶

func (UnimplementedIAMCredentialsServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)

type UnsafeIAMCredentialsServer ¶

type UnsafeIAMCredentialsServer interface {
	// contains filtered or unexported methods
}

UnsafeIAMCredentialsServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to IAMCredentialsServer will result in compilation errors.

Source Files ¶

common.pb.go iamcredentials.pb.go iamcredentials_grpc.pb.go

Version: v1.5.3 (latest)
Published: Oct 8, 2025
Platform: linux/amd64
Imports: 11 packages
Last checked: 4 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples