On January 1, 2020 this library will no longer support Python 2 on the latest released version. Previously released library versions will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for IAM Service Account Credentials API Client¶

class google.cloud.iam_credentials_v1.types.Duration¶

nanos¶: Field google.protobuf.Duration.nanos

seconds¶: Field google.protobuf.Duration.seconds

class google.cloud.iam_credentials_v1.types.GenerateAccessTokenRequest¶

name¶: Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates¶: The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope¶: Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime¶: The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token’s lifetime will be set to a default value of one hour.

delegates: Field google.iam.credentials.v1.GenerateAccessTokenRequest.delegates

lifetime: Field google.iam.credentials.v1.GenerateAccessTokenRequest.lifetime

name: Field google.iam.credentials.v1.GenerateAccessTokenRequest.name

scope: Field google.iam.credentials.v1.GenerateAccessTokenRequest.scope

class google.cloud.iam_credentials_v1.types.GenerateAccessTokenResponse¶

access_token¶: The OAuth 2.0 access token.

expire_time¶: Token expiration time. The expiration time is always set.

access_token: Field google.iam.credentials.v1.GenerateAccessTokenResponse.access_token

expire_time: Field google.iam.credentials.v1.GenerateAccessTokenResponse.expire_time

class google.cloud.iam_credentials_v1.types.GenerateIdTokenRequest¶

name¶: Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates¶: The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience¶: Required. The audience for the token, such as the API or account that this token grants access to.

include_email¶: Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

audience: Field google.iam.credentials.v1.GenerateIdTokenRequest.audience

delegates: Field google.iam.credentials.v1.GenerateIdTokenRequest.delegates

include_email: Field google.iam.credentials.v1.GenerateIdTokenRequest.include_email

name: Field google.iam.credentials.v1.GenerateIdTokenRequest.name

class google.cloud.iam_credentials_v1.types.GenerateIdTokenResponse¶

token¶: The OpenId Connect ID token.

token: Field google.iam.credentials.v1.GenerateIdTokenResponse.token

class google.cloud.iam_credentials_v1.types.SignBlobRequest¶

name¶: Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates¶: The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload¶: Required. The bytes to sign.

delegates: Field google.iam.credentials.v1.SignBlobRequest.delegates

name: Field google.iam.credentials.v1.SignBlobRequest.name

payload: Field google.iam.credentials.v1.SignBlobRequest.payload

class google.cloud.iam_credentials_v1.types.SignBlobResponse¶

key_id¶: The ID of the key used to sign the blob.

signed_blob¶: The signed blob.

key_id: Field google.iam.credentials.v1.SignBlobResponse.key_id

signed_blob: Field google.iam.credentials.v1.SignBlobResponse.signed_blob

class google.cloud.iam_credentials_v1.types.SignJwtRequest¶

name¶: Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates¶: The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload¶: Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

delegates: Field google.iam.credentials.v1.SignJwtRequest.delegates

name: Field google.iam.credentials.v1.SignJwtRequest.name

payload: Field google.iam.credentials.v1.SignJwtRequest.payload

class google.cloud.iam_credentials_v1.types.SignJwtResponse¶

key_id¶: The ID of the key used to sign the JWT.

signed_jwt¶: The signed JWT.

key_id: Field google.iam.credentials.v1.SignJwtResponse.key_id

signed_jwt: Field google.iam.credentials.v1.SignJwtResponse.signed_jwt

class google.cloud.iam_credentials_v1.types.Timestamp¶

nanos¶: Field google.protobuf.Timestamp.nanos

seconds¶: Field google.protobuf.Timestamp.seconds

Types for IAM Service Account Credentials API Client¶

google-cloud-iam

Navigation

Related Topics