As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Google Cloud Iam Credentials v1 API

class google.cloud.iam_credentials_v1.types.GenerateAccessTokenRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

name

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

str

delegates

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

Sequence[str]

scope

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

Type

Sequence[str]

lifetime

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token’s lifetime will be set to a default value of one hour.

Type

google.protobuf.duration_pb2.Duration

class google.cloud.iam_credentials_v1.types.GenerateAccessTokenResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

access_token

The OAuth 2.0 access token.

Type

str

expire_time

Token expiration time. The expiration time is always set.

Type

google.protobuf.timestamp_pb2.Timestamp

class google.cloud.iam_credentials_v1.types.GenerateIdTokenRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

name

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

str

delegates

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

Sequence[str]

audience

Required. The audience for the token, such as the API or account that this token grants access to.

Type

str

include_email

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

Type

bool

class google.cloud.iam_credentials_v1.types.GenerateIdTokenResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

token

The OpenId Connect ID token.

Type

str

class google.cloud.iam_credentials_v1.types.SignBlobRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

name

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

str

delegates

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

Sequence[str]

payload

Required. The bytes to sign.

Type

bytes

class google.cloud.iam_credentials_v1.types.SignBlobResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

key_id

The ID of the key used to sign the blob.

Type

str

signed_blob

The signed blob.

Type

bytes

class google.cloud.iam_credentials_v1.types.SignJwtRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

name

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

str

delegates

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

Type

Sequence[str]

payload

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

Type

str

class google.cloud.iam_credentials_v1.types.SignJwtResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

key_id

The ID of the key used to sign the JWT.

Type

str

signed_jwt

The signed JWT.

Type

str