// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Code generated by protoc-gen-go_gapic. DO NOT EDIT. package credentials import ( "bytes" "context" "fmt" "io" "math" "net/http" "net/url" "time" credentialspb "cloud.google.com/go/iam/credentials/apiv1/credentialspb" gax "github.com/googleapis/gax-go/v2" "google.golang.org/api/googleapi" "google.golang.org/api/option" "google.golang.org/api/option/internaloption" gtransport "google.golang.org/api/transport/grpc" httptransport "google.golang.org/api/transport/http" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/protobuf/encoding/protojson" ) var newIamCredentialsClientHook clientHook // IamCredentialsCallOptions contains the retry settings for each method of IamCredentialsClient. type IamCredentialsCallOptions struct { GenerateAccessToken []gax.CallOption GenerateIdToken []gax.CallOption SignBlob []gax.CallOption SignJwt []gax.CallOption } func defaultIamCredentialsGRPCClientOptions() []option.ClientOption { return []option.ClientOption{ internaloption.WithDefaultEndpoint("iamcredentials.googleapis.com:443"), internaloption.WithDefaultEndpointTemplate("iamcredentials.UNIVERSE_DOMAIN:443"), internaloption.WithDefaultMTLSEndpoint("iamcredentials.mtls.googleapis.com:443"), internaloption.WithDefaultUniverseDomain("googleapis.com"), internaloption.WithDefaultAudience("https://iamcredentials.googleapis.com/"), internaloption.WithDefaultScopes(DefaultAuthScopes()...), internaloption.EnableJwtWithScope(), option.WithGRPCDialOption(grpc.WithDefaultCallOptions( grpc.MaxCallRecvMsgSize(math.MaxInt32))), } } func defaultIamCredentialsCallOptions() *IamCredentialsCallOptions { return &IamCredentialsCallOptions{ GenerateAccessToken: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnCodes([]codes.Code{ codes.Unavailable, codes.DeadlineExceeded, }, gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }) }), }, GenerateIdToken: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnCodes([]codes.Code{ codes.Unavailable, codes.DeadlineExceeded, }, gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }) }), }, SignBlob: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnCodes([]codes.Code{ codes.Unavailable, codes.DeadlineExceeded, }, gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }) }), }, SignJwt: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnCodes([]codes.Code{ codes.Unavailable, codes.DeadlineExceeded, }, gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }) }), }, } } func defaultIamCredentialsRESTCallOptions() *IamCredentialsCallOptions { return &IamCredentialsCallOptions{ GenerateAccessToken: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnHTTPCodes(gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }, http.StatusServiceUnavailable, http.StatusGatewayTimeout) }), }, GenerateIdToken: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnHTTPCodes(gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }, http.StatusServiceUnavailable, http.StatusGatewayTimeout) }), }, SignBlob: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnHTTPCodes(gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }, http.StatusServiceUnavailable, http.StatusGatewayTimeout) }), }, SignJwt: []gax.CallOption{ gax.WithTimeout(60000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnHTTPCodes(gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.30, }, http.StatusServiceUnavailable, http.StatusGatewayTimeout) }), }, } } // internalIamCredentialsClient is an interface that defines the methods available from IAM Service Account Credentials API. type internalIamCredentialsClient interface { Close() error setGoogleClientInfo(...string) Connection() *grpc.ClientConn GenerateAccessToken(context.Context, *credentialspb.GenerateAccessTokenRequest, ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) GenerateIdToken(context.Context, *credentialspb.GenerateIdTokenRequest, ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) SignBlob(context.Context, *credentialspb.SignBlobRequest, ...gax.CallOption) (*credentialspb.SignBlobResponse, error) SignJwt(context.Context, *credentialspb.SignJwtRequest, ...gax.CallOption) (*credentialspb.SignJwtResponse, error) } // IamCredentialsClient is a client for interacting with IAM Service Account Credentials API. // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. // // A service account is a special type of Google account that belongs to your // application or a virtual machine (VM), instead of to an individual end user. // Your application assumes the identity of the service account to call Google // APIs, so that the users aren’t directly involved. // // Service account credentials are used to temporarily assume the identity // of the service account. Supported credential types include OAuth 2.0 access // tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and // more. type IamCredentialsClient struct { // The internal transport-dependent client. internalClient internalIamCredentialsClient // The call options for this service. CallOptions *IamCredentialsCallOptions } // Wrapper methods routed to the internal client. // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *IamCredentialsClient) Close() error { return c.internalClient.Close() } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *IamCredentialsClient) setGoogleClientInfo(keyval ...string) { c.internalClient.setGoogleClientInfo(keyval...) } // Connection returns a connection to the API service. // // Deprecated: Connections are now pooled so this method does not always // return the same resource. func (c *IamCredentialsClient) Connection() *grpc.ClientConn { return c.internalClient.Connection() } // GenerateAccessToken generates an OAuth 2.0 access token for a service account. func (c *IamCredentialsClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) { return c.internalClient.GenerateAccessToken(ctx, req, opts...) } // GenerateIdToken generates an OpenID Connect ID token for a service account. func (c *IamCredentialsClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) { return c.internalClient.GenerateIdToken(ctx, req, opts...) } // SignBlob signs a blob using a service account’s system-managed private key. func (c *IamCredentialsClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) { return c.internalClient.SignBlob(ctx, req, opts...) } // SignJwt signs a JWT using a service account’s system-managed private key. func (c *IamCredentialsClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) { return c.internalClient.SignJwt(ctx, req, opts...) } // iamCredentialsGRPCClient is a client for interacting with IAM Service Account Credentials API over gRPC transport. // // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. type iamCredentialsGRPCClient struct { // Connection pool of gRPC connections to the service. connPool gtransport.ConnPool // Points back to the CallOptions field of the containing IamCredentialsClient CallOptions **IamCredentialsCallOptions // The gRPC API client. iamCredentialsClient credentialspb.IAMCredentialsClient // The x-goog-* metadata to be sent with each request. xGoogHeaders []string } // NewIamCredentialsClient creates a new iam credentials client based on gRPC. // The returned client must be Closed when it is done being used to clean up its underlying connections. // // A service account is a special type of Google account that belongs to your // application or a virtual machine (VM), instead of to an individual end user. // Your application assumes the identity of the service account to call Google // APIs, so that the users aren’t directly involved. // // Service account credentials are used to temporarily assume the identity // of the service account. Supported credential types include OAuth 2.0 access // tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and // more. func NewIamCredentialsClient(ctx context.Context, opts ...option.ClientOption) (*IamCredentialsClient, error) { clientOpts := defaultIamCredentialsGRPCClientOptions() if newIamCredentialsClientHook != nil { hookOpts, err := newIamCredentialsClientHook(ctx, clientHookParams{}) if err != nil { return nil, err } clientOpts = append(clientOpts, hookOpts...) } connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...) if err != nil { return nil, err } client := IamCredentialsClient{CallOptions: defaultIamCredentialsCallOptions()} c := &iamCredentialsGRPCClient{ connPool: connPool, iamCredentialsClient: credentialspb.NewIAMCredentialsClient(connPool), CallOptions: &client.CallOptions, } c.setGoogleClientInfo() client.internalClient = c return &client, nil } // Connection returns a connection to the API service. // // Deprecated: Connections are now pooled so this method does not always // return the same resource. func (c *iamCredentialsGRPCClient) Connection() *grpc.ClientConn { return c.connPool.Conn() } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *iamCredentialsGRPCClient) setGoogleClientInfo(keyval ...string) { kv := append([]string{"gl-go", gax.GoVersion}, keyval...) kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version) c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)} } // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *iamCredentialsGRPCClient) Close() error { return c.connPool.Close() } // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. type iamCredentialsRESTClient struct { // The http endpoint to connect to. endpoint string // The http client. httpClient *http.Client // The x-goog-* headers to be sent with each request. xGoogHeaders []string // Points back to the CallOptions field of the containing IamCredentialsClient CallOptions **IamCredentialsCallOptions } // NewIamCredentialsRESTClient creates a new iam credentials rest client. // // A service account is a special type of Google account that belongs to your // application or a virtual machine (VM), instead of to an individual end user. // Your application assumes the identity of the service account to call Google // APIs, so that the users aren’t directly involved. // // Service account credentials are used to temporarily assume the identity // of the service account. Supported credential types include OAuth 2.0 access // tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and // more. func NewIamCredentialsRESTClient(ctx context.Context, opts ...option.ClientOption) (*IamCredentialsClient, error) { clientOpts := append(defaultIamCredentialsRESTClientOptions(), opts...) httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...) if err != nil { return nil, err } callOpts := defaultIamCredentialsRESTCallOptions() c := &iamCredentialsRESTClient{ endpoint: endpoint, httpClient: httpClient, CallOptions: &callOpts, } c.setGoogleClientInfo() return &IamCredentialsClient{internalClient: c, CallOptions: callOpts}, nil } func defaultIamCredentialsRESTClientOptions() []option.ClientOption { return []option.ClientOption{ internaloption.WithDefaultEndpoint("https://iamcredentials.googleapis.com"), internaloption.WithDefaultEndpointTemplate("https://iamcredentials.UNIVERSE_DOMAIN"), internaloption.WithDefaultMTLSEndpoint("https://iamcredentials.mtls.googleapis.com"), internaloption.WithDefaultUniverseDomain("googleapis.com"), internaloption.WithDefaultAudience("https://iamcredentials.googleapis.com/"), internaloption.WithDefaultScopes(DefaultAuthScopes()...), } } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *iamCredentialsRESTClient) setGoogleClientInfo(keyval ...string) { kv := append([]string{"gl-go", gax.GoVersion}, keyval...) kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN") c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)} } // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *iamCredentialsRESTClient) Close() error { // Replace httpClient with nil to force cleanup. c.httpClient = nil return nil } // Connection returns a connection to the API service. // // Deprecated: This method always returns nil. func (c *iamCredentialsRESTClient) Connection() *grpc.ClientConn { return nil } func (c *iamCredentialsGRPCClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).GenerateAccessToken[0:len((*c.CallOptions).GenerateAccessToken):len((*c.CallOptions).GenerateAccessToken)], opts...) var resp *credentialspb.GenerateAccessTokenResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamCredentialsClient.GenerateAccessToken(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } func (c *iamCredentialsGRPCClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).GenerateIdToken[0:len((*c.CallOptions).GenerateIdToken):len((*c.CallOptions).GenerateIdToken)], opts...) var resp *credentialspb.GenerateIdTokenResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamCredentialsClient.GenerateIdToken(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } func (c *iamCredentialsGRPCClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).SignBlob[0:len((*c.CallOptions).SignBlob):len((*c.CallOptions).SignBlob)], opts...) var resp *credentialspb.SignBlobResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamCredentialsClient.SignBlob(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } func (c *iamCredentialsGRPCClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).SignJwt[0:len((*c.CallOptions).SignJwt):len((*c.CallOptions).SignJwt)], opts...) var resp *credentialspb.SignJwtResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamCredentialsClient.SignJwt(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // GenerateAccessToken generates an OAuth 2.0 access token for a service account. func (c *iamCredentialsRESTClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:generateAccessToken", req.GetName()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).GenerateAccessToken[0:len((*c.CallOptions).GenerateAccessToken):len((*c.CallOptions).GenerateAccessToken)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &credentialspb.GenerateAccessTokenResponse{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil } // GenerateIdToken generates an OpenID Connect ID token for a service account. func (c *iamCredentialsRESTClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:generateIdToken", req.GetName()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).GenerateIdToken[0:len((*c.CallOptions).GenerateIdToken):len((*c.CallOptions).GenerateIdToken)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &credentialspb.GenerateIdTokenResponse{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil } // SignBlob signs a blob using a service account’s system-managed private key. func (c *iamCredentialsRESTClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:signBlob", req.GetName()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).SignBlob[0:len((*c.CallOptions).SignBlob):len((*c.CallOptions).SignBlob)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &credentialspb.SignBlobResponse{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil } // SignJwt signs a JWT using a service account’s system-managed private key. func (c *iamCredentialsRESTClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:signJwt", req.GetName()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).SignJwt[0:len((*c.CallOptions).SignJwt):len((*c.CallOptions).SignJwt)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &credentialspb.SignJwtResponse{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil }