iamcredentials-gen.go

Documentation: google.golang.org/api/iamcredentials/v1

     1  // Copyright 2024 Google LLC.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Code generated file. DO NOT EDIT.
     6  
     7  // Package iamcredentials provides access to the IAM Service Account Credentials API.
     8  //
     9  // For product documentation, see: https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
    10  //
    11  // # Library status
    12  //
    13  // These client libraries are officially supported by Google. However, this
    14  // library is considered complete and is in maintenance mode. This means
    15  // that we will address critical bugs and security issues but will not add
    16  // any new features.
    17  //
    18  // When possible, we recommend using our newer
    19  // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go)
    20  // that are still actively being worked and iterated on.
    21  //
    22  // # Creating a client
    23  //
    24  // Usage example:
    25  //
    26  //	import "google.golang.org/api/iamcredentials/v1"
    27  //	...
    28  //	ctx := context.Background()
    29  //	iamcredentialsService, err := iamcredentials.NewService(ctx)
    30  //
    31  // In this example, Google Application Default Credentials are used for
    32  // authentication. For information on how to create and obtain Application
    33  // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
    34  //
    35  // # Other authentication options
    36  //
    37  // To use an API key for authentication (note: some APIs do not support API
    38  // keys), use [google.golang.org/api/option.WithAPIKey]:
    39  //
    40  //	iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithAPIKey("AIza..."))
    41  //
    42  // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth
    43  // flow, use [google.golang.org/api/option.WithTokenSource]:
    44  //
    45  //	config := &oauth2.Config{...}
    46  //	// ...
    47  //	token, err := config.Exchange(ctx, ...)
    48  //	iamcredentialsService, err := iamcredentials.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
    49  //
    50  // See [google.golang.org/api/option.ClientOption] for details on options.
    51  package iamcredentials // import "google.golang.org/api/iamcredentials/v1"
    52  
    53  import (
    54  	"bytes"
    55  	"context"
    56  	"encoding/json"
    57  	"errors"
    58  	"fmt"
    59  	"io"
    60  	"net/http"
    61  	"net/url"
    62  	"strconv"
    63  	"strings"
    64  
    65  	googleapi "google.golang.org/api/googleapi"
    66  	internal "google.golang.org/api/internal"
    67  	gensupport "google.golang.org/api/internal/gensupport"
    68  	option "google.golang.org/api/option"
    69  	internaloption "google.golang.org/api/option/internaloption"
    70  	htransport "google.golang.org/api/transport/http"
    71  )
    72  
    73  // Always reference these packages, just in case the auto-generated code
    74  // below doesn't.
    75  var _ = bytes.NewBuffer
    76  var _ = strconv.Itoa
    77  var _ = fmt.Sprintf
    78  var _ = json.NewDecoder
    79  var _ = io.Copy
    80  var _ = url.Parse
    81  var _ = gensupport.MarshalJSON
    82  var _ = googleapi.Version
    83  var _ = errors.New
    84  var _ = strings.Replace
    85  var _ = context.Canceled
    86  var _ = internaloption.WithDefaultEndpoint
    87  var _ = internal.Version
    88  
    89  const apiId = "iamcredentials:v1"
    90  const apiName = "iamcredentials"
    91  const apiVersion = "v1"
    92  const basePath = "https://iamcredentials.googleapis.com/"
    93  const basePathTemplate = "https://iamcredentials.UNIVERSE_DOMAIN/"
    94  const mtlsBasePath = "https://iamcredentials.mtls.googleapis.com/"
    95  
    96  // OAuth2 scopes used by this API.
    97  const (
    98  	// See, edit, configure, and delete your Google Cloud data and see the email
    99  	// address for your Google Account.
   100  	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
   101  )
   102  
   103  // NewService creates a new Service.
   104  func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
   105  	scopesOption := internaloption.WithDefaultScopes(
   106  		"https://www.googleapis.com/auth/cloud-platform",
   107  	)
   108  	// NOTE: prepend, so we don't override user-specified scopes.
   109  	opts = append([]option.ClientOption{scopesOption}, opts...)
   110  	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
   111  	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
   112  	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
   113  	opts = append(opts, internaloption.EnableNewAuthLibrary())
   114  	client, endpoint, err := htransport.NewClient(ctx, opts...)
   115  	if err != nil {
   116  		return nil, err
   117  	}
   118  	s, err := New(client)
   119  	if err != nil {
   120  		return nil, err
   121  	}
   122  	if endpoint != "" {
   123  		s.BasePath = endpoint
   124  	}
   125  	return s, nil
   126  }
   127  
   128  // New creates a new Service. It uses the provided http.Client for requests.
   129  //
   130  // Deprecated: please use NewService instead.
   131  // To provide a custom HTTP client, use option.WithHTTPClient.
   132  // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
   133  func New(client *http.Client) (*Service, error) {
   134  	if client == nil {
   135  		return nil, errors.New("client is nil")
   136  	}
   137  	s := &Service{client: client, BasePath: basePath}
   138  	s.Projects = NewProjectsService(s)
   139  	return s, nil
   140  }
   141  
   142  type Service struct {
   143  	client    *http.Client
   144  	BasePath  string // API endpoint base URL
   145  	UserAgent string // optional additional User-Agent fragment
   146  
   147  	Projects *ProjectsService
   148  }
   149  
   150  func (s *Service) userAgent() string {
   151  	if s.UserAgent == "" {
   152  		return googleapi.UserAgent
   153  	}
   154  	return googleapi.UserAgent + " " + s.UserAgent
   155  }
   156  
   157  func NewProjectsService(s *Service) *ProjectsService {
   158  	rs := &ProjectsService{s: s}
   159  	rs.ServiceAccounts = NewProjectsServiceAccountsService(s)
   160  	return rs
   161  }
   162  
   163  type ProjectsService struct {
   164  	s *Service
   165  
   166  	ServiceAccounts *ProjectsServiceAccountsService
   167  }
   168  
   169  func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService {
   170  	rs := &ProjectsServiceAccountsService{s: s}
   171  	return rs
   172  }
   173  
   174  type ProjectsServiceAccountsService struct {
   175  	s *Service
   176  }
   177  
   178  type GenerateAccessTokenRequest struct {
   179  	// Delegates: The sequence of service accounts in a delegation chain. This
   180  	// field is required for delegated requests
   181  	// (https://cloud.google.com/iam/help/credentials/delegated-request). For
   182  	// direct requests
   183  	// (https://cloud.google.com/iam/help/credentials/direct-request), which are
   184  	// more common, do not specify this field. Each service account must be granted
   185  	// the `roles/iam.serviceAccountTokenCreator` role on its next service account
   186  	// in the chain. The last service account in the chain must be granted the
   187  	// `roles/iam.serviceAccountTokenCreator` role on the service account that is
   188  	// specified in the `name` field of the request. The delegates must have the
   189  	// following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
   190  	// The `-` wildcard character is required; replacing it with a project ID is
   191  	// invalid.
   192  	Delegates []string `json:"delegates,omitempty"`
   193  	// Lifetime: The desired lifetime duration of the access token in seconds. By
   194  	// default, the maximum allowed value is 1 hour. To set a lifetime of up to 12
   195  	// hours, you can add the service account as an allowed value in an
   196  	// Organization Policy that enforces the
   197  	// `constraints/iam.allowServiceAccountCredentialLifetimeExtension` constraint.
   198  	// See detailed instructions at
   199  	// https://cloud.google.com/iam/help/credentials/lifetime If a value is not
   200  	// specified, the token's lifetime will be set to a default value of 1 hour.
   201  	Lifetime string `json:"lifetime,omitempty"`
   202  	// Scope: Required. Code to identify the scopes to be included in the OAuth 2.0
   203  	// access token. See
   204  	// https://developers.google.com/identity/protocols/googlescopes for more
   205  	// information. At least one value required.
   206  	Scope []string `json:"scope,omitempty"`
   207  	// ForceSendFields is a list of field names (e.g. "Delegates") to
   208  	// unconditionally include in API requests. By default, fields with empty or
   209  	// default values are omitted from API requests. See
   210  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   211  	// details.
   212  	ForceSendFields []string `json:"-"`
   213  	// NullFields is a list of field names (e.g. "Delegates") to include in API
   214  	// requests with the JSON null value. By default, fields with empty values are
   215  	// omitted from API requests. See
   216  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   217  	NullFields []string `json:"-"`
   218  }
   219  
   220  func (s *GenerateAccessTokenRequest) MarshalJSON() ([]byte, error) {
   221  	type NoMethod GenerateAccessTokenRequest
   222  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   223  }
   224  
   225  type GenerateAccessTokenResponse struct {
   226  	// AccessToken: The OAuth 2.0 access token.
   227  	AccessToken string `json:"accessToken,omitempty"`
   228  	// ExpireTime: Token expiration time. The expiration time is always set.
   229  	ExpireTime string `json:"expireTime,omitempty"`
   230  
   231  	// ServerResponse contains the HTTP response code and headers from the server.
   232  	googleapi.ServerResponse `json:"-"`
   233  	// ForceSendFields is a list of field names (e.g. "AccessToken") to
   234  	// unconditionally include in API requests. By default, fields with empty or
   235  	// default values are omitted from API requests. See
   236  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   237  	// details.
   238  	ForceSendFields []string `json:"-"`
   239  	// NullFields is a list of field names (e.g. "AccessToken") to include in API
   240  	// requests with the JSON null value. By default, fields with empty values are
   241  	// omitted from API requests. See
   242  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   243  	NullFields []string `json:"-"`
   244  }
   245  
   246  func (s *GenerateAccessTokenResponse) MarshalJSON() ([]byte, error) {
   247  	type NoMethod GenerateAccessTokenResponse
   248  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   249  }
   250  
   251  type GenerateIdTokenRequest struct {
   252  	// Audience: Required. The audience for the token, such as the API or account
   253  	// that this token grants access to.
   254  	Audience string `json:"audience,omitempty"`
   255  	// Delegates: The sequence of service accounts in a delegation chain. Each
   256  	// service account must be granted the `roles/iam.serviceAccountTokenCreator`
   257  	// role on its next service account in the chain. The last service account in
   258  	// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on
   259  	// the service account that is specified in the `name` field of the request.
   260  	// The delegates must have the following format:
   261  	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   262  	// character is required; replacing it with a project ID is invalid.
   263  	Delegates []string `json:"delegates,omitempty"`
   264  	// IncludeEmail: Include the service account email in the token. If set to
   265  	// `true`, the token will contain `email` and `email_verified` claims.
   266  	IncludeEmail bool `json:"includeEmail,omitempty"`
   267  	// ForceSendFields is a list of field names (e.g. "Audience") to
   268  	// unconditionally include in API requests. By default, fields with empty or
   269  	// default values are omitted from API requests. See
   270  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   271  	// details.
   272  	ForceSendFields []string `json:"-"`
   273  	// NullFields is a list of field names (e.g. "Audience") to include in API
   274  	// requests with the JSON null value. By default, fields with empty values are
   275  	// omitted from API requests. See
   276  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   277  	NullFields []string `json:"-"`
   278  }
   279  
   280  func (s *GenerateIdTokenRequest) MarshalJSON() ([]byte, error) {
   281  	type NoMethod GenerateIdTokenRequest
   282  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   283  }
   284  
   285  type GenerateIdTokenResponse struct {
   286  	// Token: The OpenId Connect ID token.
   287  	Token string `json:"token,omitempty"`
   288  
   289  	// ServerResponse contains the HTTP response code and headers from the server.
   290  	googleapi.ServerResponse `json:"-"`
   291  	// ForceSendFields is a list of field names (e.g. "Token") to unconditionally
   292  	// include in API requests. By default, fields with empty or default values are
   293  	// omitted from API requests. See
   294  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   295  	// details.
   296  	ForceSendFields []string `json:"-"`
   297  	// NullFields is a list of field names (e.g. "Token") to include in API
   298  	// requests with the JSON null value. By default, fields with empty values are
   299  	// omitted from API requests. See
   300  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   301  	NullFields []string `json:"-"`
   302  }
   303  
   304  func (s *GenerateIdTokenResponse) MarshalJSON() ([]byte, error) {
   305  	type NoMethod GenerateIdTokenResponse
   306  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   307  }
   308  
   309  type SignBlobRequest struct {
   310  	// Delegates: The sequence of service accounts in a delegation chain. Each
   311  	// service account must be granted the `roles/iam.serviceAccountTokenCreator`
   312  	// role on its next service account in the chain. The last service account in
   313  	// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on
   314  	// the service account that is specified in the `name` field of the request.
   315  	// The delegates must have the following format:
   316  	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   317  	// character is required; replacing it with a project ID is invalid.
   318  	Delegates []string `json:"delegates,omitempty"`
   319  	// Payload: Required. The bytes to sign.
   320  	Payload string `json:"payload,omitempty"`
   321  	// ForceSendFields is a list of field names (e.g. "Delegates") to
   322  	// unconditionally include in API requests. By default, fields with empty or
   323  	// default values are omitted from API requests. See
   324  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   325  	// details.
   326  	ForceSendFields []string `json:"-"`
   327  	// NullFields is a list of field names (e.g. "Delegates") to include in API
   328  	// requests with the JSON null value. By default, fields with empty values are
   329  	// omitted from API requests. See
   330  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   331  	NullFields []string `json:"-"`
   332  }
   333  
   334  func (s *SignBlobRequest) MarshalJSON() ([]byte, error) {
   335  	type NoMethod SignBlobRequest
   336  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   337  }
   338  
   339  type SignBlobResponse struct {
   340  	// KeyId: The ID of the key used to sign the blob. The key used for signing
   341  	// will remain valid for at least 12 hours after the blob is signed. To verify
   342  	// the signature, you can retrieve the public key in several formats from the
   343  	// following endpoints: - RSA public key wrapped in an X.509 v3 certificate:
   344  	// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}
   345  	// ` - Raw key in JSON format:
   346  	// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`
   347  	//  - JSON Web Key (JWK):
   348  	// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`
   349  	KeyId string `json:"keyId,omitempty"`
   350  	// SignedBlob: The signature for the blob. Does not include the original blob.
   351  	// After the key pair referenced by the `key_id` response field expires, Google
   352  	// no longer exposes the public key that can be used to verify the blob. As a
   353  	// result, the receiver can no longer verify the signature.
   354  	SignedBlob string `json:"signedBlob,omitempty"`
   355  
   356  	// ServerResponse contains the HTTP response code and headers from the server.
   357  	googleapi.ServerResponse `json:"-"`
   358  	// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally
   359  	// include in API requests. By default, fields with empty or default values are
   360  	// omitted from API requests. See
   361  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   362  	// details.
   363  	ForceSendFields []string `json:"-"`
   364  	// NullFields is a list of field names (e.g. "KeyId") to include in API
   365  	// requests with the JSON null value. By default, fields with empty values are
   366  	// omitted from API requests. See
   367  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   368  	NullFields []string `json:"-"`
   369  }
   370  
   371  func (s *SignBlobResponse) MarshalJSON() ([]byte, error) {
   372  	type NoMethod SignBlobResponse
   373  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   374  }
   375  
   376  type SignJwtRequest struct {
   377  	// Delegates: The sequence of service accounts in a delegation chain. Each
   378  	// service account must be granted the `roles/iam.serviceAccountTokenCreator`
   379  	// role on its next service account in the chain. The last service account in
   380  	// the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on
   381  	// the service account that is specified in the `name` field of the request.
   382  	// The delegates must have the following format:
   383  	// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   384  	// character is required; replacing it with a project ID is invalid.
   385  	Delegates []string `json:"delegates,omitempty"`
   386  	// Payload: Required. The JWT payload to sign. Must be a serialized JSON object
   387  	// that contains a JWT Claims Set. For example: `{"sub": "user@example.com",
   388  	// "iat": 313435}` If the JWT Claims Set contains an expiration time (`exp`)
   389  	// claim, it must be an integer timestamp that is not in the past and no more
   390  	// than 12 hours in the future.
   391  	Payload string `json:"payload,omitempty"`
   392  	// ForceSendFields is a list of field names (e.g. "Delegates") to
   393  	// unconditionally include in API requests. By default, fields with empty or
   394  	// default values are omitted from API requests. See
   395  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   396  	// details.
   397  	ForceSendFields []string `json:"-"`
   398  	// NullFields is a list of field names (e.g. "Delegates") to include in API
   399  	// requests with the JSON null value. By default, fields with empty values are
   400  	// omitted from API requests. See
   401  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   402  	NullFields []string `json:"-"`
   403  }
   404  
   405  func (s *SignJwtRequest) MarshalJSON() ([]byte, error) {
   406  	type NoMethod SignJwtRequest
   407  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   408  }
   409  
   410  type SignJwtResponse struct {
   411  	// KeyId: The ID of the key used to sign the JWT. The key used for signing will
   412  	// remain valid for at least 12 hours after the JWT is signed. To verify the
   413  	// signature, you can retrieve the public key in several formats from the
   414  	// following endpoints: - RSA public key wrapped in an X.509 v3 certificate:
   415  	// `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}
   416  	// ` - Raw key in JSON format:
   417  	// `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`
   418  	//  - JSON Web Key (JWK):
   419  	// `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`
   420  	KeyId string `json:"keyId,omitempty"`
   421  	// SignedJwt: The signed JWT. Contains the automatically generated header; the
   422  	// client-supplied payload; and the signature, which is generated using the key
   423  	// referenced by the `kid` field in the header. After the key pair referenced
   424  	// by the `key_id` response field expires, Google no longer exposes the public
   425  	// key that can be used to verify the JWT. As a result, the receiver can no
   426  	// longer verify the signature.
   427  	SignedJwt string `json:"signedJwt,omitempty"`
   428  
   429  	// ServerResponse contains the HTTP response code and headers from the server.
   430  	googleapi.ServerResponse `json:"-"`
   431  	// ForceSendFields is a list of field names (e.g. "KeyId") to unconditionally
   432  	// include in API requests. By default, fields with empty or default values are
   433  	// omitted from API requests. See
   434  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   435  	// details.
   436  	ForceSendFields []string `json:"-"`
   437  	// NullFields is a list of field names (e.g. "KeyId") to include in API
   438  	// requests with the JSON null value. By default, fields with empty values are
   439  	// omitted from API requests. See
   440  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   441  	NullFields []string `json:"-"`
   442  }
   443  
   444  func (s *SignJwtResponse) MarshalJSON() ([]byte, error) {
   445  	type NoMethod SignJwtResponse
   446  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   447  }
   448  
   449  type ProjectsServiceAccountsGenerateAccessTokenCall struct {
   450  	s                          *Service
   451  	name                       string
   452  	generateaccesstokenrequest *GenerateAccessTokenRequest
   453  	urlParams_                 gensupport.URLParams
   454  	ctx_                       context.Context
   455  	header_                    http.Header
   456  }
   457  
   458  // GenerateAccessToken: Generates an OAuth 2.0 access token for a service
   459  // account.
   460  //
   461  //   - name: The resource name of the service account for which the credentials
   462  //     are requested, in the following format:
   463  //     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   464  //     character is required; replacing it with a project ID is invalid.
   465  func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
   466  	c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
   467  	c.name = name
   468  	c.generateaccesstokenrequest = generateaccesstokenrequest
   469  	return c
   470  }
   471  
   472  // Fields allows partial responses to be retrieved. See
   473  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
   474  // details.
   475  func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateAccessTokenCall {
   476  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
   477  	return c
   478  }
   479  
   480  // Context sets the context to be used in this call's Do method.
   481  func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateAccessTokenCall {
   482  	c.ctx_ = ctx
   483  	return c
   484  }
   485  
   486  // Header returns a http.Header that can be modified by the caller to add
   487  // headers to the request.
   488  func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Header() http.Header {
   489  	if c.header_ == nil {
   490  		c.header_ = make(http.Header)
   491  	}
   492  	return c.header_
   493  }
   494  
   495  func (c *ProjectsServiceAccountsGenerateAccessTokenCall) doRequest(alt string) (*http.Response, error) {
   496  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
   497  	var body io.Reader = nil
   498  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.generateaccesstokenrequest)
   499  	if err != nil {
   500  		return nil, err
   501  	}
   502  	c.urlParams_.Set("alt", alt)
   503  	c.urlParams_.Set("prettyPrint", "false")
   504  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:generateAccessToken")
   505  	urls += "?" + c.urlParams_.Encode()
   506  	req, err := http.NewRequest("POST", urls, body)
   507  	if err != nil {
   508  		return nil, err
   509  	}
   510  	req.Header = reqHeaders
   511  	googleapi.Expand(req.URL, map[string]string{
   512  		"name": c.name,
   513  	})
   514  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
   515  }
   516  
   517  // Do executes the "iamcredentials.projects.serviceAccounts.generateAccessToken" call.
   518  // Any non-2xx status code is an error. Response headers are in either
   519  // *GenerateAccessTokenResponse.ServerResponse.Header or (if a response was
   520  // returned at all) in error.(*googleapi.Error).Header. Use
   521  // googleapi.IsNotModified to check whether the returned error was because
   522  // http.StatusNotModified was returned.
   523  func (c *ProjectsServiceAccountsGenerateAccessTokenCall) Do(opts ...googleapi.CallOption) (*GenerateAccessTokenResponse, error) {
   524  	gensupport.SetOptions(c.urlParams_, opts...)
   525  	res, err := c.doRequest("json")
   526  	if res != nil && res.StatusCode == http.StatusNotModified {
   527  		if res.Body != nil {
   528  			res.Body.Close()
   529  		}
   530  		return nil, gensupport.WrapError(&googleapi.Error{
   531  			Code:   res.StatusCode,
   532  			Header: res.Header,
   533  		})
   534  	}
   535  	if err != nil {
   536  		return nil, err
   537  	}
   538  	defer googleapi.CloseBody(res)
   539  	if err := googleapi.CheckResponse(res); err != nil {
   540  		return nil, gensupport.WrapError(err)
   541  	}
   542  	ret := &GenerateAccessTokenResponse{
   543  		ServerResponse: googleapi.ServerResponse{
   544  			Header:         res.Header,
   545  			HTTPStatusCode: res.StatusCode,
   546  		},
   547  	}
   548  	target := &ret
   549  	if err := gensupport.DecodeResponse(target, res); err != nil {
   550  		return nil, err
   551  	}
   552  	return ret, nil
   553  }
   554  
   555  type ProjectsServiceAccountsGenerateIdTokenCall struct {
   556  	s                      *Service
   557  	name                   string
   558  	generateidtokenrequest *GenerateIdTokenRequest
   559  	urlParams_             gensupport.URLParams
   560  	ctx_                   context.Context
   561  	header_                http.Header
   562  }
   563  
   564  // GenerateIdToken: Generates an OpenID Connect ID token for a service account.
   565  //
   566  //   - name: The resource name of the service account for which the credentials
   567  //     are requested, in the following format:
   568  //     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   569  //     character is required; replacing it with a project ID is invalid.
   570  func (r *ProjectsServiceAccountsService) GenerateIdToken(name string, generateidtokenrequest *GenerateIdTokenRequest) *ProjectsServiceAccountsGenerateIdTokenCall {
   571  	c := &ProjectsServiceAccountsGenerateIdTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
   572  	c.name = name
   573  	c.generateidtokenrequest = generateidtokenrequest
   574  	return c
   575  }
   576  
   577  // Fields allows partial responses to be retrieved. See
   578  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
   579  // details.
   580  func (c *ProjectsServiceAccountsGenerateIdTokenCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGenerateIdTokenCall {
   581  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
   582  	return c
   583  }
   584  
   585  // Context sets the context to be used in this call's Do method.
   586  func (c *ProjectsServiceAccountsGenerateIdTokenCall) Context(ctx context.Context) *ProjectsServiceAccountsGenerateIdTokenCall {
   587  	c.ctx_ = ctx
   588  	return c
   589  }
   590  
   591  // Header returns a http.Header that can be modified by the caller to add
   592  // headers to the request.
   593  func (c *ProjectsServiceAccountsGenerateIdTokenCall) Header() http.Header {
   594  	if c.header_ == nil {
   595  		c.header_ = make(http.Header)
   596  	}
   597  	return c.header_
   598  }
   599  
   600  func (c *ProjectsServiceAccountsGenerateIdTokenCall) doRequest(alt string) (*http.Response, error) {
   601  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
   602  	var body io.Reader = nil
   603  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.generateidtokenrequest)
   604  	if err != nil {
   605  		return nil, err
   606  	}
   607  	c.urlParams_.Set("alt", alt)
   608  	c.urlParams_.Set("prettyPrint", "false")
   609  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:generateIdToken")
   610  	urls += "?" + c.urlParams_.Encode()
   611  	req, err := http.NewRequest("POST", urls, body)
   612  	if err != nil {
   613  		return nil, err
   614  	}
   615  	req.Header = reqHeaders
   616  	googleapi.Expand(req.URL, map[string]string{
   617  		"name": c.name,
   618  	})
   619  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
   620  }
   621  
   622  // Do executes the "iamcredentials.projects.serviceAccounts.generateIdToken" call.
   623  // Any non-2xx status code is an error. Response headers are in either
   624  // *GenerateIdTokenResponse.ServerResponse.Header or (if a response was
   625  // returned at all) in error.(*googleapi.Error).Header. Use
   626  // googleapi.IsNotModified to check whether the returned error was because
   627  // http.StatusNotModified was returned.
   628  func (c *ProjectsServiceAccountsGenerateIdTokenCall) Do(opts ...googleapi.CallOption) (*GenerateIdTokenResponse, error) {
   629  	gensupport.SetOptions(c.urlParams_, opts...)
   630  	res, err := c.doRequest("json")
   631  	if res != nil && res.StatusCode == http.StatusNotModified {
   632  		if res.Body != nil {
   633  			res.Body.Close()
   634  		}
   635  		return nil, gensupport.WrapError(&googleapi.Error{
   636  			Code:   res.StatusCode,
   637  			Header: res.Header,
   638  		})
   639  	}
   640  	if err != nil {
   641  		return nil, err
   642  	}
   643  	defer googleapi.CloseBody(res)
   644  	if err := googleapi.CheckResponse(res); err != nil {
   645  		return nil, gensupport.WrapError(err)
   646  	}
   647  	ret := &GenerateIdTokenResponse{
   648  		ServerResponse: googleapi.ServerResponse{
   649  			Header:         res.Header,
   650  			HTTPStatusCode: res.StatusCode,
   651  		},
   652  	}
   653  	target := &ret
   654  	if err := gensupport.DecodeResponse(target, res); err != nil {
   655  		return nil, err
   656  	}
   657  	return ret, nil
   658  }
   659  
   660  type ProjectsServiceAccountsSignBlobCall struct {
   661  	s               *Service
   662  	name            string
   663  	signblobrequest *SignBlobRequest
   664  	urlParams_      gensupport.URLParams
   665  	ctx_            context.Context
   666  	header_         http.Header
   667  }
   668  
   669  // SignBlob: Signs a blob using a service account's system-managed private key.
   670  //
   671  //   - name: The resource name of the service account for which the credentials
   672  //     are requested, in the following format:
   673  //     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   674  //     character is required; replacing it with a project ID is invalid.
   675  func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall {
   676  	c := &ProjectsServiceAccountsSignBlobCall{s: r.s, urlParams_: make(gensupport.URLParams)}
   677  	c.name = name
   678  	c.signblobrequest = signblobrequest
   679  	return c
   680  }
   681  
   682  // Fields allows partial responses to be retrieved. See
   683  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
   684  // details.
   685  func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall {
   686  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
   687  	return c
   688  }
   689  
   690  // Context sets the context to be used in this call's Do method.
   691  func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall {
   692  	c.ctx_ = ctx
   693  	return c
   694  }
   695  
   696  // Header returns a http.Header that can be modified by the caller to add
   697  // headers to the request.
   698  func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header {
   699  	if c.header_ == nil {
   700  		c.header_ = make(http.Header)
   701  	}
   702  	return c.header_
   703  }
   704  
   705  func (c *ProjectsServiceAccountsSignBlobCall) doRequest(alt string) (*http.Response, error) {
   706  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
   707  	var body io.Reader = nil
   708  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.signblobrequest)
   709  	if err != nil {
   710  		return nil, err
   711  	}
   712  	c.urlParams_.Set("alt", alt)
   713  	c.urlParams_.Set("prettyPrint", "false")
   714  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:signBlob")
   715  	urls += "?" + c.urlParams_.Encode()
   716  	req, err := http.NewRequest("POST", urls, body)
   717  	if err != nil {
   718  		return nil, err
   719  	}
   720  	req.Header = reqHeaders
   721  	googleapi.Expand(req.URL, map[string]string{
   722  		"name": c.name,
   723  	})
   724  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
   725  }
   726  
   727  // Do executes the "iamcredentials.projects.serviceAccounts.signBlob" call.
   728  // Any non-2xx status code is an error. Response headers are in either
   729  // *SignBlobResponse.ServerResponse.Header or (if a response was returned at
   730  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
   731  // check whether the returned error was because http.StatusNotModified was
   732  // returned.
   733  func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error) {
   734  	gensupport.SetOptions(c.urlParams_, opts...)
   735  	res, err := c.doRequest("json")
   736  	if res != nil && res.StatusCode == http.StatusNotModified {
   737  		if res.Body != nil {
   738  			res.Body.Close()
   739  		}
   740  		return nil, gensupport.WrapError(&googleapi.Error{
   741  			Code:   res.StatusCode,
   742  			Header: res.Header,
   743  		})
   744  	}
   745  	if err != nil {
   746  		return nil, err
   747  	}
   748  	defer googleapi.CloseBody(res)
   749  	if err := googleapi.CheckResponse(res); err != nil {
   750  		return nil, gensupport.WrapError(err)
   751  	}
   752  	ret := &SignBlobResponse{
   753  		ServerResponse: googleapi.ServerResponse{
   754  			Header:         res.Header,
   755  			HTTPStatusCode: res.StatusCode,
   756  		},
   757  	}
   758  	target := &ret
   759  	if err := gensupport.DecodeResponse(target, res); err != nil {
   760  		return nil, err
   761  	}
   762  	return ret, nil
   763  }
   764  
   765  type ProjectsServiceAccountsSignJwtCall struct {
   766  	s              *Service
   767  	name           string
   768  	signjwtrequest *SignJwtRequest
   769  	urlParams_     gensupport.URLParams
   770  	ctx_           context.Context
   771  	header_        http.Header
   772  }
   773  
   774  // SignJwt: Signs a JWT using a service account's system-managed private key.
   775  //
   776  //   - name: The resource name of the service account for which the credentials
   777  //     are requested, in the following format:
   778  //     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
   779  //     character is required; replacing it with a project ID is invalid.
   780  func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall {
   781  	c := &ProjectsServiceAccountsSignJwtCall{s: r.s, urlParams_: make(gensupport.URLParams)}
   782  	c.name = name
   783  	c.signjwtrequest = signjwtrequest
   784  	return c
   785  }
   786  
   787  // Fields allows partial responses to be retrieved. See
   788  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
   789  // details.
   790  func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall {
   791  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
   792  	return c
   793  }
   794  
   795  // Context sets the context to be used in this call's Do method.
   796  func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall {
   797  	c.ctx_ = ctx
   798  	return c
   799  }
   800  
   801  // Header returns a http.Header that can be modified by the caller to add
   802  // headers to the request.
   803  func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header {
   804  	if c.header_ == nil {
   805  		c.header_ = make(http.Header)
   806  	}
   807  	return c.header_
   808  }
   809  
   810  func (c *ProjectsServiceAccountsSignJwtCall) doRequest(alt string) (*http.Response, error) {
   811  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
   812  	var body io.Reader = nil
   813  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.signjwtrequest)
   814  	if err != nil {
   815  		return nil, err
   816  	}
   817  	c.urlParams_.Set("alt", alt)
   818  	c.urlParams_.Set("prettyPrint", "false")
   819  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:signJwt")
   820  	urls += "?" + c.urlParams_.Encode()
   821  	req, err := http.NewRequest("POST", urls, body)
   822  	if err != nil {
   823  		return nil, err
   824  	}
   825  	req.Header = reqHeaders
   826  	googleapi.Expand(req.URL, map[string]string{
   827  		"name": c.name,
   828  	})
   829  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
   830  }
   831  
   832  // Do executes the "iamcredentials.projects.serviceAccounts.signJwt" call.
   833  // Any non-2xx status code is an error. Response headers are in either
   834  // *SignJwtResponse.ServerResponse.Header or (if a response was returned at
   835  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
   836  // check whether the returned error was because http.StatusNotModified was
   837  // returned.
   838  func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error) {
   839  	gensupport.SetOptions(c.urlParams_, opts...)
   840  	res, err := c.doRequest("json")
   841  	if res != nil && res.StatusCode == http.StatusNotModified {
   842  		if res.Body != nil {
   843  			res.Body.Close()
   844  		}
   845  		return nil, gensupport.WrapError(&googleapi.Error{
   846  			Code:   res.StatusCode,
   847  			Header: res.Header,
   848  		})
   849  	}
   850  	if err != nil {
   851  		return nil, err
   852  	}
   853  	defer googleapi.CloseBody(res)
   854  	if err := googleapi.CheckResponse(res); err != nil {
   855  		return nil, gensupport.WrapError(err)
   856  	}
   857  	ret := &SignJwtResponse{
   858  		ServerResponse: googleapi.ServerResponse{
   859  			Header:         res.Header,
   860  			HTTPStatusCode: res.StatusCode,
   861  		},
   862  	}
   863  	target := &ret
   864  	if err := gensupport.DecodeResponse(target, res); err != nil {
   865  		return nil, err
   866  	}
   867  	return ret, nil
   868  }
   869
View as plain text