"""Generated message classes for iamcredentials version v1. Creates short-lived, limited-privilege credentials for IAM service accounts. """ # NOTE: This file is autogenerated and should not be edited by hand. from apitools.base.protorpclite import messages as _messages from apitools.base.py import encoding package = 'iamcredentials' class GenerateAccessTokenRequest(_messages.Message): r"""A GenerateAccessTokenRequest object. Fields: delegates: The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. lifetime: The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour. scope: Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required. """ delegates = _messages.StringField(1, repeated=True) lifetime = _messages.StringField(2) scope = _messages.StringField(3, repeated=True) class GenerateAccessTokenResponse(_messages.Message): r"""A GenerateAccessTokenResponse object. Fields: accessToken: The OAuth 2.0 access token. expireTime: Token expiration time. The expiration time is always set. """ accessToken = _messages.StringField(1) expireTime = _messages.StringField(2) class GenerateIdTokenRequest(_messages.Message): r"""A GenerateIdTokenRequest object. Fields: audience: The audience for the token, such as the API or account that this token grants access to. delegates: The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. includeEmail: Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims. """ audience = _messages.StringField(1) delegates = _messages.StringField(2, repeated=True) includeEmail = _messages.BooleanField(3) class GenerateIdTokenResponse(_messages.Message): r"""A GenerateIdTokenResponse object. Fields: token: The OpenId Connect ID token. """ token = _messages.StringField(1) class IamcredentialsProjectsServiceAccountsGenerateAccessTokenRequest(_messages.Message): r"""A IamcredentialsProjectsServiceAccountsGenerateAccessTokenRequest object. Fields: generateAccessTokenRequest: A GenerateAccessTokenRequest resource to be passed as the request body. name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. """ generateAccessTokenRequest = _messages.MessageField('GenerateAccessTokenRequest', 1) name = _messages.StringField(2, required=True) class IamcredentialsProjectsServiceAccountsGenerateIdTokenRequest(_messages.Message): r"""A IamcredentialsProjectsServiceAccountsGenerateIdTokenRequest object. Fields: generateIdTokenRequest: A GenerateIdTokenRequest resource to be passed as the request body. name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. """ generateIdTokenRequest = _messages.MessageField('GenerateIdTokenRequest', 1) name = _messages.StringField(2, required=True) class IamcredentialsProjectsServiceAccountsSignBlobRequest(_messages.Message): r"""A IamcredentialsProjectsServiceAccountsSignBlobRequest object. Fields: name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. signBlobRequest: A SignBlobRequest resource to be passed as the request body. """ name = _messages.StringField(1, required=True) signBlobRequest = _messages.MessageField('SignBlobRequest', 2) class IamcredentialsProjectsServiceAccountsSignJwtRequest(_messages.Message): r"""A IamcredentialsProjectsServiceAccountsSignJwtRequest object. Fields: name: The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. signJwtRequest: A SignJwtRequest resource to be passed as the request body. """ name = _messages.StringField(1, required=True) signJwtRequest = _messages.MessageField('SignJwtRequest', 2) class SignBlobRequest(_messages.Message): r"""A SignBlobRequest object. Fields: delegates: The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. payload: The bytes to sign. """ delegates = _messages.StringField(1, repeated=True) payload = _messages.BytesField(2) class SignBlobResponse(_messages.Message): r"""A SignBlobResponse object. Fields: keyId: The ID of the key used to sign the blob. signedBlob: The signed blob. """ keyId = _messages.StringField(1) signedBlob = _messages.BytesField(2) class SignJwtRequest(_messages.Message): r"""A SignJwtRequest object. Fields: delegates: The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid. payload: The JWT payload to sign: a JSON object that contains a JWT Claims Set. """ delegates = _messages.StringField(1, repeated=True) payload = _messages.StringField(2) class SignJwtResponse(_messages.Message): r"""A SignJwtResponse object. Fields: keyId: The ID of the key used to sign the JWT. signedJwt: The signed JWT. """ keyId = _messages.StringField(1) signedJwt = _messages.StringField(2) class StandardQueryParameters(_messages.Message): r"""Query parameters accepted by all methods. Enums: FXgafvValueValuesEnum: V1 error format. AltValueValuesEnum: Data format for response. Fields: f__xgafv: V1 error format. access_token: OAuth access token. alt: Data format for response. callback: JSONP fields: Selector specifying which fields to include in a partial response. key: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. oauth_token: OAuth 2.0 token for the current user. prettyPrint: Returns response with indentations and line breaks. quotaUser: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. trace: A tracing token of the form "token:" to include in api requests. uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). """ class AltValueValuesEnum(_messages.Enum): r"""Data format for response. Values: json: Responses with Content-Type of application/json media: Media download with context-dependent Content-Type proto: Responses with Content-Type of application/x-protobuf """ json = 0 media = 1 proto = 2 class FXgafvValueValuesEnum(_messages.Enum): r"""V1 error format. Values: _1: v1 error format _2: v2 error format """ _1 = 0 _2 = 1 f__xgafv = _messages.EnumField('FXgafvValueValuesEnum', 1) access_token = _messages.StringField(2) alt = _messages.EnumField('AltValueValuesEnum', 3, default=u'json') callback = _messages.StringField(4) fields = _messages.StringField(5) key = _messages.StringField(6) oauth_token = _messages.StringField(7) prettyPrint = _messages.BooleanField(8, default=True) quotaUser = _messages.StringField(9) trace = _messages.StringField(10) uploadType = _messages.StringField(11) upload_protocol = _messages.StringField(12) encoding.AddCustomJsonFieldMapping( StandardQueryParameters, 'f__xgafv', '$.xgafv') encoding.AddCustomJsonEnumMapping( StandardQueryParameters.FXgafvValueValuesEnum, '_1', '1') encoding.AddCustomJsonEnumMapping( StandardQueryParameters.FXgafvValueValuesEnum, '_2', '2')