| // Copyright 2024 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // Code generated by protoc-gen-go_gapic. DO NOT EDIT. |
| |
| package credentials |
| |
| import ( |
| "bytes" |
| "context" |
| "fmt" |
| "io" |
| "math" |
| "net/http" |
| "net/url" |
| "time" |
| |
| credentialspb "cloud.google.com/go/iam/credentials/apiv1/credentialspb" |
| gax "github.com/googleapis/gax-go/v2" |
| "google.golang.org/api/googleapi" |
| "google.golang.org/api/option" |
| "google.golang.org/api/option/internaloption" |
| gtransport "google.golang.org/api/transport/grpc" |
| httptransport "google.golang.org/api/transport/http" |
| "google.golang.org/grpc" |
| "google.golang.org/grpc/codes" |
| "google.golang.org/protobuf/encoding/protojson" |
| ) |
| |
| var newIamCredentialsClientHook clientHook |
| |
| // IamCredentialsCallOptions contains the retry settings for each method of IamCredentialsClient. |
| type IamCredentialsCallOptions struct { |
| GenerateAccessToken []gax.CallOption |
| GenerateIdToken []gax.CallOption |
| SignBlob []gax.CallOption |
| SignJwt []gax.CallOption |
| } |
| |
| func defaultIamCredentialsGRPCClientOptions() []option.ClientOption { |
| return []option.ClientOption{ |
| internaloption.WithDefaultEndpoint("iamcredentials.googleapis.com:443"), |
| internaloption.WithDefaultEndpointTemplate("iamcredentials.UNIVERSE_DOMAIN:443"), |
| internaloption.WithDefaultMTLSEndpoint("iamcredentials.mtls.googleapis.com:443"), |
| internaloption.WithDefaultUniverseDomain("googleapis.com"), |
| internaloption.WithDefaultAudience("https://iamcredentials.googleapis.com/"), |
| internaloption.WithDefaultScopes(DefaultAuthScopes()...), |
| internaloption.EnableJwtWithScope(), |
| option.WithGRPCDialOption(grpc.WithDefaultCallOptions( |
| grpc.MaxCallRecvMsgSize(math.MaxInt32))), |
| } |
| } |
| |
| func defaultIamCredentialsCallOptions() *IamCredentialsCallOptions { |
| return &IamCredentialsCallOptions{ |
| GenerateAccessToken: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnCodes([]codes.Code{ |
| codes.Unavailable, |
| codes.DeadlineExceeded, |
| }, gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }) |
| }), |
| }, |
| GenerateIdToken: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnCodes([]codes.Code{ |
| codes.Unavailable, |
| codes.DeadlineExceeded, |
| }, gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }) |
| }), |
| }, |
| SignBlob: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnCodes([]codes.Code{ |
| codes.Unavailable, |
| codes.DeadlineExceeded, |
| }, gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }) |
| }), |
| }, |
| SignJwt: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnCodes([]codes.Code{ |
| codes.Unavailable, |
| codes.DeadlineExceeded, |
| }, gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }) |
| }), |
| }, |
| } |
| } |
| |
| func defaultIamCredentialsRESTCallOptions() *IamCredentialsCallOptions { |
| return &IamCredentialsCallOptions{ |
| GenerateAccessToken: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnHTTPCodes(gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }, |
| http.StatusServiceUnavailable, |
| http.StatusGatewayTimeout) |
| }), |
| }, |
| GenerateIdToken: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnHTTPCodes(gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }, |
| http.StatusServiceUnavailable, |
| http.StatusGatewayTimeout) |
| }), |
| }, |
| SignBlob: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnHTTPCodes(gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }, |
| http.StatusServiceUnavailable, |
| http.StatusGatewayTimeout) |
| }), |
| }, |
| SignJwt: []gax.CallOption{ |
| gax.WithTimeout(60000 * time.Millisecond), |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnHTTPCodes(gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.30, |
| }, |
| http.StatusServiceUnavailable, |
| http.StatusGatewayTimeout) |
| }), |
| }, |
| } |
| } |
| |
| // internalIamCredentialsClient is an interface that defines the methods available from IAM Service Account Credentials API. |
| type internalIamCredentialsClient interface { |
| Close() error |
| setGoogleClientInfo(...string) |
| Connection() *grpc.ClientConn |
| GenerateAccessToken(context.Context, *credentialspb.GenerateAccessTokenRequest, ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) |
| GenerateIdToken(context.Context, *credentialspb.GenerateIdTokenRequest, ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) |
| SignBlob(context.Context, *credentialspb.SignBlobRequest, ...gax.CallOption) (*credentialspb.SignBlobResponse, error) |
| SignJwt(context.Context, *credentialspb.SignJwtRequest, ...gax.CallOption) (*credentialspb.SignJwtResponse, error) |
| } |
| |
| // IamCredentialsClient is a client for interacting with IAM Service Account Credentials API. |
| // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. |
| // |
| // A service account is a special type of Google account that belongs to your |
| // application or a virtual machine (VM), instead of to an individual end user. |
| // Your application assumes the identity of the service account to call Google |
| // APIs, so that the users aren’t directly involved. |
| // |
| // Service account credentials are used to temporarily assume the identity |
| // of the service account. Supported credential types include OAuth 2.0 access |
| // tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and |
| // more. |
| type IamCredentialsClient struct { |
| // The internal transport-dependent client. |
| internalClient internalIamCredentialsClient |
| |
| // The call options for this service. |
| CallOptions *IamCredentialsCallOptions |
| } |
| |
| // Wrapper methods routed to the internal client. |
| |
| // Close closes the connection to the API service. The user should invoke this when |
| // the client is no longer required. |
| func (c *IamCredentialsClient) Close() error { |
| return c.internalClient.Close() |
| } |
| |
| // setGoogleClientInfo sets the name and version of the application in |
| // the `x-goog-api-client` header passed on each request. Intended for |
| // use by Google-written clients. |
| func (c *IamCredentialsClient) setGoogleClientInfo(keyval ...string) { |
| c.internalClient.setGoogleClientInfo(keyval...) |
| } |
| |
| // Connection returns a connection to the API service. |
| // |
| // Deprecated: Connections are now pooled so this method does not always |
| // return the same resource. |
| func (c *IamCredentialsClient) Connection() *grpc.ClientConn { |
| return c.internalClient.Connection() |
| } |
| |
| // GenerateAccessToken generates an OAuth 2.0 access token for a service account. |
| func (c *IamCredentialsClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) { |
| return c.internalClient.GenerateAccessToken(ctx, req, opts...) |
| } |
| |
| // GenerateIdToken generates an OpenID Connect ID token for a service account. |
| func (c *IamCredentialsClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) { |
| return c.internalClient.GenerateIdToken(ctx, req, opts...) |
| } |
| |
| // SignBlob signs a blob using a service account’s system-managed private key. |
| func (c *IamCredentialsClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) { |
| return c.internalClient.SignBlob(ctx, req, opts...) |
| } |
| |
| // SignJwt signs a JWT using a service account’s system-managed private key. |
| func (c *IamCredentialsClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) { |
| return c.internalClient.SignJwt(ctx, req, opts...) |
| } |
| |
| // iamCredentialsGRPCClient is a client for interacting with IAM Service Account Credentials API over gRPC transport. |
| // |
| // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. |
| type iamCredentialsGRPCClient struct { |
| // Connection pool of gRPC connections to the service. |
| connPool gtransport.ConnPool |
| |
| // Points back to the CallOptions field of the containing IamCredentialsClient |
| CallOptions **IamCredentialsCallOptions |
| |
| // The gRPC API client. |
| iamCredentialsClient credentialspb.IAMCredentialsClient |
| |
| // The x-goog-* metadata to be sent with each request. |
| xGoogHeaders []string |
| } |
| |
| // NewIamCredentialsClient creates a new iam credentials client based on gRPC. |
| // The returned client must be Closed when it is done being used to clean up its underlying connections. |
| // |
| // A service account is a special type of Google account that belongs to your |
| // application or a virtual machine (VM), instead of to an individual end user. |
| // Your application assumes the identity of the service account to call Google |
| // APIs, so that the users aren’t directly involved. |
| // |
| // Service account credentials are used to temporarily assume the identity |
| // of the service account. Supported credential types include OAuth 2.0 access |
| // tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and |
| // more. |
| func NewIamCredentialsClient(ctx context.Context, opts ...option.ClientOption) (*IamCredentialsClient, error) { |
| clientOpts := defaultIamCredentialsGRPCClientOptions() |
| if newIamCredentialsClientHook != nil { |
| hookOpts, err := newIamCredentialsClientHook(ctx, clientHookParams{}) |
| if err != nil { |
| return nil, err |
| } |
| clientOpts = append(clientOpts, hookOpts...) |
| } |
| |
| connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...) |
| if err != nil { |
| return nil, err |
| } |
| client := IamCredentialsClient{CallOptions: defaultIamCredentialsCallOptions()} |
| |
| c := &iamCredentialsGRPCClient{ |
| connPool: connPool, |
| iamCredentialsClient: credentialspb.NewIAMCredentialsClient(connPool), |
| CallOptions: &client.CallOptions, |
| } |
| c.setGoogleClientInfo() |
| |
| client.internalClient = c |
| |
| return &client, nil |
| } |
| |
| // Connection returns a connection to the API service. |
| // |
| // Deprecated: Connections are now pooled so this method does not always |
| // return the same resource. |
| func (c *iamCredentialsGRPCClient) Connection() *grpc.ClientConn { |
| return c.connPool.Conn() |
| } |
| |
| // setGoogleClientInfo sets the name and version of the application in |
| // the `x-goog-api-client` header passed on each request. Intended for |
| // use by Google-written clients. |
| func (c *iamCredentialsGRPCClient) setGoogleClientInfo(keyval ...string) { |
| kv := append([]string{"gl-go", gax.GoVersion}, keyval...) |
| kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version) |
| c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)} |
| } |
| |
| // Close closes the connection to the API service. The user should invoke this when |
| // the client is no longer required. |
| func (c *iamCredentialsGRPCClient) Close() error { |
| return c.connPool.Close() |
| } |
| |
| // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. |
| type iamCredentialsRESTClient struct { |
| // The http endpoint to connect to. |
| endpoint string |
| |
| // The http client. |
| httpClient *http.Client |
| |
| // The x-goog-* headers to be sent with each request. |
| xGoogHeaders []string |
| |
| // Points back to the CallOptions field of the containing IamCredentialsClient |
| CallOptions **IamCredentialsCallOptions |
| } |
| |
| // NewIamCredentialsRESTClient creates a new iam credentials rest client. |
| // |
| // A service account is a special type of Google account that belongs to your |
| // application or a virtual machine (VM), instead of to an individual end user. |
| // Your application assumes the identity of the service account to call Google |
| // APIs, so that the users aren’t directly involved. |
| // |
| // Service account credentials are used to temporarily assume the identity |
| // of the service account. Supported credential types include OAuth 2.0 access |
| // tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and |
| // more. |
| func NewIamCredentialsRESTClient(ctx context.Context, opts ...option.ClientOption) (*IamCredentialsClient, error) { |
| clientOpts := append(defaultIamCredentialsRESTClientOptions(), opts...) |
| httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...) |
| if err != nil { |
| return nil, err |
| } |
| |
| callOpts := defaultIamCredentialsRESTCallOptions() |
| c := &iamCredentialsRESTClient{ |
| endpoint: endpoint, |
| httpClient: httpClient, |
| CallOptions: &callOpts, |
| } |
| c.setGoogleClientInfo() |
| |
| return &IamCredentialsClient{internalClient: c, CallOptions: callOpts}, nil |
| } |
| |
| func defaultIamCredentialsRESTClientOptions() []option.ClientOption { |
| return []option.ClientOption{ |
| internaloption.WithDefaultEndpoint("https://iamcredentials.googleapis.com"), |
| internaloption.WithDefaultEndpointTemplate("https://iamcredentials.UNIVERSE_DOMAIN"), |
| internaloption.WithDefaultMTLSEndpoint("https://iamcredentials.mtls.googleapis.com"), |
| internaloption.WithDefaultUniverseDomain("googleapis.com"), |
| internaloption.WithDefaultAudience("https://iamcredentials.googleapis.com/"), |
| internaloption.WithDefaultScopes(DefaultAuthScopes()...), |
| } |
| } |
| |
| // setGoogleClientInfo sets the name and version of the application in |
| // the `x-goog-api-client` header passed on each request. Intended for |
| // use by Google-written clients. |
| func (c *iamCredentialsRESTClient) setGoogleClientInfo(keyval ...string) { |
| kv := append([]string{"gl-go", gax.GoVersion}, keyval...) |
| kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN") |
| c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)} |
| } |
| |
| // Close closes the connection to the API service. The user should invoke this when |
| // the client is no longer required. |
| func (c *iamCredentialsRESTClient) Close() error { |
| // Replace httpClient with nil to force cleanup. |
| c.httpClient = nil |
| return nil |
| } |
| |
| // Connection returns a connection to the API service. |
| // |
| // Deprecated: This method always returns nil. |
| func (c *iamCredentialsRESTClient) Connection() *grpc.ClientConn { |
| return nil |
| } |
| func (c *iamCredentialsGRPCClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) { |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) |
| opts = append((*c.CallOptions).GenerateAccessToken[0:len((*c.CallOptions).GenerateAccessToken):len((*c.CallOptions).GenerateAccessToken)], opts...) |
| var resp *credentialspb.GenerateAccessTokenResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamCredentialsClient.GenerateAccessToken(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| func (c *iamCredentialsGRPCClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) { |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) |
| opts = append((*c.CallOptions).GenerateIdToken[0:len((*c.CallOptions).GenerateIdToken):len((*c.CallOptions).GenerateIdToken)], opts...) |
| var resp *credentialspb.GenerateIdTokenResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamCredentialsClient.GenerateIdToken(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| func (c *iamCredentialsGRPCClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) { |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) |
| opts = append((*c.CallOptions).SignBlob[0:len((*c.CallOptions).SignBlob):len((*c.CallOptions).SignBlob)], opts...) |
| var resp *credentialspb.SignBlobResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamCredentialsClient.SignBlob(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| func (c *iamCredentialsGRPCClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) { |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) |
| opts = append((*c.CallOptions).SignJwt[0:len((*c.CallOptions).SignJwt):len((*c.CallOptions).SignJwt)], opts...) |
| var resp *credentialspb.SignJwtResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamCredentialsClient.SignJwt(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // GenerateAccessToken generates an OAuth 2.0 access token for a service account. |
| func (c *iamCredentialsRESTClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) { |
| m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} |
| jsonReq, err := m.Marshal(req) |
| if err != nil { |
| return nil, err |
| } |
| |
| baseUrl, err := url.Parse(c.endpoint) |
| if err != nil { |
| return nil, err |
| } |
| baseUrl.Path += fmt.Sprintf("/v1/%v:generateAccessToken", req.GetName()) |
| |
| params := url.Values{} |
| params.Add("$alt", "json;enum-encoding=int") |
| |
| baseUrl.RawQuery = params.Encode() |
| |
| // Build HTTP headers from client and context metadata. |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| hds = append(hds, "Content-Type", "application/json") |
| headers := gax.BuildHeaders(ctx, hds...) |
| opts = append((*c.CallOptions).GenerateAccessToken[0:len((*c.CallOptions).GenerateAccessToken):len((*c.CallOptions).GenerateAccessToken)], opts...) |
| unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} |
| resp := &credentialspb.GenerateAccessTokenResponse{} |
| e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| if settings.Path != "" { |
| baseUrl.Path = settings.Path |
| } |
| httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) |
| if err != nil { |
| return err |
| } |
| httpReq = httpReq.WithContext(ctx) |
| httpReq.Header = headers |
| |
| httpRsp, err := c.httpClient.Do(httpReq) |
| if err != nil { |
| return err |
| } |
| defer httpRsp.Body.Close() |
| |
| if err = googleapi.CheckResponse(httpRsp); err != nil { |
| return err |
| } |
| |
| buf, err := io.ReadAll(httpRsp.Body) |
| if err != nil { |
| return err |
| } |
| |
| if err := unm.Unmarshal(buf, resp); err != nil { |
| return err |
| } |
| |
| return nil |
| }, opts...) |
| if e != nil { |
| return nil, e |
| } |
| return resp, nil |
| } |
| |
| // GenerateIdToken generates an OpenID Connect ID token for a service account. |
| func (c *iamCredentialsRESTClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) { |
| m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} |
| jsonReq, err := m.Marshal(req) |
| if err != nil { |
| return nil, err |
| } |
| |
| baseUrl, err := url.Parse(c.endpoint) |
| if err != nil { |
| return nil, err |
| } |
| baseUrl.Path += fmt.Sprintf("/v1/%v:generateIdToken", req.GetName()) |
| |
| params := url.Values{} |
| params.Add("$alt", "json;enum-encoding=int") |
| |
| baseUrl.RawQuery = params.Encode() |
| |
| // Build HTTP headers from client and context metadata. |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| hds = append(hds, "Content-Type", "application/json") |
| headers := gax.BuildHeaders(ctx, hds...) |
| opts = append((*c.CallOptions).GenerateIdToken[0:len((*c.CallOptions).GenerateIdToken):len((*c.CallOptions).GenerateIdToken)], opts...) |
| unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} |
| resp := &credentialspb.GenerateIdTokenResponse{} |
| e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| if settings.Path != "" { |
| baseUrl.Path = settings.Path |
| } |
| httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) |
| if err != nil { |
| return err |
| } |
| httpReq = httpReq.WithContext(ctx) |
| httpReq.Header = headers |
| |
| httpRsp, err := c.httpClient.Do(httpReq) |
| if err != nil { |
| return err |
| } |
| defer httpRsp.Body.Close() |
| |
| if err = googleapi.CheckResponse(httpRsp); err != nil { |
| return err |
| } |
| |
| buf, err := io.ReadAll(httpRsp.Body) |
| if err != nil { |
| return err |
| } |
| |
| if err := unm.Unmarshal(buf, resp); err != nil { |
| return err |
| } |
| |
| return nil |
| }, opts...) |
| if e != nil { |
| return nil, e |
| } |
| return resp, nil |
| } |
| |
| // SignBlob signs a blob using a service account’s system-managed private key. |
| func (c *iamCredentialsRESTClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) { |
| m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} |
| jsonReq, err := m.Marshal(req) |
| if err != nil { |
| return nil, err |
| } |
| |
| baseUrl, err := url.Parse(c.endpoint) |
| if err != nil { |
| return nil, err |
| } |
| baseUrl.Path += fmt.Sprintf("/v1/%v:signBlob", req.GetName()) |
| |
| params := url.Values{} |
| params.Add("$alt", "json;enum-encoding=int") |
| |
| baseUrl.RawQuery = params.Encode() |
| |
| // Build HTTP headers from client and context metadata. |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| hds = append(hds, "Content-Type", "application/json") |
| headers := gax.BuildHeaders(ctx, hds...) |
| opts = append((*c.CallOptions).SignBlob[0:len((*c.CallOptions).SignBlob):len((*c.CallOptions).SignBlob)], opts...) |
| unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} |
| resp := &credentialspb.SignBlobResponse{} |
| e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| if settings.Path != "" { |
| baseUrl.Path = settings.Path |
| } |
| httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) |
| if err != nil { |
| return err |
| } |
| httpReq = httpReq.WithContext(ctx) |
| httpReq.Header = headers |
| |
| httpRsp, err := c.httpClient.Do(httpReq) |
| if err != nil { |
| return err |
| } |
| defer httpRsp.Body.Close() |
| |
| if err = googleapi.CheckResponse(httpRsp); err != nil { |
| return err |
| } |
| |
| buf, err := io.ReadAll(httpRsp.Body) |
| if err != nil { |
| return err |
| } |
| |
| if err := unm.Unmarshal(buf, resp); err != nil { |
| return err |
| } |
| |
| return nil |
| }, opts...) |
| if e != nil { |
| return nil, e |
| } |
| return resp, nil |
| } |
| |
| // SignJwt signs a JWT using a service account’s system-managed private key. |
| func (c *iamCredentialsRESTClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) { |
| m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} |
| jsonReq, err := m.Marshal(req) |
| if err != nil { |
| return nil, err |
| } |
| |
| baseUrl, err := url.Parse(c.endpoint) |
| if err != nil { |
| return nil, err |
| } |
| baseUrl.Path += fmt.Sprintf("/v1/%v:signJwt", req.GetName()) |
| |
| params := url.Values{} |
| params.Add("$alt", "json;enum-encoding=int") |
| |
| baseUrl.RawQuery = params.Encode() |
| |
| // Build HTTP headers from client and context metadata. |
| hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))} |
| |
| hds = append(c.xGoogHeaders, hds...) |
| hds = append(hds, "Content-Type", "application/json") |
| headers := gax.BuildHeaders(ctx, hds...) |
| opts = append((*c.CallOptions).SignJwt[0:len((*c.CallOptions).SignJwt):len((*c.CallOptions).SignJwt)], opts...) |
| unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} |
| resp := &credentialspb.SignJwtResponse{} |
| e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| if settings.Path != "" { |
| baseUrl.Path = settings.Path |
| } |
| httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) |
| if err != nil { |
| return err |
| } |
| httpReq = httpReq.WithContext(ctx) |
| httpReq.Header = headers |
| |
| httpRsp, err := c.httpClient.Do(httpReq) |
| if err != nil { |
| return err |
| } |
| defer httpRsp.Body.Close() |
| |
| if err = googleapi.CheckResponse(httpRsp); err != nil { |
| return err |
| } |
| |
| buf, err := io.ReadAll(httpRsp.Body) |
| if err != nil { |
| return err |
| } |
| |
| if err := unm.Unmarshal(buf, resp); err != nil { |
| return err |
| } |
| |
| return nil |
| }, opts...) |
| if e != nil { |
| return nil, e |
| } |
| return resp, nil |
| } |