| { |
| "auth": { |
| "oauth2": { |
| "scopes": { |
| "https://www.googleapis.com/auth/cloud-platform": { |
| "description": "View and manage your data across Google Cloud Platform services" |
| } |
| } |
| } |
| }, |
| "basePath": "", |
| "baseUrl": "https://iamcredentials.googleapis.com/", |
| "batchPath": "batch", |
| "canonicalName": "IAM Credentials", |
| "description": "Creates short-lived, limited-privilege credentials for IAM service accounts.", |
| "discoveryVersion": "v1", |
| "documentationLink": "https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials", |
| "fullyEncodeReservedExpansion": true, |
| "icons": { |
| "x16": "http://www.google.com/images/icons/product/search-16.gif", |
| "x32": "http://www.google.com/images/icons/product/search-32.gif" |
| }, |
| "id": "iamcredentials:v1", |
| "kind": "discovery#restDescription", |
| "name": "iamcredentials", |
| "ownerDomain": "google.com", |
| "ownerName": "Google", |
| "parameters": { |
| "$.xgafv": { |
| "description": "V1 error format.", |
| "enum": [ |
| "1", |
| "2" |
| ], |
| "enumDescriptions": [ |
| "v1 error format", |
| "v2 error format" |
| ], |
| "location": "query", |
| "type": "string" |
| }, |
| "access_token": { |
| "description": "OAuth access token.", |
| "location": "query", |
| "type": "string" |
| }, |
| "alt": { |
| "default": "json", |
| "description": "Data format for response.", |
| "enum": [ |
| "json", |
| "media", |
| "proto" |
| ], |
| "enumDescriptions": [ |
| "Responses with Content-Type of application/json", |
| "Media download with context-dependent Content-Type", |
| "Responses with Content-Type of application/x-protobuf" |
| ], |
| "location": "query", |
| "type": "string" |
| }, |
| "callback": { |
| "description": "JSONP", |
| "location": "query", |
| "type": "string" |
| }, |
| "fields": { |
| "description": "Selector specifying which fields to include in a partial response.", |
| "location": "query", |
| "type": "string" |
| }, |
| "key": { |
| "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", |
| "location": "query", |
| "type": "string" |
| }, |
| "oauth_token": { |
| "description": "OAuth 2.0 token for the current user.", |
| "location": "query", |
| "type": "string" |
| }, |
| "prettyPrint": { |
| "default": "true", |
| "description": "Returns response with indentations and line breaks.", |
| "location": "query", |
| "type": "boolean" |
| }, |
| "quotaUser": { |
| "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", |
| "location": "query", |
| "type": "string" |
| }, |
| "uploadType": { |
| "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", |
| "location": "query", |
| "type": "string" |
| }, |
| "upload_protocol": { |
| "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", |
| "location": "query", |
| "type": "string" |
| } |
| }, |
| "protocol": "rest", |
| "resources": { |
| "projects": { |
| "resources": { |
| "serviceAccounts": { |
| "methods": { |
| "generateAccessToken": { |
| "description": "Generates an OAuth 2.0 access token for a service account.", |
| "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:generateAccessToken", |
| "httpMethod": "POST", |
| "id": "iamcredentials.projects.serviceAccounts.generateAccessToken", |
| "parameterOrder": [ |
| "name" |
| ], |
| "parameters": { |
| "name": { |
| "description": "Required. The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "location": "path", |
| "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", |
| "required": true, |
| "type": "string" |
| } |
| }, |
| "path": "v1/{+name}:generateAccessToken", |
| "request": { |
| "$ref": "GenerateAccessTokenRequest" |
| }, |
| "response": { |
| "$ref": "GenerateAccessTokenResponse" |
| }, |
| "scopes": [ |
| "https://www.googleapis.com/auth/cloud-platform" |
| ] |
| }, |
| "generateIdToken": { |
| "description": "Generates an OpenID Connect ID token for a service account.", |
| "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:generateIdToken", |
| "httpMethod": "POST", |
| "id": "iamcredentials.projects.serviceAccounts.generateIdToken", |
| "parameterOrder": [ |
| "name" |
| ], |
| "parameters": { |
| "name": { |
| "description": "Required. The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "location": "path", |
| "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", |
| "required": true, |
| "type": "string" |
| } |
| }, |
| "path": "v1/{+name}:generateIdToken", |
| "request": { |
| "$ref": "GenerateIdTokenRequest" |
| }, |
| "response": { |
| "$ref": "GenerateIdTokenResponse" |
| }, |
| "scopes": [ |
| "https://www.googleapis.com/auth/cloud-platform" |
| ] |
| }, |
| "signBlob": { |
| "description": "Signs a blob using a service account's system-managed private key.", |
| "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob", |
| "httpMethod": "POST", |
| "id": "iamcredentials.projects.serviceAccounts.signBlob", |
| "parameterOrder": [ |
| "name" |
| ], |
| "parameters": { |
| "name": { |
| "description": "Required. The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "location": "path", |
| "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", |
| "required": true, |
| "type": "string" |
| } |
| }, |
| "path": "v1/{+name}:signBlob", |
| "request": { |
| "$ref": "SignBlobRequest" |
| }, |
| "response": { |
| "$ref": "SignBlobResponse" |
| }, |
| "scopes": [ |
| "https://www.googleapis.com/auth/cloud-platform" |
| ] |
| }, |
| "signJwt": { |
| "description": "Signs a JWT using a service account's system-managed private key.", |
| "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt", |
| "httpMethod": "POST", |
| "id": "iamcredentials.projects.serviceAccounts.signJwt", |
| "parameterOrder": [ |
| "name" |
| ], |
| "parameters": { |
| "name": { |
| "description": "Required. The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "location": "path", |
| "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", |
| "required": true, |
| "type": "string" |
| } |
| }, |
| "path": "v1/{+name}:signJwt", |
| "request": { |
| "$ref": "SignJwtRequest" |
| }, |
| "response": { |
| "$ref": "SignJwtResponse" |
| }, |
| "scopes": [ |
| "https://www.googleapis.com/auth/cloud-platform" |
| ] |
| } |
| } |
| } |
| } |
| } |
| }, |
| "revision": "20191206", |
| "rootUrl": "https://iamcredentials.googleapis.com/", |
| "schemas": { |
| "GenerateAccessTokenRequest": { |
| "id": "GenerateAccessTokenRequest", |
| "properties": { |
| "delegates": { |
| "description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "items": { |
| "type": "string" |
| }, |
| "type": "array" |
| }, |
| "lifetime": { |
| "description": "The desired lifetime duration of the access token in seconds.\nMust be set to a value less than or equal to 3600 (1 hour). If a value is\nnot specified, the token's lifetime will be set to a default value of one\nhour.", |
| "format": "google-duration", |
| "type": "string" |
| }, |
| "scope": { |
| "description": "Required. Code to identify the scopes to be included in the OAuth 2.0 access token.\nSee https://developers.google.com/identity/protocols/googlescopes for more\ninformation.\nAt least one value required.", |
| "items": { |
| "type": "string" |
| }, |
| "type": "array" |
| } |
| }, |
| "type": "object" |
| }, |
| "GenerateAccessTokenResponse": { |
| "id": "GenerateAccessTokenResponse", |
| "properties": { |
| "accessToken": { |
| "description": "The OAuth 2.0 access token.", |
| "type": "string" |
| }, |
| "expireTime": { |
| "description": "Token expiration time.\nThe expiration time is always set.", |
| "format": "google-datetime", |
| "type": "string" |
| } |
| }, |
| "type": "object" |
| }, |
| "GenerateIdTokenRequest": { |
| "id": "GenerateIdTokenRequest", |
| "properties": { |
| "audience": { |
| "description": "Required. The audience for the token, such as the API or account that this token\ngrants access to.", |
| "type": "string" |
| }, |
| "delegates": { |
| "description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "items": { |
| "type": "string" |
| }, |
| "type": "array" |
| }, |
| "includeEmail": { |
| "description": "Include the service account email in the token. If set to `true`, the\ntoken will contain `email` and `email_verified` claims.", |
| "type": "boolean" |
| } |
| }, |
| "type": "object" |
| }, |
| "GenerateIdTokenResponse": { |
| "id": "GenerateIdTokenResponse", |
| "properties": { |
| "token": { |
| "description": "The OpenId Connect ID token.", |
| "type": "string" |
| } |
| }, |
| "type": "object" |
| }, |
| "SignBlobRequest": { |
| "id": "SignBlobRequest", |
| "properties": { |
| "delegates": { |
| "description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "items": { |
| "type": "string" |
| }, |
| "type": "array" |
| }, |
| "payload": { |
| "description": "Required. The bytes to sign.", |
| "format": "byte", |
| "type": "string" |
| } |
| }, |
| "type": "object" |
| }, |
| "SignBlobResponse": { |
| "id": "SignBlobResponse", |
| "properties": { |
| "keyId": { |
| "description": "The ID of the key used to sign the blob.", |
| "type": "string" |
| }, |
| "signedBlob": { |
| "description": "The signed blob.", |
| "format": "byte", |
| "type": "string" |
| } |
| }, |
| "type": "object" |
| }, |
| "SignJwtRequest": { |
| "id": "SignJwtRequest", |
| "properties": { |
| "delegates": { |
| "description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.", |
| "items": { |
| "type": "string" |
| }, |
| "type": "array" |
| }, |
| "payload": { |
| "description": "Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.", |
| "type": "string" |
| } |
| }, |
| "type": "object" |
| }, |
| "SignJwtResponse": { |
| "id": "SignJwtResponse", |
| "properties": { |
| "keyId": { |
| "description": "The ID of the key used to sign the JWT.", |
| "type": "string" |
| }, |
| "signedJwt": { |
| "description": "The signed JWT.", |
| "type": "string" |
| } |
| }, |
| "type": "object" |
| } |
| }, |
| "servicePath": "", |
| "title": "IAM Service Account Credentials API", |
| "version": "v1", |
| "version_module": true |
| } |