Google Git
Sign in
fuchsia / third_party / github.com / googleapis / google-cloud-go / refs/heads/main / . / iam / credentials / apiv1 / iam_credentials_client.go
blob: db7b032dc2de0628e9a5eb3dd056ade6da91b434 [file] [log] [blame]
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
package credentials
import (
"bytes"
"context"
"fmt"
"io"
"math"
"net/http"
"net/url"
"time"
credentialspb "cloud.google.com/go/iam/credentials/apiv1/credentialspb"
gax "github.com/googleapis/gax-go/v2"
"google.golang.org/api/googleapi"
"google.golang.org/api/option"
"google.golang.org/api/option/internaloption"
gtransport "google.golang.org/api/transport/grpc"
httptransport "google.golang.org/api/transport/http"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/protobuf/encoding/protojson"
)
var newIamCredentialsClientHook clientHook
// IamCredentialsCallOptions contains the retry settings for each method of IamCredentialsClient.
type IamCredentialsCallOptions struct {
GenerateAccessToken []gax.CallOption
GenerateIdToken []gax.CallOption
SignBlob []gax.CallOption
SignJwt []gax.CallOption
}
func defaultIamCredentialsGRPCClientOptions() []option.ClientOption {
return []option.ClientOption{
internaloption.WithDefaultEndpoint("iamcredentials.googleapis.com:443"),
internaloption.WithDefaultEndpointTemplate("iamcredentials.UNIVERSE_DOMAIN:443"),
internaloption.WithDefaultMTLSEndpoint("iamcredentials.mtls.googleapis.com:443"),
internaloption.WithDefaultUniverseDomain("googleapis.com"),
internaloption.WithDefaultAudience("https://iamcredentials.googleapis.com/"),
internaloption.WithDefaultScopes(DefaultAuthScopes()...),
internaloption.EnableJwtWithScope(),
option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
grpc.MaxCallRecvMsgSize(math.MaxInt32))),
}
}
func defaultIamCredentialsCallOptions() *IamCredentialsCallOptions {
return &IamCredentialsCallOptions{
GenerateAccessToken: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnCodes([]codes.Code{
codes.Unavailable,
codes.DeadlineExceeded,
}, gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
})
}),
},
GenerateIdToken: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnCodes([]codes.Code{
codes.Unavailable,
codes.DeadlineExceeded,
}, gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
})
}),
},
SignBlob: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnCodes([]codes.Code{
codes.Unavailable,
codes.DeadlineExceeded,
}, gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
})
}),
},
SignJwt: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnCodes([]codes.Code{
codes.Unavailable,
codes.DeadlineExceeded,
}, gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
})
}),
},
}
}
func defaultIamCredentialsRESTCallOptions() *IamCredentialsCallOptions {
return &IamCredentialsCallOptions{
GenerateAccessToken: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnHTTPCodes(gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
},
http.StatusServiceUnavailable,
http.StatusGatewayTimeout)
}),
},
GenerateIdToken: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnHTTPCodes(gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
},
http.StatusServiceUnavailable,
http.StatusGatewayTimeout)
}),
},
SignBlob: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnHTTPCodes(gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
},
http.StatusServiceUnavailable,
http.StatusGatewayTimeout)
}),
},
SignJwt: []gax.CallOption{
gax.WithTimeout(60000 * time.Millisecond),
gax.WithRetry(func() gax.Retryer {
return gax.OnHTTPCodes(gax.Backoff{
Initial: 100 * time.Millisecond,
Max: 60000 * time.Millisecond,
Multiplier: 1.30,
},
http.StatusServiceUnavailable,
http.StatusGatewayTimeout)
}),
},
}
}
// internalIamCredentialsClient is an interface that defines the methods available from IAM Service Account Credentials API.
type internalIamCredentialsClient interface {
Close() error
setGoogleClientInfo(...string)
Connection() *grpc.ClientConn
GenerateAccessToken(context.Context, *credentialspb.GenerateAccessTokenRequest, ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error)
GenerateIdToken(context.Context, *credentialspb.GenerateIdTokenRequest, ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error)
SignBlob(context.Context, *credentialspb.SignBlobRequest, ...gax.CallOption) (*credentialspb.SignBlobResponse, error)
SignJwt(context.Context, *credentialspb.SignJwtRequest, ...gax.CallOption) (*credentialspb.SignJwtResponse, error)
}
// IamCredentialsClient is a client for interacting with IAM Service Account Credentials API.
// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
//
// A service account is a special type of Google account that belongs to your
// application or a virtual machine (VM), instead of to an individual end user.
// Your application assumes the identity of the service account to call Google
// APIs, so that the users aren’t directly involved.
//
// Service account credentials are used to temporarily assume the identity
// of the service account. Supported credential types include OAuth 2.0 access
// tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
// more.
type IamCredentialsClient struct {
// The internal transport-dependent client.
internalClient internalIamCredentialsClient
// The call options for this service.
CallOptions *IamCredentialsCallOptions
}
// Wrapper methods routed to the internal client.
// Close closes the connection to the API service. The user should invoke this when
// the client is no longer required.
func (c *IamCredentialsClient) Close() error {
return c.internalClient.Close()
}
// setGoogleClientInfo sets the name and version of the application in
// the `x-goog-api-client` header passed on each request. Intended for
// use by Google-written clients.
func (c *IamCredentialsClient) setGoogleClientInfo(keyval ...string) {
c.internalClient.setGoogleClientInfo(keyval...)
}
// Connection returns a connection to the API service.
//
// Deprecated: Connections are now pooled so this method does not always
// return the same resource.
func (c *IamCredentialsClient) Connection() *grpc.ClientConn {
return c.internalClient.Connection()
}
// GenerateAccessToken generates an OAuth 2.0 access token for a service account.
func (c *IamCredentialsClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) {
return c.internalClient.GenerateAccessToken(ctx, req, opts...)
}
// GenerateIdToken generates an OpenID Connect ID token for a service account.
func (c *IamCredentialsClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) {
return c.internalClient.GenerateIdToken(ctx, req, opts...)
}
// SignBlob signs a blob using a service account’s system-managed private key.
func (c *IamCredentialsClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) {
return c.internalClient.SignBlob(ctx, req, opts...)
}
// SignJwt signs a JWT using a service account’s system-managed private key.
func (c *IamCredentialsClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) {
return c.internalClient.SignJwt(ctx, req, opts...)
}
// iamCredentialsGRPCClient is a client for interacting with IAM Service Account Credentials API over gRPC transport.
//
// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
type iamCredentialsGRPCClient struct {
// Connection pool of gRPC connections to the service.
connPool gtransport.ConnPool
// Points back to the CallOptions field of the containing IamCredentialsClient
CallOptions **IamCredentialsCallOptions
// The gRPC API client.
iamCredentialsClient credentialspb.IAMCredentialsClient
// The x-goog-* metadata to be sent with each request.
xGoogHeaders []string
}
// NewIamCredentialsClient creates a new iam credentials client based on gRPC.
// The returned client must be Closed when it is done being used to clean up its underlying connections.
//
// A service account is a special type of Google account that belongs to your
// application or a virtual machine (VM), instead of to an individual end user.
// Your application assumes the identity of the service account to call Google
// APIs, so that the users aren’t directly involved.
//
// Service account credentials are used to temporarily assume the identity
// of the service account. Supported credential types include OAuth 2.0 access
// tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
// more.
func NewIamCredentialsClient(ctx context.Context, opts ...option.ClientOption) (*IamCredentialsClient, error) {
clientOpts := defaultIamCredentialsGRPCClientOptions()
if newIamCredentialsClientHook != nil {
hookOpts, err := newIamCredentialsClientHook(ctx, clientHookParams{})
if err != nil {
return nil, err
}
clientOpts = append(clientOpts, hookOpts...)
}
connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
if err != nil {
return nil, err
}
client := IamCredentialsClient{CallOptions: defaultIamCredentialsCallOptions()}
c := &iamCredentialsGRPCClient{
connPool: connPool,
iamCredentialsClient: credentialspb.NewIAMCredentialsClient(connPool),
CallOptions: &client.CallOptions,
}
c.setGoogleClientInfo()
client.internalClient = c
return &client, nil
}
// Connection returns a connection to the API service.
//
// Deprecated: Connections are now pooled so this method does not always
// return the same resource.
func (c *iamCredentialsGRPCClient) Connection() *grpc.ClientConn {
return c.connPool.Conn()
}
// setGoogleClientInfo sets the name and version of the application in
// the `x-goog-api-client` header passed on each request. Intended for
// use by Google-written clients.
func (c *iamCredentialsGRPCClient) setGoogleClientInfo(keyval ...string) {
kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
c.xGoogHeaders = []string{
"x-goog-api-client", gax.XGoogHeader(kv...),
}
}
// Close closes the connection to the API service. The user should invoke this when
// the client is no longer required.
func (c *iamCredentialsGRPCClient) Close() error {
return c.connPool.Close()
}
// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
type iamCredentialsRESTClient struct {
// The http endpoint to connect to.
endpoint string
// The http client.
httpClient *http.Client
// The x-goog-* headers to be sent with each request.
xGoogHeaders []string
// Points back to the CallOptions field of the containing IamCredentialsClient
CallOptions **IamCredentialsCallOptions
}
// NewIamCredentialsRESTClient creates a new iam credentials rest client.
//
// A service account is a special type of Google account that belongs to your
// application or a virtual machine (VM), instead of to an individual end user.
// Your application assumes the identity of the service account to call Google
// APIs, so that the users aren’t directly involved.
//
// Service account credentials are used to temporarily assume the identity
// of the service account. Supported credential types include OAuth 2.0 access
// tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
// more.
func NewIamCredentialsRESTClient(ctx context.Context, opts ...option.ClientOption) (*IamCredentialsClient, error) {
clientOpts := append(defaultIamCredentialsRESTClientOptions(), opts...)
httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
if err != nil {
return nil, err
}
callOpts := defaultIamCredentialsRESTCallOptions()
c := &iamCredentialsRESTClient{
endpoint: endpoint,
httpClient: httpClient,
CallOptions: &callOpts,
}
c.setGoogleClientInfo()
return &IamCredentialsClient{internalClient: c, CallOptions: callOpts}, nil
}
func defaultIamCredentialsRESTClientOptions() []option.ClientOption {
return []option.ClientOption{
internaloption.WithDefaultEndpoint("https://iamcredentials.googleapis.com"),
internaloption.WithDefaultEndpointTemplate("https://iamcredentials.UNIVERSE_DOMAIN"),
internaloption.WithDefaultMTLSEndpoint("https://iamcredentials.mtls.googleapis.com"),
internaloption.WithDefaultUniverseDomain("googleapis.com"),
internaloption.WithDefaultAudience("https://iamcredentials.googleapis.com/"),
internaloption.WithDefaultScopes(DefaultAuthScopes()...),
}
}
// setGoogleClientInfo sets the name and version of the application in
// the `x-goog-api-client` header passed on each request. Intended for
// use by Google-written clients.
func (c *iamCredentialsRESTClient) setGoogleClientInfo(keyval ...string) {
kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
c.xGoogHeaders = []string{
"x-goog-api-client", gax.XGoogHeader(kv...),
}
}
// Close closes the connection to the API service. The user should invoke this when
// the client is no longer required.
func (c *iamCredentialsRESTClient) Close() error {
// Replace httpClient with nil to force cleanup.
c.httpClient = nil
return nil
}
// Connection returns a connection to the API service.
//
// Deprecated: This method always returns nil.
func (c *iamCredentialsRESTClient) Connection() *grpc.ClientConn {
return nil
}
func (c *iamCredentialsGRPCClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) {
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
opts = append((*c.CallOptions).GenerateAccessToken[0:len((*c.CallOptions).GenerateAccessToken):len((*c.CallOptions).GenerateAccessToken)], opts...)
var resp *credentialspb.GenerateAccessTokenResponse
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
var err error
resp, err = c.iamCredentialsClient.GenerateAccessToken(ctx, req, settings.GRPC...)
return err
}, opts...)
if err != nil {
return nil, err
}
return resp, nil
}
func (c *iamCredentialsGRPCClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) {
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
opts = append((*c.CallOptions).GenerateIdToken[0:len((*c.CallOptions).GenerateIdToken):len((*c.CallOptions).GenerateIdToken)], opts...)
var resp *credentialspb.GenerateIdTokenResponse
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
var err error
resp, err = c.iamCredentialsClient.GenerateIdToken(ctx, req, settings.GRPC...)
return err
}, opts...)
if err != nil {
return nil, err
}
return resp, nil
}
func (c *iamCredentialsGRPCClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) {
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
opts = append((*c.CallOptions).SignBlob[0:len((*c.CallOptions).SignBlob):len((*c.CallOptions).SignBlob)], opts...)
var resp *credentialspb.SignBlobResponse
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
var err error
resp, err = c.iamCredentialsClient.SignBlob(ctx, req, settings.GRPC...)
return err
}, opts...)
if err != nil {
return nil, err
}
return resp, nil
}
func (c *iamCredentialsGRPCClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) {
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
opts = append((*c.CallOptions).SignJwt[0:len((*c.CallOptions).SignJwt):len((*c.CallOptions).SignJwt)], opts...)
var resp *credentialspb.SignJwtResponse
err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
var err error
resp, err = c.iamCredentialsClient.SignJwt(ctx, req, settings.GRPC...)
return err
}, opts...)
if err != nil {
return nil, err
}
return resp, nil
}
// GenerateAccessToken generates an OAuth 2.0 access token for a service account.
func (c *iamCredentialsRESTClient) GenerateAccessToken(ctx context.Context, req *credentialspb.GenerateAccessTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateAccessTokenResponse, error) {
m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
jsonReq, err := m.Marshal(req)
if err != nil {
return nil, err
}
baseUrl, err := url.Parse(c.endpoint)
if err != nil {
return nil, err
}
baseUrl.Path += fmt.Sprintf("/v1/%v:generateAccessToken", req.GetName())
params := url.Values{}
params.Add("$alt", "json;enum-encoding=int")
baseUrl.RawQuery = params.Encode()
// Build HTTP headers from client and context metadata.
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
hds = append(hds, "Content-Type", "application/json")
headers := gax.BuildHeaders(ctx, hds...)
opts = append((*c.CallOptions).GenerateAccessToken[0:len((*c.CallOptions).GenerateAccessToken):len((*c.CallOptions).GenerateAccessToken)], opts...)
unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
resp := &credentialspb.GenerateAccessTokenResponse{}
e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
if settings.Path != "" {
baseUrl.Path = settings.Path
}
httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
if err != nil {
return err
}
httpReq = httpReq.WithContext(ctx)
httpReq.Header = headers
httpRsp, err := c.httpClient.Do(httpReq)
if err != nil {
return err
}
defer httpRsp.Body.Close()
if err = googleapi.CheckResponse(httpRsp); err != nil {
return err
}
buf, err := io.ReadAll(httpRsp.Body)
if err != nil {
return err
}
if err := unm.Unmarshal(buf, resp); err != nil {
return err
}
return nil
}, opts...)
if e != nil {
return nil, e
}
return resp, nil
}
// GenerateIdToken generates an OpenID Connect ID token for a service account.
func (c *iamCredentialsRESTClient) GenerateIdToken(ctx context.Context, req *credentialspb.GenerateIdTokenRequest, opts ...gax.CallOption) (*credentialspb.GenerateIdTokenResponse, error) {
m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
jsonReq, err := m.Marshal(req)
if err != nil {
return nil, err
}
baseUrl, err := url.Parse(c.endpoint)
if err != nil {
return nil, err
}
baseUrl.Path += fmt.Sprintf("/v1/%v:generateIdToken", req.GetName())
params := url.Values{}
params.Add("$alt", "json;enum-encoding=int")
baseUrl.RawQuery = params.Encode()
// Build HTTP headers from client and context metadata.
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
hds = append(hds, "Content-Type", "application/json")
headers := gax.BuildHeaders(ctx, hds...)
opts = append((*c.CallOptions).GenerateIdToken[0:len((*c.CallOptions).GenerateIdToken):len((*c.CallOptions).GenerateIdToken)], opts...)
unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
resp := &credentialspb.GenerateIdTokenResponse{}
e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
if settings.Path != "" {
baseUrl.Path = settings.Path
}
httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
if err != nil {
return err
}
httpReq = httpReq.WithContext(ctx)
httpReq.Header = headers
httpRsp, err := c.httpClient.Do(httpReq)
if err != nil {
return err
}
defer httpRsp.Body.Close()
if err = googleapi.CheckResponse(httpRsp); err != nil {
return err
}
buf, err := io.ReadAll(httpRsp.Body)
if err != nil {
return err
}
if err := unm.Unmarshal(buf, resp); err != nil {
return err
}
return nil
}, opts...)
if e != nil {
return nil, e
}
return resp, nil
}
// SignBlob signs a blob using a service account’s system-managed private key.
func (c *iamCredentialsRESTClient) SignBlob(ctx context.Context, req *credentialspb.SignBlobRequest, opts ...gax.CallOption) (*credentialspb.SignBlobResponse, error) {
m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
jsonReq, err := m.Marshal(req)
if err != nil {
return nil, err
}
baseUrl, err := url.Parse(c.endpoint)
if err != nil {
return nil, err
}
baseUrl.Path += fmt.Sprintf("/v1/%v:signBlob", req.GetName())
params := url.Values{}
params.Add("$alt", "json;enum-encoding=int")
baseUrl.RawQuery = params.Encode()
// Build HTTP headers from client and context metadata.
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
hds = append(hds, "Content-Type", "application/json")
headers := gax.BuildHeaders(ctx, hds...)
opts = append((*c.CallOptions).SignBlob[0:len((*c.CallOptions).SignBlob):len((*c.CallOptions).SignBlob)], opts...)
unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
resp := &credentialspb.SignBlobResponse{}
e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
if settings.Path != "" {
baseUrl.Path = settings.Path
}
httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
if err != nil {
return err
}
httpReq = httpReq.WithContext(ctx)
httpReq.Header = headers
httpRsp, err := c.httpClient.Do(httpReq)
if err != nil {
return err
}
defer httpRsp.Body.Close()
if err = googleapi.CheckResponse(httpRsp); err != nil {
return err
}
buf, err := io.ReadAll(httpRsp.Body)
if err != nil {
return err
}
if err := unm.Unmarshal(buf, resp); err != nil {
return err
}
return nil
}, opts...)
if e != nil {
return nil, e
}
return resp, nil
}
// SignJwt signs a JWT using a service account’s system-managed private key.
func (c *iamCredentialsRESTClient) SignJwt(ctx context.Context, req *credentialspb.SignJwtRequest, opts ...gax.CallOption) (*credentialspb.SignJwtResponse, error) {
m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
jsonReq, err := m.Marshal(req)
if err != nil {
return nil, err
}
baseUrl, err := url.Parse(c.endpoint)
if err != nil {
return nil, err
}
baseUrl.Path += fmt.Sprintf("/v1/%v:signJwt", req.GetName())
params := url.Values{}
params.Add("$alt", "json;enum-encoding=int")
baseUrl.RawQuery = params.Encode()
// Build HTTP headers from client and context metadata.
hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
hds = append(c.xGoogHeaders, hds...)
hds = append(hds, "Content-Type", "application/json")
headers := gax.BuildHeaders(ctx, hds...)
opts = append((*c.CallOptions).SignJwt[0:len((*c.CallOptions).SignJwt):len((*c.CallOptions).SignJwt)], opts...)
unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
resp := &credentialspb.SignJwtResponse{}
e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
if settings.Path != "" {
baseUrl.Path = settings.Path
}
httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
if err != nil {
return err
}
httpReq = httpReq.WithContext(ctx)
httpReq.Header = headers
httpRsp, err := c.httpClient.Do(httpReq)
if err != nil {
return err
}
defer httpRsp.Body.Close()
if err = googleapi.CheckResponse(httpRsp); err != nil {
return err
}
buf, err := io.ReadAll(httpRsp.Body)
if err != nil {
return err
}
if err := unm.Unmarshal(buf, resp); err != nil {
return err
}
return nil
}, opts...)
if e != nil {
return nil, e
}
return resp, nil
}