+ * A service account is a special type of Google account that belongs to your + * application or a virtual machine (VM), instead of to an individual end user. + * Your application assumes the identity of the service account to call Google + * APIs, so that the users aren't directly involved. + * Service account credentials are used to temporarily assume the identity + * of the service account. Supported credential types include OAuth 2.0 access + * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and + * more. + *+ */ +@javax.annotation.Generated( + value = "by gRPC proto compiler (version 1.10.0)", + comments = "Source: google/iam/credentials/v1/iamcredentials.proto") +public final class IAMCredentialsGrpc { + + private IAMCredentialsGrpc() {} + + public static final String SERVICE_NAME = "google.iam.credentials.v1.IAMCredentials"; + + // Static method descriptors that strictly reflect the proto. + @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901") + @java.lang.Deprecated // Use {@link #getGenerateAccessTokenMethod()} instead. + public static final io.grpc.MethodDescriptor
+ * A service account is a special type of Google account that belongs to your + * application or a virtual machine (VM), instead of to an individual end user. + * Your application assumes the identity of the service account to call Google + * APIs, so that the users aren't directly involved. + * Service account credentials are used to temporarily assume the identity + * of the service account. Supported credential types include OAuth 2.0 access + * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and + * more. + *+ */ + public static abstract class IAMCredentialsImplBase implements io.grpc.BindableService { + + /** + *
+ * Generates an OAuth 2.0 access token for a service account. + *+ */ + public void generateAccessToken(com.google.iam.credentials.v1.GenerateAccessTokenRequest request, + io.grpc.stub.StreamObserver
+ * Generates an OpenID Connect ID token for a service account. + *+ */ + public void generateIdToken(com.google.iam.credentials.v1.GenerateIdTokenRequest request, + io.grpc.stub.StreamObserver
+ * Signs a blob using a service account's system-managed private key. + *+ */ + public void signBlob(com.google.iam.credentials.v1.SignBlobRequest request, + io.grpc.stub.StreamObserver
+ * Signs a JWT using a service account's system-managed private key. + *+ */ + public void signJwt(com.google.iam.credentials.v1.SignJwtRequest request, + io.grpc.stub.StreamObserver
+ * Exchange a JWT signed by third party identity provider to an OAuth 2.0 + * access token + *+ */ + public void generateIdentityBindingAccessToken(com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest request, + io.grpc.stub.StreamObserver
+ * A service account is a special type of Google account that belongs to your + * application or a virtual machine (VM), instead of to an individual end user. + * Your application assumes the identity of the service account to call Google + * APIs, so that the users aren't directly involved. + * Service account credentials are used to temporarily assume the identity + * of the service account. Supported credential types include OAuth 2.0 access + * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and + * more. + *+ */ + public static final class IAMCredentialsStub extends io.grpc.stub.AbstractStub
+ * Generates an OAuth 2.0 access token for a service account. + *+ */ + public void generateAccessToken(com.google.iam.credentials.v1.GenerateAccessTokenRequest request, + io.grpc.stub.StreamObserver
+ * Generates an OpenID Connect ID token for a service account. + *+ */ + public void generateIdToken(com.google.iam.credentials.v1.GenerateIdTokenRequest request, + io.grpc.stub.StreamObserver
+ * Signs a blob using a service account's system-managed private key. + *+ */ + public void signBlob(com.google.iam.credentials.v1.SignBlobRequest request, + io.grpc.stub.StreamObserver
+ * Signs a JWT using a service account's system-managed private key. + *+ */ + public void signJwt(com.google.iam.credentials.v1.SignJwtRequest request, + io.grpc.stub.StreamObserver
+ * Exchange a JWT signed by third party identity provider to an OAuth 2.0 + * access token + *+ */ + public void generateIdentityBindingAccessToken(com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest request, + io.grpc.stub.StreamObserver
+ * A service account is a special type of Google account that belongs to your + * application or a virtual machine (VM), instead of to an individual end user. + * Your application assumes the identity of the service account to call Google + * APIs, so that the users aren't directly involved. + * Service account credentials are used to temporarily assume the identity + * of the service account. Supported credential types include OAuth 2.0 access + * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and + * more. + *+ */ + public static final class IAMCredentialsBlockingStub extends io.grpc.stub.AbstractStub
+ * Generates an OAuth 2.0 access token for a service account. + *+ */ + public com.google.iam.credentials.v1.GenerateAccessTokenResponse generateAccessToken(com.google.iam.credentials.v1.GenerateAccessTokenRequest request) { + return blockingUnaryCall( + getChannel(), getGenerateAccessTokenMethodHelper(), getCallOptions(), request); + } + + /** + *
+ * Generates an OpenID Connect ID token for a service account. + *+ */ + public com.google.iam.credentials.v1.GenerateIdTokenResponse generateIdToken(com.google.iam.credentials.v1.GenerateIdTokenRequest request) { + return blockingUnaryCall( + getChannel(), getGenerateIdTokenMethodHelper(), getCallOptions(), request); + } + + /** + *
+ * Signs a blob using a service account's system-managed private key. + *+ */ + public com.google.iam.credentials.v1.SignBlobResponse signBlob(com.google.iam.credentials.v1.SignBlobRequest request) { + return blockingUnaryCall( + getChannel(), getSignBlobMethodHelper(), getCallOptions(), request); + } + + /** + *
+ * Signs a JWT using a service account's system-managed private key. + *+ */ + public com.google.iam.credentials.v1.SignJwtResponse signJwt(com.google.iam.credentials.v1.SignJwtRequest request) { + return blockingUnaryCall( + getChannel(), getSignJwtMethodHelper(), getCallOptions(), request); + } + + /** + *
+ * Exchange a JWT signed by third party identity provider to an OAuth 2.0 + * access token + *+ */ + public com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse generateIdentityBindingAccessToken(com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest request) { + return blockingUnaryCall( + getChannel(), getGenerateIdentityBindingAccessTokenMethodHelper(), getCallOptions(), request); + } + } + + /** + *
+ * A service account is a special type of Google account that belongs to your + * application or a virtual machine (VM), instead of to an individual end user. + * Your application assumes the identity of the service account to call Google + * APIs, so that the users aren't directly involved. + * Service account credentials are used to temporarily assume the identity + * of the service account. Supported credential types include OAuth 2.0 access + * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and + * more. + *+ */ + public static final class IAMCredentialsFutureStub extends io.grpc.stub.AbstractStub
+ * Generates an OAuth 2.0 access token for a service account. + *+ */ + public com.google.common.util.concurrent.ListenableFuture
+ * Generates an OpenID Connect ID token for a service account. + *+ */ + public com.google.common.util.concurrent.ListenableFuture
+ * Signs a blob using a service account's system-managed private key. + *+ */ + public com.google.common.util.concurrent.ListenableFuture
+ * Signs a JWT using a service account's system-managed private key. + *+ */ + public com.google.common.util.concurrent.ListenableFuture
+ * Exchange a JWT signed by third party identity provider to an OAuth 2.0 + * access token + *+ */ + public com.google.common.util.concurrent.ListenableFuture
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int DELEGATES_FIELD_NUMBER = 2;
+ private com.google.protobuf.LazyStringList delegates_;
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+
+ public static final int SCOPE_FIELD_NUMBER = 4;
+ private com.google.protobuf.LazyStringList scope_;
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getScopeList() {
+ return scope_;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public int getScopeCount() {
+ return scope_.size();
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public java.lang.String getScope(int index) {
+ return scope_.get(index);
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public com.google.protobuf.ByteString
+ getScopeBytes(int index) {
+ return scope_.getByteString(index);
+ }
+
+ public static final int LIFETIME_FIELD_NUMBER = 7;
+ private com.google.protobuf.Duration lifetime_;
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public boolean hasLifetime() {
+ return lifetime_ != null;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public com.google.protobuf.Duration getLifetime() {
+ return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+ return getLifetime();
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getNameBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+ }
+ for (int i = 0; i < delegates_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, delegates_.getRaw(i));
+ }
+ for (int i = 0; i < scope_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 4, scope_.getRaw(i));
+ }
+ if (lifetime_ != null) {
+ output.writeMessage(7, getLifetime());
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getNameBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+ }
+ {
+ int dataSize = 0;
+ for (int i = 0; i < delegates_.size(); i++) {
+ dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getDelegatesList().size();
+ }
+ {
+ int dataSize = 0;
+ for (int i = 0; i < scope_.size(); i++) {
+ dataSize += computeStringSizeNoTag(scope_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getScopeList().size();
+ }
+ if (lifetime_ != null) {
+ size += com.google.protobuf.CodedOutputStream
+ .computeMessageSize(7, getLifetime());
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.GenerateAccessTokenRequest)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.GenerateAccessTokenRequest other = (com.google.iam.credentials.v1.GenerateAccessTokenRequest) obj;
+
+ boolean result = true;
+ result = result && getName()
+ .equals(other.getName());
+ result = result && getDelegatesList()
+ .equals(other.getDelegatesList());
+ result = result && getScopeList()
+ .equals(other.getScopeList());
+ result = result && (hasLifetime() == other.hasLifetime());
+ if (hasLifetime()) {
+ result = result && getLifetime()
+ .equals(other.getLifetime());
+ }
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getName().hashCode();
+ if (getDelegatesCount() > 0) {
+ hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+ hash = (53 * hash) + getDelegatesList().hashCode();
+ }
+ if (getScopeCount() > 0) {
+ hash = (37 * hash) + SCOPE_FIELD_NUMBER;
+ hash = (53 * hash) + getScopeList().hashCode();
+ }
+ if (hasLifetime()) {
+ hash = (37 * hash) + LIFETIME_FIELD_NUMBER;
+ hash = (53 * hash) + getLifetime().hashCode();
+ }
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.GenerateAccessTokenRequest prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenRequest}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setName(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder clearName() {
+
+ name_ = getDefaultInstance().getName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setNameBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.LazyStringList delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureDelegatesIsMutable() {
+ if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+ bitField0_ |= 0x00000002;
+ }
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_.getUnmodifiableView();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder setDelegates(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder addDelegates(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder addAllDelegates(
+ java.lang.Iterable
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder clearDelegates() {
+ delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000002);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder addDelegatesBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.LazyStringList scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureScopeIsMutable() {
+ if (!((bitField0_ & 0x00000004) == 0x00000004)) {
+ scope_ = new com.google.protobuf.LazyStringArrayList(scope_);
+ bitField0_ |= 0x00000004;
+ }
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getScopeList() {
+ return scope_.getUnmodifiableView();
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public int getScopeCount() {
+ return scope_.size();
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public java.lang.String getScope(int index) {
+ return scope_.get(index);
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public com.google.protobuf.ByteString
+ getScopeBytes(int index) {
+ return scope_.getByteString(index);
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public Builder setScope(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureScopeIsMutable();
+ scope_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public Builder addScope(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureScopeIsMutable();
+ scope_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public Builder addAllScope(
+ java.lang.Iterable+ * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public Builder clearScope() {
+ scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000004);
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ public Builder addScopeBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureScopeIsMutable();
+ scope_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.Duration lifetime_ = null;
+ private com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Duration, com.google.protobuf.Duration.Builder, com.google.protobuf.DurationOrBuilder> lifetimeBuilder_;
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public boolean hasLifetime() {
+ return lifetimeBuilder_ != null || lifetime_ != null;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public com.google.protobuf.Duration getLifetime() {
+ if (lifetimeBuilder_ == null) {
+ return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+ } else {
+ return lifetimeBuilder_.getMessage();
+ }
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public Builder setLifetime(com.google.protobuf.Duration value) {
+ if (lifetimeBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ lifetime_ = value;
+ onChanged();
+ } else {
+ lifetimeBuilder_.setMessage(value);
+ }
+
+ return this;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public Builder setLifetime(
+ com.google.protobuf.Duration.Builder builderForValue) {
+ if (lifetimeBuilder_ == null) {
+ lifetime_ = builderForValue.build();
+ onChanged();
+ } else {
+ lifetimeBuilder_.setMessage(builderForValue.build());
+ }
+
+ return this;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public Builder mergeLifetime(com.google.protobuf.Duration value) {
+ if (lifetimeBuilder_ == null) {
+ if (lifetime_ != null) {
+ lifetime_ =
+ com.google.protobuf.Duration.newBuilder(lifetime_).mergeFrom(value).buildPartial();
+ } else {
+ lifetime_ = value;
+ }
+ onChanged();
+ } else {
+ lifetimeBuilder_.mergeFrom(value);
+ }
+
+ return this;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public Builder clearLifetime() {
+ if (lifetimeBuilder_ == null) {
+ lifetime_ = null;
+ onChanged();
+ } else {
+ lifetime_ = null;
+ lifetimeBuilder_ = null;
+ }
+
+ return this;
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public com.google.protobuf.Duration.Builder getLifetimeBuilder() {
+
+ onChanged();
+ return getLifetimeFieldBuilder().getBuilder();
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+ if (lifetimeBuilder_ != null) {
+ return lifetimeBuilder_.getMessageOrBuilder();
+ } else {
+ return lifetime_ == null ?
+ com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+ }
+ }
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ private com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Duration, com.google.protobuf.Duration.Builder, com.google.protobuf.DurationOrBuilder>
+ getLifetimeFieldBuilder() {
+ if (lifetimeBuilder_ == null) {
+ lifetimeBuilder_ = new com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Duration, com.google.protobuf.Duration.Builder, com.google.protobuf.DurationOrBuilder>(
+ getLifetime(),
+ getParentForChildren(),
+ isClean());
+ lifetime_ = null;
+ }
+ return lifetimeBuilder_;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateAccessTokenRequest)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateAccessTokenRequest)
+ private static final com.google.iam.credentials.v1.GenerateAccessTokenRequest DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.GenerateAccessTokenRequest();
+ }
+
+ public static com.google.iam.credentials.v1.GenerateAccessTokenRequest getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ java.lang.String getName();
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ com.google.protobuf.ByteString
+ getNameBytes();
+
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ java.util.List
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ int getDelegatesCount();
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ java.lang.String getDelegates(int index);
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ com.google.protobuf.ByteString
+ getDelegatesBytes(int index);
+
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ java.util.List+ * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ int getScopeCount();
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ java.lang.String getScope(int index);
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 4;
+ */
+ com.google.protobuf.ByteString
+ getScopeBytes(int index);
+
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ boolean hasLifetime();
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ com.google.protobuf.Duration getLifetime();
+ /**
+ * + * The desired lifetime duration of the access token in seconds. + * Must be set to a value less than or equal to 3600 (1 hour). If a value is + * not specified, the token's lifetime will be set to a default value of one + * hour. + *+ * + *
.google.protobuf.Duration lifetime = 7;
+ */
+ com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateAccessTokenResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateAccessTokenResponse.java
new file mode 100644
index 000000000000..4628b768caa8
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateAccessTokenResponse.java
@@ -0,0 +1,810 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenResponse}
+ */
+public final class GenerateAccessTokenResponse extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateAccessTokenResponse)
+ GenerateAccessTokenResponseOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use GenerateAccessTokenResponse.newBuilder() to construct.
+ private GenerateAccessTokenResponse(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private GenerateAccessTokenResponse() {
+ accessToken_ = "";
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private GenerateAccessTokenResponse(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ accessToken_ = s;
+ break;
+ }
+ case 26: {
+ com.google.protobuf.Timestamp.Builder subBuilder = null;
+ if (expireTime_ != null) {
+ subBuilder = expireTime_.toBuilder();
+ }
+ expireTime_ = input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+ if (subBuilder != null) {
+ subBuilder.mergeFrom(expireTime_);
+ expireTime_ = subBuilder.buildPartial();
+ }
+
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.GenerateAccessTokenResponse.class, com.google.iam.credentials.v1.GenerateAccessTokenResponse.Builder.class);
+ }
+
+ public static final int ACCESS_TOKEN_FIELD_NUMBER = 1;
+ private volatile java.lang.Object accessToken_;
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public java.lang.String getAccessToken() {
+ java.lang.Object ref = accessToken_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ accessToken_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public com.google.protobuf.ByteString
+ getAccessTokenBytes() {
+ java.lang.Object ref = accessToken_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ accessToken_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int EXPIRE_TIME_FIELD_NUMBER = 3;
+ private com.google.protobuf.Timestamp expireTime_;
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public boolean hasExpireTime() {
+ return expireTime_ != null;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public com.google.protobuf.Timestamp getExpireTime() {
+ return expireTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+ return getExpireTime();
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getAccessTokenBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, accessToken_);
+ }
+ if (expireTime_ != null) {
+ output.writeMessage(3, getExpireTime());
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getAccessTokenBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, accessToken_);
+ }
+ if (expireTime_ != null) {
+ size += com.google.protobuf.CodedOutputStream
+ .computeMessageSize(3, getExpireTime());
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.GenerateAccessTokenResponse)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.GenerateAccessTokenResponse other = (com.google.iam.credentials.v1.GenerateAccessTokenResponse) obj;
+
+ boolean result = true;
+ result = result && getAccessToken()
+ .equals(other.getAccessToken());
+ result = result && (hasExpireTime() == other.hasExpireTime());
+ if (hasExpireTime()) {
+ result = result && getExpireTime()
+ .equals(other.getExpireTime());
+ }
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + ACCESS_TOKEN_FIELD_NUMBER;
+ hash = (53 * hash) + getAccessToken().hashCode();
+ if (hasExpireTime()) {
+ hash = (37 * hash) + EXPIRE_TIME_FIELD_NUMBER;
+ hash = (53 * hash) + getExpireTime().hashCode();
+ }
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.GenerateAccessTokenResponse prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenResponse}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder+ * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public java.lang.String getAccessToken() {
+ java.lang.Object ref = accessToken_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ accessToken_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public com.google.protobuf.ByteString
+ getAccessTokenBytes() {
+ java.lang.Object ref = accessToken_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ accessToken_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public Builder setAccessToken(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ accessToken_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public Builder clearAccessToken() {
+
+ accessToken_ = getDefaultInstance().getAccessToken();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public Builder setAccessTokenBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ accessToken_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.Timestamp expireTime_ = null;
+ private com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Timestamp, com.google.protobuf.Timestamp.Builder, com.google.protobuf.TimestampOrBuilder> expireTimeBuilder_;
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public boolean hasExpireTime() {
+ return expireTimeBuilder_ != null || expireTime_ != null;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public com.google.protobuf.Timestamp getExpireTime() {
+ if (expireTimeBuilder_ == null) {
+ return expireTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+ } else {
+ return expireTimeBuilder_.getMessage();
+ }
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public Builder setExpireTime(com.google.protobuf.Timestamp value) {
+ if (expireTimeBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ expireTime_ = value;
+ onChanged();
+ } else {
+ expireTimeBuilder_.setMessage(value);
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public Builder setExpireTime(
+ com.google.protobuf.Timestamp.Builder builderForValue) {
+ if (expireTimeBuilder_ == null) {
+ expireTime_ = builderForValue.build();
+ onChanged();
+ } else {
+ expireTimeBuilder_.setMessage(builderForValue.build());
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public Builder mergeExpireTime(com.google.protobuf.Timestamp value) {
+ if (expireTimeBuilder_ == null) {
+ if (expireTime_ != null) {
+ expireTime_ =
+ com.google.protobuf.Timestamp.newBuilder(expireTime_).mergeFrom(value).buildPartial();
+ } else {
+ expireTime_ = value;
+ }
+ onChanged();
+ } else {
+ expireTimeBuilder_.mergeFrom(value);
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public Builder clearExpireTime() {
+ if (expireTimeBuilder_ == null) {
+ expireTime_ = null;
+ onChanged();
+ } else {
+ expireTime_ = null;
+ expireTimeBuilder_ = null;
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public com.google.protobuf.Timestamp.Builder getExpireTimeBuilder() {
+
+ onChanged();
+ return getExpireTimeFieldBuilder().getBuilder();
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+ if (expireTimeBuilder_ != null) {
+ return expireTimeBuilder_.getMessageOrBuilder();
+ } else {
+ return expireTime_ == null ?
+ com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+ }
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ private com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Timestamp, com.google.protobuf.Timestamp.Builder, com.google.protobuf.TimestampOrBuilder>
+ getExpireTimeFieldBuilder() {
+ if (expireTimeBuilder_ == null) {
+ expireTimeBuilder_ = new com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Timestamp, com.google.protobuf.Timestamp.Builder, com.google.protobuf.TimestampOrBuilder>(
+ getExpireTime(),
+ getParentForChildren(),
+ isClean());
+ expireTime_ = null;
+ }
+ return expireTimeBuilder_;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateAccessTokenResponse)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateAccessTokenResponse)
+ private static final com.google.iam.credentials.v1.GenerateAccessTokenResponse DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.GenerateAccessTokenResponse();
+ }
+
+ public static com.google.iam.credentials.v1.GenerateAccessTokenResponse getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser+ * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ java.lang.String getAccessToken();
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ com.google.protobuf.ByteString
+ getAccessTokenBytes();
+
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ boolean hasExpireTime();
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ com.google.protobuf.Timestamp getExpireTime();
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 3;
+ */
+ com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdTokenRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdTokenRequest.java
new file mode 100644
index 000000000000..24eb6636dcf2
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdTokenRequest.java
@@ -0,0 +1,1142 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenRequest}
+ */
+public final class GenerateIdTokenRequest extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateIdTokenRequest)
+ GenerateIdTokenRequestOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use GenerateIdTokenRequest.newBuilder() to construct.
+ private GenerateIdTokenRequest(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private GenerateIdTokenRequest() {
+ name_ = "";
+ delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ audience_ = "";
+ includeEmail_ = false;
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private GenerateIdTokenRequest(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ name_ = s;
+ break;
+ }
+ case 18: {
+ java.lang.String s = input.readStringRequireUtf8();
+ if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = new com.google.protobuf.LazyStringArrayList();
+ mutable_bitField0_ |= 0x00000002;
+ }
+ delegates_.add(s);
+ break;
+ }
+ case 26: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ audience_ = s;
+ break;
+ }
+ case 32: {
+
+ includeEmail_ = input.readBool();
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = delegates_.getUnmodifiableView();
+ }
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.GenerateIdTokenRequest.class, com.google.iam.credentials.v1.GenerateIdTokenRequest.Builder.class);
+ }
+
+ private int bitField0_;
+ public static final int NAME_FIELD_NUMBER = 1;
+ private volatile java.lang.Object name_;
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int DELEGATES_FIELD_NUMBER = 2;
+ private com.google.protobuf.LazyStringList delegates_;
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+
+ public static final int AUDIENCE_FIELD_NUMBER = 3;
+ private volatile java.lang.Object audience_;
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public java.lang.String getAudience() {
+ java.lang.Object ref = audience_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ audience_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public com.google.protobuf.ByteString
+ getAudienceBytes() {
+ java.lang.Object ref = audience_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ audience_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int INCLUDE_EMAIL_FIELD_NUMBER = 4;
+ private boolean includeEmail_;
+ /**
+ * + * Include the service account email in the token. If set to `true`, the + * token will contain `email` and `email_verified` claims. + *+ * + *
bool include_email = 4;
+ */
+ public boolean getIncludeEmail() {
+ return includeEmail_;
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getNameBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+ }
+ for (int i = 0; i < delegates_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, delegates_.getRaw(i));
+ }
+ if (!getAudienceBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 3, audience_);
+ }
+ if (includeEmail_ != false) {
+ output.writeBool(4, includeEmail_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getNameBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+ }
+ {
+ int dataSize = 0;
+ for (int i = 0; i < delegates_.size(); i++) {
+ dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getDelegatesList().size();
+ }
+ if (!getAudienceBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, audience_);
+ }
+ if (includeEmail_ != false) {
+ size += com.google.protobuf.CodedOutputStream
+ .computeBoolSize(4, includeEmail_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.GenerateIdTokenRequest)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.GenerateIdTokenRequest other = (com.google.iam.credentials.v1.GenerateIdTokenRequest) obj;
+
+ boolean result = true;
+ result = result && getName()
+ .equals(other.getName());
+ result = result && getDelegatesList()
+ .equals(other.getDelegatesList());
+ result = result && getAudience()
+ .equals(other.getAudience());
+ result = result && (getIncludeEmail()
+ == other.getIncludeEmail());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getName().hashCode();
+ if (getDelegatesCount() > 0) {
+ hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+ hash = (53 * hash) + getDelegatesList().hashCode();
+ }
+ hash = (37 * hash) + AUDIENCE_FIELD_NUMBER;
+ hash = (53 * hash) + getAudience().hashCode();
+ hash = (37 * hash) + INCLUDE_EMAIL_FIELD_NUMBER;
+ hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(
+ getIncludeEmail());
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.GenerateIdTokenRequest prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenRequest}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setName(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder clearName() {
+
+ name_ = getDefaultInstance().getName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setNameBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.LazyStringList delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureDelegatesIsMutable() {
+ if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+ bitField0_ |= 0x00000002;
+ }
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_.getUnmodifiableView();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder setDelegates(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder addDelegates(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder addAllDelegates(
+ java.lang.Iterable
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder clearDelegates() {
+ delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000002);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ public Builder addDelegatesBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object audience_ = "";
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public java.lang.String getAudience() {
+ java.lang.Object ref = audience_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ audience_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public com.google.protobuf.ByteString
+ getAudienceBytes() {
+ java.lang.Object ref = audience_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ audience_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public Builder setAudience(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ audience_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public Builder clearAudience() {
+
+ audience_ = getDefaultInstance().getAudience();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ public Builder setAudienceBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ audience_ = value;
+ onChanged();
+ return this;
+ }
+
+ private boolean includeEmail_ ;
+ /**
+ * + * Include the service account email in the token. If set to `true`, the + * token will contain `email` and `email_verified` claims. + *+ * + *
bool include_email = 4;
+ */
+ public boolean getIncludeEmail() {
+ return includeEmail_;
+ }
+ /**
+ * + * Include the service account email in the token. If set to `true`, the + * token will contain `email` and `email_verified` claims. + *+ * + *
bool include_email = 4;
+ */
+ public Builder setIncludeEmail(boolean value) {
+
+ includeEmail_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Include the service account email in the token. If set to `true`, the + * token will contain `email` and `email_verified` claims. + *+ * + *
bool include_email = 4;
+ */
+ public Builder clearIncludeEmail() {
+
+ includeEmail_ = false;
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateIdTokenRequest)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateIdTokenRequest)
+ private static final com.google.iam.credentials.v1.GenerateIdTokenRequest DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.GenerateIdTokenRequest();
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdTokenRequest getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ java.lang.String getName();
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ com.google.protobuf.ByteString
+ getNameBytes();
+
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ java.util.List
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ int getDelegatesCount();
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ java.lang.String getDelegates(int index);
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 2;
+ */
+ com.google.protobuf.ByteString
+ getDelegatesBytes(int index);
+
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ java.lang.String getAudience();
+ /**
+ * + * The audience for the token, such as the API or account that this token + * grants access to. + *+ * + *
string audience = 3;
+ */
+ com.google.protobuf.ByteString
+ getAudienceBytes();
+
+ /**
+ * + * Include the service account email in the token. If set to `true`, the + * token will contain `email` and `email_verified` claims. + *+ * + *
bool include_email = 4;
+ */
+ boolean getIncludeEmail();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdTokenResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdTokenResponse.java
new file mode 100644
index 000000000000..3b986d70d0b8
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdTokenResponse.java
@@ -0,0 +1,569 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenResponse}
+ */
+public final class GenerateIdTokenResponse extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateIdTokenResponse)
+ GenerateIdTokenResponseOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use GenerateIdTokenResponse.newBuilder() to construct.
+ private GenerateIdTokenResponse(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private GenerateIdTokenResponse() {
+ token_ = "";
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private GenerateIdTokenResponse(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ token_ = s;
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.GenerateIdTokenResponse.class, com.google.iam.credentials.v1.GenerateIdTokenResponse.Builder.class);
+ }
+
+ public static final int TOKEN_FIELD_NUMBER = 1;
+ private volatile java.lang.Object token_;
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public java.lang.String getToken() {
+ java.lang.Object ref = token_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ token_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public com.google.protobuf.ByteString
+ getTokenBytes() {
+ java.lang.Object ref = token_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ token_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getTokenBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, token_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getTokenBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, token_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.GenerateIdTokenResponse)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.GenerateIdTokenResponse other = (com.google.iam.credentials.v1.GenerateIdTokenResponse) obj;
+
+ boolean result = true;
+ result = result && getToken()
+ .equals(other.getToken());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + TOKEN_FIELD_NUMBER;
+ hash = (53 * hash) + getToken().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.GenerateIdTokenResponse prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenResponse}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder+ * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public java.lang.String getToken() {
+ java.lang.Object ref = token_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ token_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public com.google.protobuf.ByteString
+ getTokenBytes() {
+ java.lang.Object ref = token_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ token_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public Builder setToken(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ token_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public Builder clearToken() {
+
+ token_ = getDefaultInstance().getToken();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ public Builder setTokenBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ token_ = value;
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateIdTokenResponse)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateIdTokenResponse)
+ private static final com.google.iam.credentials.v1.GenerateIdTokenResponse DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.GenerateIdTokenResponse();
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdTokenResponse getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser+ * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ java.lang.String getToken();
+ /**
+ * + * The OpenId Connect ID token. + *+ * + *
string token = 1;
+ */
+ com.google.protobuf.ByteString
+ getTokenBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdentityBindingAccessTokenRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdentityBindingAccessTokenRequest.java
new file mode 100644
index 000000000000..25d008a73d6c
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdentityBindingAccessTokenRequest.java
@@ -0,0 +1,1298 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest}
+ */
+public final class GenerateIdentityBindingAccessTokenRequest extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest)
+ GenerateIdentityBindingAccessTokenRequestOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use GenerateIdentityBindingAccessTokenRequest.newBuilder() to construct.
+ private GenerateIdentityBindingAccessTokenRequest(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private GenerateIdentityBindingAccessTokenRequest() {
+ name_ = "";
+ scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ jwt_ = "";
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private GenerateIdentityBindingAccessTokenRequest(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ name_ = s;
+ break;
+ }
+ case 18: {
+ java.lang.String s = input.readStringRequireUtf8();
+ if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+ scope_ = new com.google.protobuf.LazyStringArrayList();
+ mutable_bitField0_ |= 0x00000002;
+ }
+ scope_.add(s);
+ break;
+ }
+ case 26: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ jwt_ = s;
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+ scope_ = scope_.getUnmodifiableView();
+ }
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest.class, com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest.Builder.class);
+ }
+
+ private int bitField0_;
+ public static final int NAME_FIELD_NUMBER = 1;
+ private volatile java.lang.Object name_;
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int SCOPE_FIELD_NUMBER = 2;
+ private com.google.protobuf.LazyStringList scope_;
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getScopeList() {
+ return scope_;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public int getScopeCount() {
+ return scope_.size();
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public java.lang.String getScope(int index) {
+ return scope_.get(index);
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public com.google.protobuf.ByteString
+ getScopeBytes(int index) {
+ return scope_.getByteString(index);
+ }
+
+ public static final int JWT_FIELD_NUMBER = 3;
+ private volatile java.lang.Object jwt_;
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public java.lang.String getJwt() {
+ java.lang.Object ref = jwt_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ jwt_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public com.google.protobuf.ByteString
+ getJwtBytes() {
+ java.lang.Object ref = jwt_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ jwt_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getNameBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+ }
+ for (int i = 0; i < scope_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, scope_.getRaw(i));
+ }
+ if (!getJwtBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 3, jwt_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getNameBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+ }
+ {
+ int dataSize = 0;
+ for (int i = 0; i < scope_.size(); i++) {
+ dataSize += computeStringSizeNoTag(scope_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getScopeList().size();
+ }
+ if (!getJwtBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, jwt_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest other = (com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest) obj;
+
+ boolean result = true;
+ result = result && getName()
+ .equals(other.getName());
+ result = result && getScopeList()
+ .equals(other.getScopeList());
+ result = result && getJwt()
+ .equals(other.getJwt());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getName().hashCode();
+ if (getScopeCount() > 0) {
+ hash = (37 * hash) + SCOPE_FIELD_NUMBER;
+ hash = (53 * hash) + getScopeList().hashCode();
+ }
+ hash = (37 * hash) + JWT_FIELD_NUMBER;
+ hash = (53 * hash) + getJwt().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setName(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder clearName() {
+
+ name_ = getDefaultInstance().getName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setNameBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.LazyStringList scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureScopeIsMutable() {
+ if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+ scope_ = new com.google.protobuf.LazyStringArrayList(scope_);
+ bitField0_ |= 0x00000002;
+ }
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getScopeList() {
+ return scope_.getUnmodifiableView();
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public int getScopeCount() {
+ return scope_.size();
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public java.lang.String getScope(int index) {
+ return scope_.get(index);
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public com.google.protobuf.ByteString
+ getScopeBytes(int index) {
+ return scope_.getByteString(index);
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public Builder setScope(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureScopeIsMutable();
+ scope_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public Builder addScope(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureScopeIsMutable();
+ scope_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public Builder addAllScope(
+ java.lang.Iterable+ * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public Builder clearScope() {
+ scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000002);
+ onChanged();
+ return this;
+ }
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ public Builder addScopeBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureScopeIsMutable();
+ scope_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object jwt_ = "";
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public java.lang.String getJwt() {
+ java.lang.Object ref = jwt_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ jwt_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public com.google.protobuf.ByteString
+ getJwtBytes() {
+ java.lang.Object ref = jwt_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ jwt_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public Builder setJwt(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ jwt_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public Builder clearJwt() {
+
+ jwt_ = getDefaultInstance().getJwt();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ public Builder setJwtBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ jwt_ = value;
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest)
+ private static final com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest();
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ java.lang.String getName();
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ com.google.protobuf.ByteString
+ getNameBytes();
+
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ java.util.List+ * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ int getScopeCount();
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ java.lang.String getScope(int index);
+ /**
+ * + * Code to identify the scopes to be included in the OAuth 2.0 access token. + * See https://developers.google.com/identity/protocols/googlescopes for more + * information. + * At least one value required. + *+ * + *
repeated string scope = 2;
+ */
+ com.google.protobuf.ByteString
+ getScopeBytes(int index);
+
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ java.lang.String getJwt();
+ /**
+ *
+ * Required. Input token.
+ * Must be in JWT format according to
+ * RFC7523 (https://tools.ietf.org/html/rfc7523)
+ * and must have 'kid' field in the header.
+ * Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ * Mandatory payload fields (along the lines of RFC 7523, section 3):
+ * - iss: issuer of the token. Must provide a discovery document at
+ * $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery
+ * 1.0 specification.
+ * - iat: Issue time in seconds since epoch. Must be in the past.
+ * - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ * after iat. We recommend to create tokens that last shorter than 6
+ * hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure
+ * since tokens that have been exfiltrated by attackers can be used for
+ * a shorter time. you can configure the maximum lifetime of the
+ * incoming token in the configuration of the mapper.
+ * The resulting Google token will expire within an hour or at "exp",
+ * whichever is earlier.
+ * - sub: JWT subject, identity asserted in the JWT.
+ * - aud: Configured in the mapper policy. By default the service account
+ * email.
+ * Claims from the incoming token can be transferred into the output token
+ * accoding to the mapper configuration. The outgoing claim size is limited.
+ * Outgoing claims size must be less than 4kB serialized as JSON without
+ * whitespace.
+ * Example header:
+ * {
+ * "alg": "RS256",
+ * "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ * }
+ * Example payload:
+ * {
+ * "iss": "https://accounts.google.com",
+ * "iat": 1517963104,
+ * "exp": 1517966704,
+ * "aud": "https://iamcredentials.googleapis.com/",
+ * "sub": "113475438248934895348",
+ * "my_claims": {
+ * "additional_claim": "value"
+ * }
+ * }
+ *
+ *
+ * string jwt = 3;
+ */
+ com.google.protobuf.ByteString
+ getJwtBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdentityBindingAccessTokenResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdentityBindingAccessTokenResponse.java
new file mode 100644
index 000000000000..74bb40247138
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/GenerateIdentityBindingAccessTokenResponse.java
@@ -0,0 +1,810 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse}
+ */
+public final class GenerateIdentityBindingAccessTokenResponse extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse)
+ GenerateIdentityBindingAccessTokenResponseOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use GenerateIdentityBindingAccessTokenResponse.newBuilder() to construct.
+ private GenerateIdentityBindingAccessTokenResponse(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private GenerateIdentityBindingAccessTokenResponse() {
+ accessToken_ = "";
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private GenerateIdentityBindingAccessTokenResponse(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ accessToken_ = s;
+ break;
+ }
+ case 18: {
+ com.google.protobuf.Timestamp.Builder subBuilder = null;
+ if (expireTime_ != null) {
+ subBuilder = expireTime_.toBuilder();
+ }
+ expireTime_ = input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+ if (subBuilder != null) {
+ subBuilder.mergeFrom(expireTime_);
+ expireTime_ = subBuilder.buildPartial();
+ }
+
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse.class, com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse.Builder.class);
+ }
+
+ public static final int ACCESS_TOKEN_FIELD_NUMBER = 1;
+ private volatile java.lang.Object accessToken_;
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public java.lang.String getAccessToken() {
+ java.lang.Object ref = accessToken_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ accessToken_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public com.google.protobuf.ByteString
+ getAccessTokenBytes() {
+ java.lang.Object ref = accessToken_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ accessToken_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int EXPIRE_TIME_FIELD_NUMBER = 2;
+ private com.google.protobuf.Timestamp expireTime_;
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public boolean hasExpireTime() {
+ return expireTime_ != null;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public com.google.protobuf.Timestamp getExpireTime() {
+ return expireTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+ return getExpireTime();
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getAccessTokenBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, accessToken_);
+ }
+ if (expireTime_ != null) {
+ output.writeMessage(2, getExpireTime());
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getAccessTokenBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, accessToken_);
+ }
+ if (expireTime_ != null) {
+ size += com.google.protobuf.CodedOutputStream
+ .computeMessageSize(2, getExpireTime());
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse other = (com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse) obj;
+
+ boolean result = true;
+ result = result && getAccessToken()
+ .equals(other.getAccessToken());
+ result = result && (hasExpireTime() == other.hasExpireTime());
+ if (hasExpireTime()) {
+ result = result && getExpireTime()
+ .equals(other.getExpireTime());
+ }
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + ACCESS_TOKEN_FIELD_NUMBER;
+ hash = (53 * hash) + getAccessToken().hashCode();
+ if (hasExpireTime()) {
+ hash = (37 * hash) + EXPIRE_TIME_FIELD_NUMBER;
+ hash = (53 * hash) + getExpireTime().hashCode();
+ }
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder+ * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public java.lang.String getAccessToken() {
+ java.lang.Object ref = accessToken_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ accessToken_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public com.google.protobuf.ByteString
+ getAccessTokenBytes() {
+ java.lang.Object ref = accessToken_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ accessToken_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public Builder setAccessToken(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ accessToken_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public Builder clearAccessToken() {
+
+ accessToken_ = getDefaultInstance().getAccessToken();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ public Builder setAccessTokenBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ accessToken_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.Timestamp expireTime_ = null;
+ private com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Timestamp, com.google.protobuf.Timestamp.Builder, com.google.protobuf.TimestampOrBuilder> expireTimeBuilder_;
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public boolean hasExpireTime() {
+ return expireTimeBuilder_ != null || expireTime_ != null;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public com.google.protobuf.Timestamp getExpireTime() {
+ if (expireTimeBuilder_ == null) {
+ return expireTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+ } else {
+ return expireTimeBuilder_.getMessage();
+ }
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public Builder setExpireTime(com.google.protobuf.Timestamp value) {
+ if (expireTimeBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ expireTime_ = value;
+ onChanged();
+ } else {
+ expireTimeBuilder_.setMessage(value);
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public Builder setExpireTime(
+ com.google.protobuf.Timestamp.Builder builderForValue) {
+ if (expireTimeBuilder_ == null) {
+ expireTime_ = builderForValue.build();
+ onChanged();
+ } else {
+ expireTimeBuilder_.setMessage(builderForValue.build());
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public Builder mergeExpireTime(com.google.protobuf.Timestamp value) {
+ if (expireTimeBuilder_ == null) {
+ if (expireTime_ != null) {
+ expireTime_ =
+ com.google.protobuf.Timestamp.newBuilder(expireTime_).mergeFrom(value).buildPartial();
+ } else {
+ expireTime_ = value;
+ }
+ onChanged();
+ } else {
+ expireTimeBuilder_.mergeFrom(value);
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public Builder clearExpireTime() {
+ if (expireTimeBuilder_ == null) {
+ expireTime_ = null;
+ onChanged();
+ } else {
+ expireTime_ = null;
+ expireTimeBuilder_ = null;
+ }
+
+ return this;
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public com.google.protobuf.Timestamp.Builder getExpireTimeBuilder() {
+
+ onChanged();
+ return getExpireTimeFieldBuilder().getBuilder();
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+ if (expireTimeBuilder_ != null) {
+ return expireTimeBuilder_.getMessageOrBuilder();
+ } else {
+ return expireTime_ == null ?
+ com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+ }
+ }
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ private com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Timestamp, com.google.protobuf.Timestamp.Builder, com.google.protobuf.TimestampOrBuilder>
+ getExpireTimeFieldBuilder() {
+ if (expireTimeBuilder_ == null) {
+ expireTimeBuilder_ = new com.google.protobuf.SingleFieldBuilderV3<
+ com.google.protobuf.Timestamp, com.google.protobuf.Timestamp.Builder, com.google.protobuf.TimestampOrBuilder>(
+ getExpireTime(),
+ getParentForChildren(),
+ isClean());
+ expireTime_ = null;
+ }
+ return expireTimeBuilder_;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse)
+ private static final com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse();
+ }
+
+ public static com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser+ * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ java.lang.String getAccessToken();
+ /**
+ * + * The OAuth 2.0 access token. + *+ * + *
string access_token = 1;
+ */
+ com.google.protobuf.ByteString
+ getAccessTokenBytes();
+
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ boolean hasExpireTime();
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ com.google.protobuf.Timestamp getExpireTime();
+ /**
+ * + * Token expiration time. + * The expiration time is always set. + *+ * + *
.google.protobuf.Timestamp expire_time = 2;
+ */
+ com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/IAMCredentialsCommonProto.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/IAMCredentialsCommonProto.java
new file mode 100644
index 000000000000..deaf41eaff0e
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/IAMCredentialsCommonProto.java
@@ -0,0 +1,184 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+public final class IAMCredentialsCommonProto {
+ private IAMCredentialsCommonProto() {}
+ public static void registerAllExtensions(
+ com.google.protobuf.ExtensionRegistryLite registry) {
+ }
+
+ public static void registerAllExtensions(
+ com.google.protobuf.ExtensionRegistry registry) {
+ registerAllExtensions(
+ (com.google.protobuf.ExtensionRegistryLite) registry);
+ }
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_SignBlobRequest_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_fieldAccessorTable;
+ static final com.google.protobuf.Descriptors.Descriptor
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_descriptor;
+ static final
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_fieldAccessorTable;
+
+ public static com.google.protobuf.Descriptors.FileDescriptor
+ getDescriptor() {
+ return descriptor;
+ }
+ private static com.google.protobuf.Descriptors.FileDescriptor
+ descriptor;
+ static {
+ java.lang.String[] descriptorData = {
+ "\n&google/iam/credentials/v1/common.proto" +
+ "\022\031google.iam.credentials.v1\032\036google/prot" +
+ "obuf/duration.proto\032\037google/protobuf/tim" +
+ "estamp.proto\"y\n\032GenerateAccessTokenReque" +
+ "st\022\014\n\004name\030\001 \001(\t\022\021\n\tdelegates\030\002 \003(\t\022\r\n\005s" +
+ "cope\030\004 \003(\t\022+\n\010lifetime\030\007 \001(\0132\031.google.pr" +
+ "otobuf.Duration\"d\n\033GenerateAccessTokenRe" +
+ "sponse\022\024\n\014access_token\030\001 \001(\t\022/\n\013expire_t" +
+ "ime\030\003 \001(\0132\032.google.protobuf.Timestamp\"C\n" +
+ "\017SignBlobRequest\022\014\n\004name\030\001 \001(\t\022\021\n\tdelega" +
+ "tes\030\003 \003(\t\022\017\n\007payload\030\005 \001(\014\"7\n\020SignBlobRe" +
+ "sponse\022\016\n\006key_id\030\001 \001(\t\022\023\n\013signed_blob\030\004 " +
+ "\001(\014\"B\n\016SignJwtRequest\022\014\n\004name\030\001 \001(\t\022\021\n\td" +
+ "elegates\030\003 \003(\t\022\017\n\007payload\030\005 \001(\t\"5\n\017SignJ" +
+ "wtResponse\022\016\n\006key_id\030\001 \001(\t\022\022\n\nsigned_jwt" +
+ "\030\002 \001(\t\"b\n\026GenerateIdTokenRequest\022\014\n\004name" +
+ "\030\001 \001(\t\022\021\n\tdelegates\030\002 \003(\t\022\020\n\010audience\030\003 " +
+ "\001(\t\022\025\n\rinclude_email\030\004 \001(\010\"(\n\027GenerateId" +
+ "TokenResponse\022\r\n\005token\030\001 \001(\t\"U\n)Generate" +
+ "IdentityBindingAccessTokenRequest\022\014\n\004nam" +
+ "e\030\001 \001(\t\022\r\n\005scope\030\002 \003(\t\022\013\n\003jwt\030\003 \001(\t\"s\n*G" +
+ "enerateIdentityBindingAccessTokenRespons" +
+ "e\022\024\n\014access_token\030\001 \001(\t\022/\n\013expire_time\030\002" +
+ " \001(\0132\032.google.protobuf.TimestampB\205\001\n\035com" +
+ ".google.iam.credentials.v1B\031IAMCredentia" +
+ "lsCommonProtoP\001ZDgoogle.golang.org/genpr" +
+ "oto/googleapis/iam/credentials/v1;creden" +
+ "tials\370\001\001b\006proto3"
+ };
+ com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner =
+ new com.google.protobuf.Descriptors.FileDescriptor. InternalDescriptorAssigner() {
+ public com.google.protobuf.ExtensionRegistry assignDescriptors(
+ com.google.protobuf.Descriptors.FileDescriptor root) {
+ descriptor = root;
+ return null;
+ }
+ };
+ com.google.protobuf.Descriptors.FileDescriptor
+ .internalBuildGeneratedFileFrom(descriptorData,
+ new com.google.protobuf.Descriptors.FileDescriptor[] {
+ com.google.protobuf.DurationProto.getDescriptor(),
+ com.google.protobuf.TimestampProto.getDescriptor(),
+ }, assigner);
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor =
+ getDescriptor().getMessageTypes().get(0);
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor,
+ new java.lang.String[] { "Name", "Delegates", "Scope", "Lifetime", });
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor =
+ getDescriptor().getMessageTypes().get(1);
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor,
+ new java.lang.String[] { "AccessToken", "ExpireTime", });
+ internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor =
+ getDescriptor().getMessageTypes().get(2);
+ internal_static_google_iam_credentials_v1_SignBlobRequest_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor,
+ new java.lang.String[] { "Name", "Delegates", "Payload", });
+ internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor =
+ getDescriptor().getMessageTypes().get(3);
+ internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor,
+ new java.lang.String[] { "KeyId", "SignedBlob", });
+ internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor =
+ getDescriptor().getMessageTypes().get(4);
+ internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor,
+ new java.lang.String[] { "Name", "Delegates", "Payload", });
+ internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor =
+ getDescriptor().getMessageTypes().get(5);
+ internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor,
+ new java.lang.String[] { "KeyId", "SignedJwt", });
+ internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor =
+ getDescriptor().getMessageTypes().get(6);
+ internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor,
+ new java.lang.String[] { "Name", "Delegates", "Audience", "IncludeEmail", });
+ internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor =
+ getDescriptor().getMessageTypes().get(7);
+ internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor,
+ new java.lang.String[] { "Token", });
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_descriptor =
+ getDescriptor().getMessageTypes().get(8);
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenRequest_descriptor,
+ new java.lang.String[] { "Name", "Scope", "Jwt", });
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_descriptor =
+ getDescriptor().getMessageTypes().get(9);
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_fieldAccessorTable = new
+ com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+ internal_static_google_iam_credentials_v1_GenerateIdentityBindingAccessTokenResponse_descriptor,
+ new java.lang.String[] { "AccessToken", "ExpireTime", });
+ com.google.protobuf.DurationProto.getDescriptor();
+ com.google.protobuf.TimestampProto.getDescriptor();
+ }
+
+ // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/ServiceAccountName.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/ServiceAccountName.java
new file mode 100644
index 000000000000..0df6138f644a
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/ServiceAccountName.java
@@ -0,0 +1,189 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.google.iam.credentials.v1;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import java.util.Map;
+import java.util.ArrayList;
+import java.util.List;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+@javax.annotation.Generated("by GAPIC protoc plugin")
+public class ServiceAccountName implements ResourceName {
+
+ private static final PathTemplate PATH_TEMPLATE =
+ PathTemplate.createWithoutUrlEncoding("projects/{project}/serviceAccounts/{service_account}");
+
+ private volatile Map
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int DELEGATES_FIELD_NUMBER = 3;
+ private com.google.protobuf.LazyStringList delegates_;
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+
+ public static final int PAYLOAD_FIELD_NUMBER = 5;
+ private com.google.protobuf.ByteString payload_;
+ /**
+ * + * The bytes to sign. + *+ * + *
bytes payload = 5;
+ */
+ public com.google.protobuf.ByteString getPayload() {
+ return payload_;
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getNameBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+ }
+ for (int i = 0; i < delegates_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 3, delegates_.getRaw(i));
+ }
+ if (!payload_.isEmpty()) {
+ output.writeBytes(5, payload_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getNameBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+ }
+ {
+ int dataSize = 0;
+ for (int i = 0; i < delegates_.size(); i++) {
+ dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getDelegatesList().size();
+ }
+ if (!payload_.isEmpty()) {
+ size += com.google.protobuf.CodedOutputStream
+ .computeBytesSize(5, payload_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.SignBlobRequest)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.SignBlobRequest other = (com.google.iam.credentials.v1.SignBlobRequest) obj;
+
+ boolean result = true;
+ result = result && getName()
+ .equals(other.getName());
+ result = result && getDelegatesList()
+ .equals(other.getDelegatesList());
+ result = result && getPayload()
+ .equals(other.getPayload());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getName().hashCode();
+ if (getDelegatesCount() > 0) {
+ hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+ hash = (53 * hash) + getDelegatesList().hashCode();
+ }
+ hash = (37 * hash) + PAYLOAD_FIELD_NUMBER;
+ hash = (53 * hash) + getPayload().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignBlobRequest parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.SignBlobRequest prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.SignBlobRequest}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setName(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder clearName() {
+
+ name_ = getDefaultInstance().getName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setNameBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.LazyStringList delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureDelegatesIsMutable() {
+ if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+ bitField0_ |= 0x00000002;
+ }
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_.getUnmodifiableView();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder setDelegates(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder addDelegates(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder addAllDelegates(
+ java.lang.Iterable
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder clearDelegates() {
+ delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000002);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder addDelegatesBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.ByteString payload_ = com.google.protobuf.ByteString.EMPTY;
+ /**
+ * + * The bytes to sign. + *+ * + *
bytes payload = 5;
+ */
+ public com.google.protobuf.ByteString getPayload() {
+ return payload_;
+ }
+ /**
+ * + * The bytes to sign. + *+ * + *
bytes payload = 5;
+ */
+ public Builder setPayload(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ payload_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The bytes to sign. + *+ * + *
bytes payload = 5;
+ */
+ public Builder clearPayload() {
+
+ payload_ = getDefaultInstance().getPayload();
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignBlobRequest)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignBlobRequest)
+ private static final com.google.iam.credentials.v1.SignBlobRequest DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.SignBlobRequest();
+ }
+
+ public static com.google.iam.credentials.v1.SignBlobRequest getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ java.lang.String getName();
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ com.google.protobuf.ByteString
+ getNameBytes();
+
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ java.util.List
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ int getDelegatesCount();
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ java.lang.String getDelegates(int index);
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ com.google.protobuf.ByteString
+ getDelegatesBytes(int index);
+
+ /**
+ * + * The bytes to sign. + *+ * + *
bytes payload = 5;
+ */
+ com.google.protobuf.ByteString getPayload();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignBlobResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignBlobResponse.java
new file mode 100644
index 000000000000..4b1532342c2e
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignBlobResponse.java
@@ -0,0 +1,646 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.SignBlobResponse}
+ */
+public final class SignBlobResponse extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignBlobResponse)
+ SignBlobResponseOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use SignBlobResponse.newBuilder() to construct.
+ private SignBlobResponse(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private SignBlobResponse() {
+ keyId_ = "";
+ signedBlob_ = com.google.protobuf.ByteString.EMPTY;
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private SignBlobResponse(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ keyId_ = s;
+ break;
+ }
+ case 34: {
+
+ signedBlob_ = input.readBytes();
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.SignBlobResponse.class, com.google.iam.credentials.v1.SignBlobResponse.Builder.class);
+ }
+
+ public static final int KEY_ID_FIELD_NUMBER = 1;
+ private volatile java.lang.Object keyId_;
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public java.lang.String getKeyId() {
+ java.lang.Object ref = keyId_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ keyId_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public com.google.protobuf.ByteString
+ getKeyIdBytes() {
+ java.lang.Object ref = keyId_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ keyId_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int SIGNED_BLOB_FIELD_NUMBER = 4;
+ private com.google.protobuf.ByteString signedBlob_;
+ /**
+ * + * The signed blob. + *+ * + *
bytes signed_blob = 4;
+ */
+ public com.google.protobuf.ByteString getSignedBlob() {
+ return signedBlob_;
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getKeyIdBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, keyId_);
+ }
+ if (!signedBlob_.isEmpty()) {
+ output.writeBytes(4, signedBlob_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getKeyIdBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, keyId_);
+ }
+ if (!signedBlob_.isEmpty()) {
+ size += com.google.protobuf.CodedOutputStream
+ .computeBytesSize(4, signedBlob_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.SignBlobResponse)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.SignBlobResponse other = (com.google.iam.credentials.v1.SignBlobResponse) obj;
+
+ boolean result = true;
+ result = result && getKeyId()
+ .equals(other.getKeyId());
+ result = result && getSignedBlob()
+ .equals(other.getSignedBlob());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + KEY_ID_FIELD_NUMBER;
+ hash = (53 * hash) + getKeyId().hashCode();
+ hash = (37 * hash) + SIGNED_BLOB_FIELD_NUMBER;
+ hash = (53 * hash) + getSignedBlob().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignBlobResponse parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.SignBlobResponse prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.SignBlobResponse}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder+ * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public java.lang.String getKeyId() {
+ java.lang.Object ref = keyId_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ keyId_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public com.google.protobuf.ByteString
+ getKeyIdBytes() {
+ java.lang.Object ref = keyId_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ keyId_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public Builder setKeyId(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ keyId_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public Builder clearKeyId() {
+
+ keyId_ = getDefaultInstance().getKeyId();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ public Builder setKeyIdBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ keyId_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.ByteString signedBlob_ = com.google.protobuf.ByteString.EMPTY;
+ /**
+ * + * The signed blob. + *+ * + *
bytes signed_blob = 4;
+ */
+ public com.google.protobuf.ByteString getSignedBlob() {
+ return signedBlob_;
+ }
+ /**
+ * + * The signed blob. + *+ * + *
bytes signed_blob = 4;
+ */
+ public Builder setSignedBlob(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ signedBlob_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The signed blob. + *+ * + *
bytes signed_blob = 4;
+ */
+ public Builder clearSignedBlob() {
+
+ signedBlob_ = getDefaultInstance().getSignedBlob();
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignBlobResponse)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignBlobResponse)
+ private static final com.google.iam.credentials.v1.SignBlobResponse DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.SignBlobResponse();
+ }
+
+ public static com.google.iam.credentials.v1.SignBlobResponse getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser+ * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ java.lang.String getKeyId();
+ /**
+ * + * The ID of the key used to sign the blob. + *+ * + *
string key_id = 1;
+ */
+ com.google.protobuf.ByteString
+ getKeyIdBytes();
+
+ /**
+ * + * The signed blob. + *+ * + *
bytes signed_blob = 4;
+ */
+ com.google.protobuf.ByteString getSignedBlob();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignJwtRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignJwtRequest.java
new file mode 100644
index 000000000000..655535f9489f
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignJwtRequest.java
@@ -0,0 +1,1056 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.SignJwtRequest}
+ */
+public final class SignJwtRequest extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignJwtRequest)
+ SignJwtRequestOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use SignJwtRequest.newBuilder() to construct.
+ private SignJwtRequest(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private SignJwtRequest() {
+ name_ = "";
+ delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ payload_ = "";
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private SignJwtRequest(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ name_ = s;
+ break;
+ }
+ case 26: {
+ java.lang.String s = input.readStringRequireUtf8();
+ if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = new com.google.protobuf.LazyStringArrayList();
+ mutable_bitField0_ |= 0x00000002;
+ }
+ delegates_.add(s);
+ break;
+ }
+ case 42: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ payload_ = s;
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = delegates_.getUnmodifiableView();
+ }
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.SignJwtRequest.class, com.google.iam.credentials.v1.SignJwtRequest.Builder.class);
+ }
+
+ private int bitField0_;
+ public static final int NAME_FIELD_NUMBER = 1;
+ private volatile java.lang.Object name_;
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int DELEGATES_FIELD_NUMBER = 3;
+ private com.google.protobuf.LazyStringList delegates_;
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+
+ public static final int PAYLOAD_FIELD_NUMBER = 5;
+ private volatile java.lang.Object payload_;
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public java.lang.String getPayload() {
+ java.lang.Object ref = payload_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ payload_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public com.google.protobuf.ByteString
+ getPayloadBytes() {
+ java.lang.Object ref = payload_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ payload_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getNameBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+ }
+ for (int i = 0; i < delegates_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 3, delegates_.getRaw(i));
+ }
+ if (!getPayloadBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 5, payload_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getNameBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+ }
+ {
+ int dataSize = 0;
+ for (int i = 0; i < delegates_.size(); i++) {
+ dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getDelegatesList().size();
+ }
+ if (!getPayloadBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, payload_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.SignJwtRequest)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.SignJwtRequest other = (com.google.iam.credentials.v1.SignJwtRequest) obj;
+
+ boolean result = true;
+ result = result && getName()
+ .equals(other.getName());
+ result = result && getDelegatesList()
+ .equals(other.getDelegatesList());
+ result = result && getPayload()
+ .equals(other.getPayload());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + NAME_FIELD_NUMBER;
+ hash = (53 * hash) + getName().hashCode();
+ if (getDelegatesCount() > 0) {
+ hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+ hash = (53 * hash) + getDelegatesList().hashCode();
+ }
+ hash = (37 * hash) + PAYLOAD_FIELD_NUMBER;
+ hash = (53 * hash) + getPayload().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignJwtRequest parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.SignJwtRequest prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.SignJwtRequest}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public java.lang.String getName() {
+ java.lang.Object ref = name_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ name_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public com.google.protobuf.ByteString
+ getNameBytes() {
+ java.lang.Object ref = name_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ name_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setName(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder clearName() {
+
+ name_ = getDefaultInstance().getName();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ public Builder setNameBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ name_ = value;
+ onChanged();
+ return this;
+ }
+
+ private com.google.protobuf.LazyStringList delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureDelegatesIsMutable() {
+ if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+ delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+ bitField0_ |= 0x00000002;
+ }
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ProtocolStringList
+ getDelegatesList() {
+ return delegates_.getUnmodifiableView();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public int getDelegatesCount() {
+ return delegates_.size();
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public java.lang.String getDelegates(int index) {
+ return delegates_.get(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public com.google.protobuf.ByteString
+ getDelegatesBytes(int index) {
+ return delegates_.getByteString(index);
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder setDelegates(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder addDelegates(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder addAllDelegates(
+ java.lang.Iterable
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder clearDelegates() {
+ delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000002);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ public Builder addDelegatesBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureDelegatesIsMutable();
+ delegates_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object payload_ = "";
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public java.lang.String getPayload() {
+ java.lang.Object ref = payload_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ payload_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public com.google.protobuf.ByteString
+ getPayloadBytes() {
+ java.lang.Object ref = payload_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ payload_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public Builder setPayload(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ payload_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public Builder clearPayload() {
+
+ payload_ = getDefaultInstance().getPayload();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ public Builder setPayloadBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ payload_ = value;
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignJwtRequest)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignJwtRequest)
+ private static final com.google.iam.credentials.v1.SignJwtRequest DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.SignJwtRequest();
+ }
+
+ public static com.google.iam.credentials.v1.SignJwtRequest getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ java.lang.String getName();
+ /**
+ *
+ * The resource name of the service account for which the credentials
+ * are requested, in the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ *
+ *
+ * string name = 1;
+ */
+ com.google.protobuf.ByteString
+ getNameBytes();
+
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ java.util.List
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ int getDelegatesCount();
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ java.lang.String getDelegates(int index);
+ /**
+ *
+ * The sequence of service accounts in a delegation chain. Each service
+ * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on its next service account in the chain. The last service account in the
+ * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ * on the service account that is specified in the `name` field of the
+ * request.
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ *
+ *
+ * repeated string delegates = 3;
+ */
+ com.google.protobuf.ByteString
+ getDelegatesBytes(int index);
+
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ java.lang.String getPayload();
+ /**
+ * + * The JWT payload to sign: a JSON object that contains a JWT Claims Set. + *+ * + *
string payload = 5;
+ */
+ com.google.protobuf.ByteString
+ getPayloadBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignJwtResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignJwtResponse.java
new file mode 100644
index 000000000000..c84048a3ff40
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/iam/credentials/v1/SignJwtResponse.java
@@ -0,0 +1,724 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.iam.credentials.v1;
+
+/**
+ * Protobuf type {@code google.iam.credentials.v1.SignJwtResponse}
+ */
+public final class SignJwtResponse extends
+ com.google.protobuf.GeneratedMessageV3 implements
+ // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignJwtResponse)
+ SignJwtResponseOrBuilder {
+private static final long serialVersionUID = 0L;
+ // Use SignJwtResponse.newBuilder() to construct.
+ private SignJwtResponse(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+ super(builder);
+ }
+ private SignJwtResponse() {
+ keyId_ = "";
+ signedJwt_ = "";
+ }
+
+ @java.lang.Override
+ public final com.google.protobuf.UnknownFieldSet
+ getUnknownFields() {
+ return this.unknownFields;
+ }
+ private SignJwtResponse(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ this();
+ if (extensionRegistry == null) {
+ throw new java.lang.NullPointerException();
+ }
+ int mutable_bitField0_ = 0;
+ com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+ com.google.protobuf.UnknownFieldSet.newBuilder();
+ try {
+ boolean done = false;
+ while (!done) {
+ int tag = input.readTag();
+ switch (tag) {
+ case 0:
+ done = true;
+ break;
+ case 10: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ keyId_ = s;
+ break;
+ }
+ case 18: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ signedJwt_ = s;
+ break;
+ }
+ default: {
+ if (!parseUnknownFieldProto3(
+ input, unknownFields, extensionRegistry, tag)) {
+ done = true;
+ }
+ break;
+ }
+ }
+ }
+ } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+ throw e.setUnfinishedMessage(this);
+ } catch (java.io.IOException e) {
+ throw new com.google.protobuf.InvalidProtocolBufferException(
+ e).setUnfinishedMessage(this);
+ } finally {
+ this.unknownFields = unknownFields.build();
+ makeExtensionsImmutable();
+ }
+ }
+ public static final com.google.protobuf.Descriptors.Descriptor
+ getDescriptor() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor;
+ }
+
+ @java.lang.Override
+ protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+ internalGetFieldAccessorTable() {
+ return com.google.iam.credentials.v1.IAMCredentialsCommonProto.internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable
+ .ensureFieldAccessorsInitialized(
+ com.google.iam.credentials.v1.SignJwtResponse.class, com.google.iam.credentials.v1.SignJwtResponse.Builder.class);
+ }
+
+ public static final int KEY_ID_FIELD_NUMBER = 1;
+ private volatile java.lang.Object keyId_;
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public java.lang.String getKeyId() {
+ java.lang.Object ref = keyId_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ keyId_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public com.google.protobuf.ByteString
+ getKeyIdBytes() {
+ java.lang.Object ref = keyId_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ keyId_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ public static final int SIGNED_JWT_FIELD_NUMBER = 2;
+ private volatile java.lang.Object signedJwt_;
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public java.lang.String getSignedJwt() {
+ java.lang.Object ref = signedJwt_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ signedJwt_ = s;
+ return s;
+ }
+ }
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public com.google.protobuf.ByteString
+ getSignedJwtBytes() {
+ java.lang.Object ref = signedJwt_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ signedJwt_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
+ private byte memoizedIsInitialized = -1;
+ @java.lang.Override
+ public final boolean isInitialized() {
+ byte isInitialized = memoizedIsInitialized;
+ if (isInitialized == 1) return true;
+ if (isInitialized == 0) return false;
+
+ memoizedIsInitialized = 1;
+ return true;
+ }
+
+ @java.lang.Override
+ public void writeTo(com.google.protobuf.CodedOutputStream output)
+ throws java.io.IOException {
+ if (!getKeyIdBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 1, keyId_);
+ }
+ if (!getSignedJwtBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, signedJwt_);
+ }
+ unknownFields.writeTo(output);
+ }
+
+ @java.lang.Override
+ public int getSerializedSize() {
+ int size = memoizedSize;
+ if (size != -1) return size;
+
+ size = 0;
+ if (!getKeyIdBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, keyId_);
+ }
+ if (!getSignedJwtBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, signedJwt_);
+ }
+ size += unknownFields.getSerializedSize();
+ memoizedSize = size;
+ return size;
+ }
+
+ @java.lang.Override
+ public boolean equals(final java.lang.Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof com.google.iam.credentials.v1.SignJwtResponse)) {
+ return super.equals(obj);
+ }
+ com.google.iam.credentials.v1.SignJwtResponse other = (com.google.iam.credentials.v1.SignJwtResponse) obj;
+
+ boolean result = true;
+ result = result && getKeyId()
+ .equals(other.getKeyId());
+ result = result && getSignedJwt()
+ .equals(other.getSignedJwt());
+ result = result && unknownFields.equals(other.unknownFields);
+ return result;
+ }
+
+ @java.lang.Override
+ public int hashCode() {
+ if (memoizedHashCode != 0) {
+ return memoizedHashCode;
+ }
+ int hash = 41;
+ hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + KEY_ID_FIELD_NUMBER;
+ hash = (53 * hash) + getKeyId().hashCode();
+ hash = (37 * hash) + SIGNED_JWT_FIELD_NUMBER;
+ hash = (53 * hash) + getSignedJwt().hashCode();
+ hash = (29 * hash) + unknownFields.hashCode();
+ memoizedHashCode = hash;
+ return hash;
+ }
+
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ java.nio.ByteBuffer data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ java.nio.ByteBuffer data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ com.google.protobuf.ByteString data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ com.google.protobuf.ByteString data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(byte[] data)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ byte[] data,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws com.google.protobuf.InvalidProtocolBufferException {
+ return PARSER.parseFrom(data, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseDelimitedFrom(java.io.InputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseDelimitedFrom(
+ java.io.InputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ com.google.protobuf.CodedInputStream input)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input);
+ }
+ public static com.google.iam.credentials.v1.SignJwtResponse parseFrom(
+ com.google.protobuf.CodedInputStream input,
+ com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+ throws java.io.IOException {
+ return com.google.protobuf.GeneratedMessageV3
+ .parseWithIOException(PARSER, input, extensionRegistry);
+ }
+
+ @java.lang.Override
+ public Builder newBuilderForType() { return newBuilder(); }
+ public static Builder newBuilder() {
+ return DEFAULT_INSTANCE.toBuilder();
+ }
+ public static Builder newBuilder(com.google.iam.credentials.v1.SignJwtResponse prototype) {
+ return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+ }
+ @java.lang.Override
+ public Builder toBuilder() {
+ return this == DEFAULT_INSTANCE
+ ? new Builder() : new Builder().mergeFrom(this);
+ }
+
+ @java.lang.Override
+ protected Builder newBuilderForType(
+ com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+ Builder builder = new Builder(parent);
+ return builder;
+ }
+ /**
+ * Protobuf type {@code google.iam.credentials.v1.SignJwtResponse}
+ */
+ public static final class Builder extends
+ com.google.protobuf.GeneratedMessageV3.Builder+ * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public java.lang.String getKeyId() {
+ java.lang.Object ref = keyId_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ keyId_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public com.google.protobuf.ByteString
+ getKeyIdBytes() {
+ java.lang.Object ref = keyId_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ keyId_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public Builder setKeyId(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ keyId_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public Builder clearKeyId() {
+
+ keyId_ = getDefaultInstance().getKeyId();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ public Builder setKeyIdBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ keyId_ = value;
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object signedJwt_ = "";
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public java.lang.String getSignedJwt() {
+ java.lang.Object ref = signedJwt_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ signedJwt_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public com.google.protobuf.ByteString
+ getSignedJwtBytes() {
+ java.lang.Object ref = signedJwt_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ signedJwt_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public Builder setSignedJwt(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ signedJwt_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public Builder clearSignedJwt() {
+
+ signedJwt_ = getDefaultInstance().getSignedJwt();
+ onChanged();
+ return this;
+ }
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ public Builder setSignedJwtBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ signedJwt_ = value;
+ onChanged();
+ return this;
+ }
+ @java.lang.Override
+ public final Builder setUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.setUnknownFieldsProto3(unknownFields);
+ }
+
+ @java.lang.Override
+ public final Builder mergeUnknownFields(
+ final com.google.protobuf.UnknownFieldSet unknownFields) {
+ return super.mergeUnknownFields(unknownFields);
+ }
+
+
+ // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignJwtResponse)
+ }
+
+ // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignJwtResponse)
+ private static final com.google.iam.credentials.v1.SignJwtResponse DEFAULT_INSTANCE;
+ static {
+ DEFAULT_INSTANCE = new com.google.iam.credentials.v1.SignJwtResponse();
+ }
+
+ public static com.google.iam.credentials.v1.SignJwtResponse getDefaultInstance() {
+ return DEFAULT_INSTANCE;
+ }
+
+ private static final com.google.protobuf.Parser+ * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ java.lang.String getKeyId();
+ /**
+ * + * The ID of the key used to sign the JWT. + *+ * + *
string key_id = 1;
+ */
+ com.google.protobuf.ByteString
+ getKeyIdBytes();
+
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ java.lang.String getSignedJwt();
+ /**
+ * + * The signed JWT. + *+ * + *
string signed_jwt = 2;
+ */
+ com.google.protobuf.ByteString
+ getSignedJwtBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/google/iam/credentials/v1/Iamcredentials.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/google/iam/credentials/v1/Iamcredentials.java
new file mode 100644
index 000000000000..656b33b2d6ea
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/google/iam/credentials/v1/Iamcredentials.java
@@ -0,0 +1,82 @@
+// Generated by the protocol buffer compiler. DO NOT EDIT!
+// source: google/iam/credentials/v1/iamcredentials.proto
+
+package google.iam.credentials.v1;
+
+public final class Iamcredentials {
+ private Iamcredentials() {}
+ public static void registerAllExtensions(
+ com.google.protobuf.ExtensionRegistryLite registry) {
+ }
+
+ public static void registerAllExtensions(
+ com.google.protobuf.ExtensionRegistry registry) {
+ registerAllExtensions(
+ (com.google.protobuf.ExtensionRegistryLite) registry);
+ }
+
+ public static com.google.protobuf.Descriptors.FileDescriptor
+ getDescriptor() {
+ return descriptor;
+ }
+ private static com.google.protobuf.Descriptors.FileDescriptor
+ descriptor;
+ static {
+ java.lang.String[] descriptorData = {
+ "\n.google/iam/credentials/v1/iamcredentia" +
+ "ls.proto\022\031google.iam.credentials.v1\032\034goo" +
+ "gle/api/annotations.proto\032&google/iam/cr" +
+ "edentials/v1/common.proto2\353\007\n\016IAMCredent" +
+ "ials\022\314\001\n\023GenerateAccessToken\0225.google.ia" +
+ "m.credentials.v1.GenerateAccessTokenRequ" +
+ "est\0326.google.iam.credentials.v1.Generate" +
+ "AccessTokenResponse\"F\202\323\344\223\002@\";/v1/{name=p" +
+ "rojects/*/serviceAccounts/*}:generateAcc" +
+ "essToken:\001*\022\274\001\n\017GenerateIdToken\0221.google" +
+ ".iam.credentials.v1.GenerateIdTokenReque" +
+ "st\0322.google.iam.credentials.v1.GenerateI" +
+ "dTokenResponse\"B\202\323\344\223\002<\"7/v1/{name=projec" +
+ "ts/*/serviceAccounts/*}:generateIdToken:" +
+ "\001*\022\240\001\n\010SignBlob\022*.google.iam.credentials" +
+ ".v1.SignBlobRequest\032+.google.iam.credent" +
+ "ials.v1.SignBlobResponse\";\202\323\344\223\0025\"0/v1/{n" +
+ "ame=projects/*/serviceAccounts/*}:signBl" +
+ "ob:\001*\022\234\001\n\007SignJwt\022).google.iam.credentia" +
+ "ls.v1.SignJwtRequest\032*.google.iam.creden" +
+ "tials.v1.SignJwtResponse\":\202\323\344\223\0024\"//v1/{n" +
+ "ame=projects/*/serviceAccounts/*}:signJw" +
+ "t:\001*\022\210\002\n\"GenerateIdentityBindingAccessTo" +
+ "ken\022D.google.iam.credentials.v1.Generate" +
+ "IdentityBindingAccessTokenRequest\032E.goog" +
+ "le.iam.credentials.v1.GenerateIdentityBi" +
+ "ndingAccessTokenResponse\"U\202\323\344\223\002O\"J/v1/{n" +
+ "ame=projects/*/serviceAccounts/*}:genera" +
+ "teIdentityBindingAccessToken:\001*BIZDgoogl" +
+ "e.golang.org/genproto/googleapis/iam/cre" +
+ "dentials/v1;credentials\370\001\001b\006proto3"
+ };
+ com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner =
+ new com.google.protobuf.Descriptors.FileDescriptor. InternalDescriptorAssigner() {
+ public com.google.protobuf.ExtensionRegistry assignDescriptors(
+ com.google.protobuf.Descriptors.FileDescriptor root) {
+ descriptor = root;
+ return null;
+ }
+ };
+ com.google.protobuf.Descriptors.FileDescriptor
+ .internalBuildGeneratedFileFrom(descriptorData,
+ new com.google.protobuf.Descriptors.FileDescriptor[] {
+ com.google.api.AnnotationsProto.getDescriptor(),
+ com.google.iam.credentials.v1.IAMCredentialsCommonProto.getDescriptor(),
+ }, assigner);
+ com.google.protobuf.ExtensionRegistry registry =
+ com.google.protobuf.ExtensionRegistry.newInstance();
+ registry.add(com.google.api.AnnotationsProto.http);
+ com.google.protobuf.Descriptors.FileDescriptor
+ .internalUpdateFileDescriptor(descriptor, registry);
+ com.google.api.AnnotationsProto.getDescriptor();
+ com.google.iam.credentials.v1.IAMCredentialsCommonProto.getDescriptor();
+ }
+
+ // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/common.proto b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/common.proto
new file mode 100644
index 000000000000..19997df00008
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/common.proto
@@ -0,0 +1,224 @@
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.credentials.v1;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
+option java_multiple_files = true;
+option java_outer_classname = "IAMCredentialsCommonProto";
+option java_package = "com.google.iam.credentials.v1";
+
+
+message GenerateAccessTokenRequest {
+ // The resource name of the service account for which the credentials
+ // are requested, in the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ string name = 1;
+
+ // The sequence of service accounts in a delegation chain. Each service
+ // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on its next service account in the chain. The last service account in the
+ // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on the service account that is specified in the `name` field of the
+ // request.
+ //
+ // The delegates must have the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ repeated string delegates = 2;
+
+ // Code to identify the scopes to be included in the OAuth 2.0 access token.
+ // See https://developers.google.com/identity/protocols/googlescopes for more
+ // information.
+ // At least one value required.
+ repeated string scope = 4;
+
+ // The desired lifetime duration of the access token in seconds.
+ // Must be set to a value less than or equal to 3600 (1 hour). If a value is
+ // not specified, the token's lifetime will be set to a default value of one
+ // hour.
+ google.protobuf.Duration lifetime = 7;
+}
+
+message GenerateAccessTokenResponse {
+ // The OAuth 2.0 access token.
+ string access_token = 1;
+
+ // Token expiration time.
+ // The expiration time is always set.
+ google.protobuf.Timestamp expire_time = 3;
+}
+
+message SignBlobRequest {
+ // The resource name of the service account for which the credentials
+ // are requested, in the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ string name = 1;
+
+ // The sequence of service accounts in a delegation chain. Each service
+ // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on its next service account in the chain. The last service account in the
+ // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on the service account that is specified in the `name` field of the
+ // request.
+ //
+ // The delegates must have the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ repeated string delegates = 3;
+
+ // The bytes to sign.
+ bytes payload = 5;
+}
+
+message SignBlobResponse {
+ // The ID of the key used to sign the blob.
+ string key_id = 1;
+
+ // The signed blob.
+ bytes signed_blob = 4;
+}
+
+message SignJwtRequest {
+ // The resource name of the service account for which the credentials
+ // are requested, in the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ string name = 1;
+
+ // The sequence of service accounts in a delegation chain. Each service
+ // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on its next service account in the chain. The last service account in the
+ // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on the service account that is specified in the `name` field of the
+ // request.
+ //
+ // The delegates must have the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ repeated string delegates = 3;
+
+ // The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+ string payload = 5;
+}
+
+message SignJwtResponse {
+ // The ID of the key used to sign the JWT.
+ string key_id = 1;
+
+ // The signed JWT.
+ string signed_jwt = 2;
+}
+
+message GenerateIdTokenRequest {
+ // The resource name of the service account for which the credentials
+ // are requested, in the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ string name = 1;
+
+ // The sequence of service accounts in a delegation chain. Each service
+ // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on its next service account in the chain. The last service account in the
+ // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+ // on the service account that is specified in the `name` field of the
+ // request.
+ //
+ // The delegates must have the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ repeated string delegates = 2;
+
+ // The audience for the token, such as the API or account that this token
+ // grants access to.
+ string audience = 3;
+
+ // Include the service account email in the token. If set to `true`, the
+ // token will contain `email` and `email_verified` claims.
+ bool include_email = 4;
+}
+
+message GenerateIdTokenResponse {
+ // The OpenId Connect ID token.
+ string token = 1;
+}
+
+message GenerateIdentityBindingAccessTokenRequest {
+ // The resource name of the service account for which the credentials
+ // are requested, in the following format:
+ // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ string name = 1;
+
+ // Code to identify the scopes to be included in the OAuth 2.0 access token.
+ // See https://developers.google.com/identity/protocols/googlescopes for more
+ // information.
+ // At least one value required.
+ repeated string scope = 2;
+
+ // Required. Input token.
+ // Must be in JWT format according to
+ // RFC7523 (https://tools.ietf.org/html/rfc7523)
+ // and must have 'kid' field in the header.
+ // Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ // Mandatory payload fields (along the lines of RFC 7523, section 3):
+ // - iss: issuer of the token. Must provide a discovery document at
+ // $iss/.well-known/openid-configuration . The document needs to be
+ // formatted according to section 4.2 of the OpenID Connect Discovery
+ // 1.0 specification.
+ // - iat: Issue time in seconds since epoch. Must be in the past.
+ // - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ // after iat. We recommend to create tokens that last shorter than 6
+ // hours to improve security unless business reasons mandate longer
+ // expiration times. Shorter token lifetimes are generally more secure
+ // since tokens that have been exfiltrated by attackers can be used for
+ // a shorter time. you can configure the maximum lifetime of the
+ // incoming token in the configuration of the mapper.
+ // The resulting Google token will expire within an hour or at "exp",
+ // whichever is earlier.
+ // - sub: JWT subject, identity asserted in the JWT.
+ // - aud: Configured in the mapper policy. By default the service account
+ // email.
+ //
+ // Claims from the incoming token can be transferred into the output token
+ // accoding to the mapper configuration. The outgoing claim size is limited.
+ // Outgoing claims size must be less than 4kB serialized as JSON without
+ // whitespace.
+ //
+ // Example header:
+ // {
+ // "alg": "RS256",
+ // "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ // }
+ // Example payload:
+ // {
+ // "iss": "https://accounts.google.com",
+ // "iat": 1517963104,
+ // "exp": 1517966704,
+ // "aud": "https://iamcredentials.googleapis.com/",
+ // "sub": "113475438248934895348",
+ // "my_claims": {
+ // "additional_claim": "value"
+ // }
+ // }
+ string jwt = 3;
+}
+
+message GenerateIdentityBindingAccessTokenResponse {
+ // The OAuth 2.0 access token.
+ string access_token = 1;
+
+ // Token expiration time.
+ // The expiration time is always set.
+ google.protobuf.Timestamp expire_time = 2;
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/iamcredentials.proto b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/iamcredentials.proto
new file mode 100644
index 000000000000..4960d7203621
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/iamcredentials.proto
@@ -0,0 +1,78 @@
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.credentials.v1;
+
+import "google/api/annotations.proto";
+import "google/iam/credentials/v1/common.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
+
+
+// A service account is a special type of Google account that belongs to your
+// application or a virtual machine (VM), instead of to an individual end user.
+// Your application assumes the identity of the service account to call Google
+// APIs, so that the users aren't directly involved.
+//
+// Service account credentials are used to temporarily assume the identity
+// of the service account. Supported credential types include OAuth 2.0 access
+// tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+// more.
+service IAMCredentials {
+ // Generates an OAuth 2.0 access token for a service account.
+ rpc GenerateAccessToken(GenerateAccessTokenRequest) returns (GenerateAccessTokenResponse) {
+ option (google.api.http) = {
+ post: "/v1/{name=projects/*/serviceAccounts/*}:generateAccessToken"
+ body: "*"
+ };
+ }
+
+ // Generates an OpenID Connect ID token for a service account.
+ rpc GenerateIdToken(GenerateIdTokenRequest) returns (GenerateIdTokenResponse) {
+ option (google.api.http) = {
+ post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdToken"
+ body: "*"
+ };
+ }
+
+ // Signs a blob using a service account's system-managed private key.
+ rpc SignBlob(SignBlobRequest) returns (SignBlobResponse) {
+ option (google.api.http) = {
+ post: "/v1/{name=projects/*/serviceAccounts/*}:signBlob"
+ body: "*"
+ };
+ }
+
+ // Signs a JWT using a service account's system-managed private key.
+ rpc SignJwt(SignJwtRequest) returns (SignJwtResponse) {
+ option (google.api.http) = {
+ post: "/v1/{name=projects/*/serviceAccounts/*}:signJwt"
+ body: "*"
+ };
+ }
+
+ // Exchange a JWT signed by third party identity provider to an OAuth 2.0
+ // access token
+ rpc GenerateIdentityBindingAccessToken(
+ GenerateIdentityBindingAccessTokenRequest)
+ returns (GenerateIdentityBindingAccessTokenResponse) {
+ option (google.api.http) = {
+ post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdentityBindingAccessToken"
+ body: "*"
+ };
+ }
+}
diff --git a/google-cloud-bom/pom.xml b/google-cloud-bom/pom.xml
index 0de1eb33b7aa..6438972aa1b7 100644
--- a/google-cloud-bom/pom.xml
+++ b/google-cloud-bom/pom.xml
@@ -876,6 +876,21 @@
Service account credentials are used to temporarily assume the identity of the service + * account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, + * self-signed JSON Web Tokens (JWTs), and more. + * + *
This class provides the ability to make remote calls to the backing service through method + * calls that map to API methods. Sample code to get started: + * + *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> delegates = new ArrayList<>();
+ * List<String> scope = new ArrayList<>();
+ * Duration lifetime = Duration.newBuilder().build();
+ * GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(formattedName, delegates, scope, lifetime);
+ * }
+ *
+ *
+ *
+ * Note: close() needs to be called on the iamCredentialsClient object to clean up resources such + * as threads. In the example above, try-with-resources is used, which automatically calls close(). + * + *
The surface of this class includes several types of Java methods for each of the API's + * methods: + * + *
See the individual methods for example code. + * + *
Many parameters require resource names to be formatted in a particular way. To assist with + * these names, this class includes a format method for each type of name, and additionally a parse + * method to extract the individual identifiers contained within names that are returned. + * + *
This class can be customized by passing in a custom instance of IamCredentialsSettings to + * create(). For example: + * + *
To customize credentials: + * + *
+ *
+ * IamCredentialsSettings iamCredentialsSettings =
+ * IamCredentialsSettings.newBuilder()
+ * .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ * .build();
+ * IamCredentialsClient iamCredentialsClient =
+ * IamCredentialsClient.create(iamCredentialsSettings);
+ *
+ *
+ *
+ * To customize the endpoint:
+ *
+ *
+ *
+ * IamCredentialsSettings iamCredentialsSettings =
+ * IamCredentialsSettings.newBuilder().setEndpoint(myEndpoint).build();
+ * IamCredentialsClient iamCredentialsClient =
+ * IamCredentialsClient.create(iamCredentialsSettings);
+ *
+ *
+ */
+@Generated("by gapic-generator")
+@BetaApi
+public class IamCredentialsClient implements BackgroundResource {
+ private final IamCredentialsSettings settings;
+ private final IamCredentialsStub stub;
+
+ private static final PathTemplate SERVICE_ACCOUNT_PATH_TEMPLATE =
+ PathTemplate.createWithoutUrlEncoding("projects/{project}/serviceAccounts/{service_account}");
+
+ /**
+ * Formats a string containing the fully-qualified path to represent a service_account resource.
+ */
+ public static final String formatServiceAccountName(String project, String serviceAccount) {
+ return SERVICE_ACCOUNT_PATH_TEMPLATE.instantiate(
+ "project", project,
+ "service_account", serviceAccount);
+ }
+
+ /**
+ * Parses the project from the given fully-qualified path which represents a service_account
+ * resource.
+ */
+ public static final String parseProjectFromServiceAccountName(String serviceAccountName) {
+ return SERVICE_ACCOUNT_PATH_TEMPLATE.parse(serviceAccountName).get("project");
+ }
+
+ /**
+ * Parses the service_account from the given fully-qualified path which represents a
+ * service_account resource.
+ */
+ public static final String parseServiceAccountFromServiceAccountName(String serviceAccountName) {
+ return SERVICE_ACCOUNT_PATH_TEMPLATE.parse(serviceAccountName).get("service_account");
+ }
+
+ /** Constructs an instance of IamCredentialsClient with default settings. */
+ public static final IamCredentialsClient create() throws IOException {
+ return create(IamCredentialsSettings.newBuilder().build());
+ }
+
+ /**
+ * Constructs an instance of IamCredentialsClient, using the given settings. The channels are
+ * created based on the settings passed in, or defaults for any settings that are not set.
+ */
+ public static final IamCredentialsClient create(IamCredentialsSettings settings)
+ throws IOException {
+ return new IamCredentialsClient(settings);
+ }
+
+ /**
+ * Constructs an instance of IamCredentialsClient, using the given stub for making calls. This is
+ * for advanced usage - prefer to use IamCredentialsSettings}.
+ */
+ @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+ public static final IamCredentialsClient create(IamCredentialsStub stub) {
+ return new IamCredentialsClient(stub);
+ }
+
+ /**
+ * Constructs an instance of IamCredentialsClient, using the given settings. This is protected so
+ * that it is easy to make a subclass, but otherwise, the static factory methods should be
+ * preferred.
+ */
+ protected IamCredentialsClient(IamCredentialsSettings settings) throws IOException {
+ this.settings = settings;
+ this.stub = ((IamCredentialsStubSettings) settings.getStubSettings()).createStub();
+ }
+
+ @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+ protected IamCredentialsClient(IamCredentialsStub stub) {
+ this.settings = null;
+ this.stub = stub;
+ }
+
+ public final IamCredentialsSettings getSettings() {
+ return settings;
+ }
+
+ @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+ public IamCredentialsStub getStub() {
+ return stub;
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD
+ /**
+ * Generates an OAuth 2.0 access token for a service account.
+ *
+ * Sample code: + * + *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> delegates = new ArrayList<>();
+ * List<String> scope = new ArrayList<>();
+ * Duration lifetime = Duration.newBuilder().build();
+ * GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(formattedName, delegates, scope, lifetime);
+ * }
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ * @param scope Code to identify the scopes to be included in the OAuth 2.0 access token. See
+ * https://developers.google.com/identity/protocols/googlescopes for more information. At
+ * least one value required.
+ * @param lifetime The desired lifetime duration of the access token in seconds. Must be set to a
+ * value less than or equal to 3600 (1 hour). If a value is not specified, the token's
+ * lifetime will be set to a default value of one hour.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final GenerateAccessTokenResponse generateAccessToken(
+ String name, List Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ * @param audience The audience for the token, such as the API or account that this token grants
+ * access to.
+ * @param includeEmail Include the service account email in the token. If set to `true`, the token
+ * will contain `email` and `email_verified` claims.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final GenerateIdTokenResponse generateIdToken(
+ String name, List Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ * @param payload The bytes to sign.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final SignBlobResponse signBlob(String name, List Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * The delegates must have the following format:
+ * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+ * @param payload The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final SignJwtResponse signJwt(String name, List Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * Claims from the incoming token can be transferred into the output token accoding to the
+ * mapper configuration. The outgoing claim size is limited. Outgoing claims size must be less
+ * than 4kB serialized as JSON without whitespace.
+ * Example header: { "alg": "RS256", "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8" }
+ * Example payload: { "iss": "https://accounts.google.com", "iat": 1517963104, "exp":
+ * 1517966704, "aud": "https://iamcredentials.googleapis.com/", "sub":
+ * "113475438248934895348", "my_claims": { "additional_claim": "value" } }
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final GenerateIdentityBindingAccessTokenResponse generateIdentityBindingAccessToken(
+ String name, List Sample code:
+ *
+ * Sample code:
+ *
+ * The default instance has everything set to sensible defaults:
+ *
+ * The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object. For
+ * example, to set the total timeout of generateAccessToken to 30 seconds:
+ *
+ * Note: This method does not support applying settings to streaming methods.
+ */
+ public Builder applyToAllUnaryMethods(
+ ApiFunction The interfaces provided are listed below, along with usage samples.
+ *
+ * ==================== IamCredentialsClient ====================
+ *
+ * Service Description: A service account is a special type of Google account that belongs to
+ * your application or a virtual machine (VM), instead of to an individual end user. Your
+ * application assumes the identity of the service account to call Google APIs, so that the users
+ * aren't directly involved.
+ *
+ * Service account credentials are used to temporarily assume the identity of the service
+ * account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens,
+ * self-signed JSON Web Tokens (JWTs), and more.
+ *
+ * Sample for IamCredentialsClient:
+ *
+ * This class is for advanced usage.
+ */
+@Generated("by gapic-generator")
+@BetaApi("The surface for use by generated code is not stable yet and may change in the future.")
+public class GrpcIamCredentialsCallableFactory implements GrpcStubCallableFactory {
+ @Override
+ public This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator")
+@BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+public class GrpcIamCredentialsStub extends IamCredentialsStub {
+
+ private static final MethodDescriptor This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator")
+@BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+public abstract class IamCredentialsStub implements BackgroundResource {
+
+ public UnaryCallable The default instance has everything set to sensible defaults:
+ *
+ * The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object. For
+ * example, to set the total timeout of generateAccessToken to 30 seconds:
+ *
+ * Note: This method does not support applying settings to streaming methods.
+ */
+ public Builder applyToAllUnaryMethods(
+ ApiFunction
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final GenerateAccessTokenResponse generateAccessToken(GenerateAccessTokenRequest request) {
+ return generateAccessTokenCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD
+ /**
+ * Generates an OAuth 2.0 access token for a service account.
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> scope = new ArrayList<>();
+ * GenerateAccessTokenRequest request = GenerateAccessTokenRequest.newBuilder()
+ * .setName(formattedName)
+ * .addAllScope(scope)
+ * .build();
+ * GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(request);
+ * }
+ *
+ */
+ public final UnaryCallable
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> scope = new ArrayList<>();
+ * GenerateAccessTokenRequest request = GenerateAccessTokenRequest.newBuilder()
+ * .setName(formattedName)
+ * .addAllScope(scope)
+ * .build();
+ * ApiFuture<GenerateAccessTokenResponse> future = iamCredentialsClient.generateAccessTokenCallable().futureCall(request);
+ * // Do something
+ * GenerateAccessTokenResponse response = future.get();
+ * }
+ *
+ *
+ * @param name The resource name of the service account for which the credentials are requested,
+ * in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ * @param delegates The sequence of service accounts in a delegation chain. Each service account
+ * must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+ * in the chain. The last service account in the chain must be granted the
+ * `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+ * `name` field of the request.
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> delegates = new ArrayList<>();
+ * String audience = "";
+ * boolean includeEmail = false;
+ * GenerateIdTokenResponse response = iamCredentialsClient.generateIdToken(formattedName, delegates, audience, includeEmail);
+ * }
+ *
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final GenerateIdTokenResponse generateIdToken(GenerateIdTokenRequest request) {
+ return generateIdTokenCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD
+ /**
+ * Generates an OpenID Connect ID token for a service account.
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * String audience = "";
+ * GenerateIdTokenRequest request = GenerateIdTokenRequest.newBuilder()
+ * .setName(formattedName)
+ * .setAudience(audience)
+ * .build();
+ * GenerateIdTokenResponse response = iamCredentialsClient.generateIdToken(request);
+ * }
+ *
+ */
+ public final UnaryCallable
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * String audience = "";
+ * GenerateIdTokenRequest request = GenerateIdTokenRequest.newBuilder()
+ * .setName(formattedName)
+ * .setAudience(audience)
+ * .build();
+ * ApiFuture<GenerateIdTokenResponse> future = iamCredentialsClient.generateIdTokenCallable().futureCall(request);
+ * // Do something
+ * GenerateIdTokenResponse response = future.get();
+ * }
+ *
+ *
+ * @param name The resource name of the service account for which the credentials are requested,
+ * in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ * @param delegates The sequence of service accounts in a delegation chain. Each service account
+ * must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+ * in the chain. The last service account in the chain must be granted the
+ * `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+ * `name` field of the request.
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> delegates = new ArrayList<>();
+ * ByteString payload = ByteString.copyFromUtf8("");
+ * SignBlobResponse response = iamCredentialsClient.signBlob(formattedName, delegates, payload);
+ * }
+ *
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final SignBlobResponse signBlob(SignBlobRequest request) {
+ return signBlobCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD
+ /**
+ * Signs a blob using a service account's system-managed private key.
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * ByteString payload = ByteString.copyFromUtf8("");
+ * SignBlobRequest request = SignBlobRequest.newBuilder()
+ * .setName(formattedName)
+ * .setPayload(payload)
+ * .build();
+ * SignBlobResponse response = iamCredentialsClient.signBlob(request);
+ * }
+ *
+ */
+ public final UnaryCallable
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * ByteString payload = ByteString.copyFromUtf8("");
+ * SignBlobRequest request = SignBlobRequest.newBuilder()
+ * .setName(formattedName)
+ * .setPayload(payload)
+ * .build();
+ * ApiFuture<SignBlobResponse> future = iamCredentialsClient.signBlobCallable().futureCall(request);
+ * // Do something
+ * SignBlobResponse response = future.get();
+ * }
+ *
+ *
+ * @param name The resource name of the service account for which the credentials are requested,
+ * in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ * @param delegates The sequence of service accounts in a delegation chain. Each service account
+ * must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+ * in the chain. The last service account in the chain must be granted the
+ * `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+ * `name` field of the request.
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> delegates = new ArrayList<>();
+ * String payload = "";
+ * SignJwtResponse response = iamCredentialsClient.signJwt(formattedName, delegates, payload);
+ * }
+ *
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final SignJwtResponse signJwt(SignJwtRequest request) {
+ return signJwtCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD
+ /**
+ * Signs a JWT using a service account's system-managed private key.
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * String payload = "";
+ * SignJwtRequest request = SignJwtRequest.newBuilder()
+ * .setName(formattedName)
+ * .setPayload(payload)
+ * .build();
+ * SignJwtResponse response = iamCredentialsClient.signJwt(request);
+ * }
+ *
+ */
+ public final UnaryCallable
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * String payload = "";
+ * SignJwtRequest request = SignJwtRequest.newBuilder()
+ * .setName(formattedName)
+ * .setPayload(payload)
+ * .build();
+ * ApiFuture<SignJwtResponse> future = iamCredentialsClient.signJwtCallable().futureCall(request);
+ * // Do something
+ * SignJwtResponse response = future.get();
+ * }
+ *
+ *
+ * @param name The resource name of the service account for which the credentials are requested,
+ * in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+ * @param scope Code to identify the scopes to be included in the OAuth 2.0 access token. See
+ * https://developers.google.com/identity/protocols/googlescopes for more information. At
+ * least one value required.
+ * @param jwt Required. Input token. Must be in JWT format according to RFC7523
+ * (https://tools.ietf.org/html/rfc7523) and must have 'kid' field in the header. Supported
+ * signing algorithms: RS256 (RS512, ES256, ES512 coming soon). Mandatory payload fields
+ * (along the lines of RFC 7523, section 3): - iss: issuer of the token. Must provide a
+ * discovery document at $iss/.well-known/openid-configuration . The document needs to be
+ * formatted according to section 4.2 of the OpenID Connect Discovery 1.0 specification. -
+ * iat: Issue time in seconds since epoch. Must be in the past. - exp: Expiration time in
+ * seconds since epoch. Must be less than 48 hours after iat. We recommend to create tokens
+ * that last shorter than 6 hours to improve security unless business reasons mandate longer
+ * expiration times. Shorter token lifetimes are generally more secure since tokens that have
+ * been exfiltrated by attackers can be used for a shorter time. you can configure the maximum
+ * lifetime of the incoming token in the configuration of the mapper. The resulting Google
+ * token will expire within an hour or at "exp", whichever is earlier. - sub: JWT subject,
+ * identity asserted in the JWT. - aud: Configured in the mapper policy. By default the
+ * service account email.
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> scope = new ArrayList<>();
+ * String jwt = "";
+ * GenerateIdentityBindingAccessTokenResponse response = iamCredentialsClient.generateIdentityBindingAccessToken(formattedName, scope, jwt);
+ * }
+ *
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final GenerateIdentityBindingAccessTokenResponse generateIdentityBindingAccessToken(
+ GenerateIdentityBindingAccessTokenRequest request) {
+ return generateIdentityBindingAccessTokenCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD
+ /**
+ * Exchange a JWT signed by third party identity provider to an OAuth 2.0 access token
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> scope = new ArrayList<>();
+ * String jwt = "";
+ * GenerateIdentityBindingAccessTokenRequest request = GenerateIdentityBindingAccessTokenRequest.newBuilder()
+ * .setName(formattedName)
+ * .addAllScope(scope)
+ * .setJwt(jwt)
+ * .build();
+ * GenerateIdentityBindingAccessTokenResponse response = iamCredentialsClient.generateIdentityBindingAccessToken(request);
+ * }
+ *
+ */
+ public final UnaryCallable<
+ GenerateIdentityBindingAccessTokenRequest, GenerateIdentityBindingAccessTokenResponse>
+ generateIdentityBindingAccessTokenCallable() {
+ return stub.generateIdentityBindingAccessTokenCallable();
+ }
+
+ @Override
+ public final void close() {
+ stub.close();
+ }
+
+ @Override
+ public void shutdown() {
+ stub.shutdown();
+ }
+
+ @Override
+ public boolean isShutdown() {
+ return stub.isShutdown();
+ }
+
+ @Override
+ public boolean isTerminated() {
+ return stub.isTerminated();
+ }
+
+ @Override
+ public void shutdownNow() {
+ stub.shutdownNow();
+ }
+
+ @Override
+ public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+ return stub.awaitTermination(duration, unit);
+ }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsSettings.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsSettings.java
new file mode 100644
index 000000000000..f1831feedaf5
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsSettings.java
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.cloud.iam.credentials.v1.stub.IamCredentialsStubSettings;
+import com.google.iam.credentials.v1.GenerateAccessTokenRequest;
+import com.google.iam.credentials.v1.GenerateAccessTokenResponse;
+import com.google.iam.credentials.v1.GenerateIdTokenRequest;
+import com.google.iam.credentials.v1.GenerateIdTokenResponse;
+import com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest;
+import com.google.iam.credentials.v1.GenerateIdentityBindingAccessTokenResponse;
+import com.google.iam.credentials.v1.SignBlobRequest;
+import com.google.iam.credentials.v1.SignBlobResponse;
+import com.google.iam.credentials.v1.SignJwtRequest;
+import com.google.iam.credentials.v1.SignJwtResponse;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * Settings class to configure an instance of {@link IamCredentialsClient}.
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> scope = new ArrayList<>();
+ * String jwt = "";
+ * GenerateIdentityBindingAccessTokenRequest request = GenerateIdentityBindingAccessTokenRequest.newBuilder()
+ * .setName(formattedName)
+ * .addAllScope(scope)
+ * .setJwt(jwt)
+ * .build();
+ * ApiFuture<GenerateIdentityBindingAccessTokenResponse> future = iamCredentialsClient.generateIdentityBindingAccessTokenCallable().futureCall(request);
+ * // Do something
+ * GenerateIdentityBindingAccessTokenResponse response = future.get();
+ * }
+ *
+ *
+ *
+ *
+ *
+ */
+@Generated("by gapic-generator")
+@BetaApi
+public class IamCredentialsSettings extends ClientSettings
+ * IamCredentialsSettings.Builder iamCredentialsSettingsBuilder =
+ * IamCredentialsSettings.newBuilder();
+ * iamCredentialsSettingsBuilder.generateAccessTokenSettings().getRetrySettings().toBuilder()
+ * .setTotalTimeout(Duration.ofSeconds(30));
+ * IamCredentialsSettings iamCredentialsSettings = iamCredentialsSettingsBuilder.build();
+ *
+ *
+ *
+ */
+package com.google.cloud.iam.credentials.v1;
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsCallableFactory.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsCallableFactory.java
new file mode 100644
index 000000000000..fd360085508a
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsCallableFactory.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1.stub;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcCallableFactory;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.BatchingCallSettings;
+import com.google.api.gax.rpc.BidiStreamingCallable;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientStreamingCallable;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallable;
+import com.google.api.gax.rpc.StreamingCallSettings;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.OperationsStub;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * gRPC callable factory implementation for IAM Service Account Credentials API.
+ *
+ *
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ * String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ * List<String> delegates = new ArrayList<>();
+ * List<String> scope = new ArrayList<>();
+ * Duration lifetime = Duration.newBuilder().build();
+ * GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(formattedName, delegates, scope, lifetime);
+ * }
+ *
+ *
+ *
+ *
+ *
+ *
+ */
+@Generated("by gapic-generator")
+@BetaApi
+public class IamCredentialsStubSettings extends StubSettings
+ * IamCredentialsStubSettings.Builder iamCredentialsSettingsBuilder =
+ * IamCredentialsStubSettings.newBuilder();
+ * iamCredentialsSettingsBuilder.generateAccessTokenSettings().getRetrySettings().toBuilder()
+ * .setTotalTimeout(Duration.ofSeconds(30));
+ * IamCredentialsStubSettings iamCredentialsSettings = iamCredentialsSettingsBuilder.build();
+ *
+ *