chore: regens API reference docs (#889)
diff --git a/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html b/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html
index a020611..b279466 100644
--- a/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html
+++ b/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html
@@ -75,31 +75,28 @@
<h1><a href="iamcredentials_v1.html">IAM Service Account Credentials API</a> . <a href="iamcredentials_v1.projects.html">projects</a> . <a href="iamcredentials_v1.projects.serviceAccounts.html">serviceAccounts</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
- <code><a href="#generateAccessToken">generateAccessToken(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#generateAccessToken">generateAccessToken(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Generates an OAuth 2.0 access token for a service account.</p>
<p class="toc_element">
- <code><a href="#generateIdToken">generateIdToken(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#generateIdToken">generateIdToken(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Generates an OpenID Connect ID token for a service account.</p>
<p class="toc_element">
- <code><a href="#generateIdentityBindingAccessToken">generateIdentityBindingAccessToken(name, body, x__xgafv=None)</a></code></p>
-<p class="firstline"></p>
-<p class="toc_element">
- <code><a href="#signBlob">signBlob(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#signBlob">signBlob(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Signs a blob using a service account's system-managed private key.</p>
<p class="toc_element">
- <code><a href="#signJwt">signJwt(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#signJwt">signJwt(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Signs a JWT using a service account's system-managed private key.</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="generateAccessToken">generateAccessToken(name, body, x__xgafv=None)</code>
+ <code class="details" id="generateAccessToken">generateAccessToken(name, body=None, x__xgafv=None)</code>
<pre>Generates an OAuth 2.0 access token for a service account.
Args:
- name: string, The resource name of the service account for which the credentials
+ name: string, Required. The resource name of the service account for which the credentials
are requested, in the following format:
`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
character is required; replacing it with a project ID is invalid. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{
@@ -119,7 +116,7 @@
# character is required; replacing it with a project ID is invalid.
"A String",
],
- "scope": [ # Code to identify the scopes to be included in the OAuth 2.0 access token.
+ "scope": [ # Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
# See https://developers.google.com/identity/protocols/googlescopes for more
# information.
# At least one value required.
@@ -143,21 +140,21 @@
</div>
<div class="method">
- <code class="details" id="generateIdToken">generateIdToken(name, body, x__xgafv=None)</code>
+ <code class="details" id="generateIdToken">generateIdToken(name, body=None, x__xgafv=None)</code>
<pre>Generates an OpenID Connect ID token for a service account.
Args:
- name: string, The resource name of the service account for which the credentials
+ name: string, Required. The resource name of the service account for which the credentials
are requested, in the following format:
`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
character is required; replacing it with a project ID is invalid. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{
"includeEmail": True or False, # Include the service account email in the token. If set to `true`, the
# token will contain `email` and `email_verified` claims.
- "audience": "A String", # The audience for the token, such as the API or account that this token
+ "audience": "A String", # Required. The audience for the token, such as the API or account that this token
# grants access to.
"delegates": [ # The sequence of service accounts in a delegation chain. Each service
# account must be granted the `roles/iam.serviceAccountTokenCreator` role
@@ -187,101 +184,19 @@
</div>
<div class="method">
- <code class="details" id="generateIdentityBindingAccessToken">generateIdentityBindingAccessToken(name, body, x__xgafv=None)</code>
- <pre>
-
-Args:
- name: string, The resource name of the service account for which the credentials
-are requested, in the following format:
-`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
-character is required; replacing it with a project ID is invalid. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{
- "scope": [ # Code to identify the scopes to be included in the OAuth 2.0 access token.
- # See https://developers.google.com/identity/protocols/googlescopes for more
- # information.
- # At least one value required.
- "A String",
- ],
- "jwt": "A String", # Required. Input token.
- # Must be in JWT format according to
- # RFC7523 (https://tools.ietf.org/html/rfc7523)
- # and must have 'kid' field in the header.
- # Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
- # Mandatory payload fields (along the lines of RFC 7523, section 3):
- # - iss: issuer of the token. Must provide a discovery document at
- # $iss/.well-known/openid-configuration . The document needs to be
- # formatted according to section 4.2 of the OpenID Connect Discovery
- # 1.0 specification.
- # - iat: Issue time in seconds since epoch. Must be in the past.
- # - exp: Expiration time in seconds since epoch. Must be less than 48 hours
- # after iat. We recommend to create tokens that last shorter than 6
- # hours to improve security unless business reasons mandate longer
- # expiration times. Shorter token lifetimes are generally more secure
- # since tokens that have been exfiltrated by attackers can be used for
- # a shorter time. you can configure the maximum lifetime of the
- # incoming token in the configuration of the mapper.
- # The resulting Google token will expire within an hour or at "exp",
- # whichever is earlier.
- # - sub: JWT subject, identity asserted in the JWT.
- # - aud: Configured in the mapper policy. By default the service account
- # email.
- #
- # Claims from the incoming token can be transferred into the output token
- # accoding to the mapper configuration. The outgoing claim size is limited.
- # Outgoing claims size must be less than 4kB serialized as JSON without
- # whitespace.
- #
- # Example header:
- # {
- # "alg": "RS256",
- # "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
- # }
- # Example payload:
- # {
- # "iss": "https://accounts.google.com",
- # "iat": 1517963104,
- # "exp": 1517966704,
- # "aud":
- # "https://iamcredentials.googleapis.com/google.iam.credentials.v1.CloudGaia",
- # "sub": "113475438248934895348",
- # "my_claims": {
- # "additional_claim": "value"
- # }
- # }
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- {
- "expireTime": "A String", # Token expiration time.
- # The expiration time is always set.
- "accessToken": "A String", # The OAuth 2.0 access token.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="signBlob">signBlob(name, body, x__xgafv=None)</code>
+ <code class="details" id="signBlob">signBlob(name, body=None, x__xgafv=None)</code>
<pre>Signs a blob using a service account's system-managed private key.
Args:
- name: string, The resource name of the service account for which the credentials
+ name: string, Required. The resource name of the service account for which the credentials
are requested, in the following format:
`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
character is required; replacing it with a project ID is invalid. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{
- "payload": "A String", # The bytes to sign.
+ "payload": "A String", # Required. The bytes to sign.
"delegates": [ # The sequence of service accounts in a delegation chain. Each service
# account must be granted the `roles/iam.serviceAccountTokenCreator` role
# on its next service account in the chain. The last service account in the
@@ -305,25 +220,29 @@
An object of the form:
{
- "signedBlob": "A String", # The signed blob.
+ "signedBlob": "A String", # The signature for the blob. Does not include the original blob.
"keyId": "A String", # The ID of the key used to sign the blob.
}</pre>
</div>
<div class="method">
- <code class="details" id="signJwt">signJwt(name, body, x__xgafv=None)</code>
+ <code class="details" id="signJwt">signJwt(name, body=None, x__xgafv=None)</code>
<pre>Signs a JWT using a service account's system-managed private key.
Args:
- name: string, The resource name of the service account for which the credentials
+ name: string, Required. The resource name of the service account for which the credentials
are requested, in the following format:
`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
character is required; replacing it with a project ID is invalid. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{
- "payload": "A String", # The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+ "payload": "A String", # Required. The JWT payload to sign. Must be a serialized JSON object that contains a
+ # JWT Claim Set. For example: `{"sub": "user@example.com", "iat": 313435}`
+ #
+ # If the claim set contains an `exp` claim, it must be an integer timestamp
+ # that is not in the past and at most 12 hours in the future.
"delegates": [ # The sequence of service accounts in a delegation chain. Each service
# account must be granted the `roles/iam.serviceAccountTokenCreator` role
# on its next service account in the chain. The last service account in the
@@ -348,7 +267,9 @@
{
"keyId": "A String", # The ID of the key used to sign the JWT.
- "signedJwt": "A String", # The signed JWT.
+ "signedJwt": "A String", # The signed JWT. Contains the automatically generated header; the
+ # client-supplied payload; and the signature, which is generated using the
+ # key referenced by the `kid` field in the header.
}</pre>
</div>