Class: Google::Cloud::Eventarc::V1::Pipeline::Destination::AuthenticationConfig

Inherits:

Object

Object
Google::Cloud::Eventarc::V1::Pipeline::Destination::AuthenticationConfig

show all

Extended by:: Protobuf::MessageExts::ClassMethods

Includes:: Protobuf::MessageExts

Defined in:: proto_docs/google/cloud/eventarc/v1/pipeline.rb

Overview

Represents a config used to authenticate message requests.

Defined Under Namespace

Classes: OAuthToken, OidcToken

Instance Attribute Summary collapse

Instance Attribute Details

#google_oidc ⇒ `::Google::Cloud::Eventarc::V1::Pipeline::Destination::AuthenticationConfig::OidcToken`

Returns Optional. This authenticate method will apply Google OIDC tokens signed by a GCP service account to the requests.

Returns:

(::Google::Cloud::Eventarc::V1::Pipeline::Destination::AuthenticationConfig::OidcToken) —
Optional. This authenticate method will apply Google OIDC tokens signed by a GCP service account to the requests.

# File 'proto_docs/google/cloud/eventarc/v1/pipeline.rb', line 389

class AuthenticationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represents a config used to authenticate with a Google OIDC token using
  # a GCP service account. Use this authentication method to invoke your
  # Cloud Run and Cloud Functions destinations or HTTP endpoints that
  # support Google OIDC.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. Service account email used to generate the OIDC Token.
  #     The principal who calls this API must have
  #     iam.serviceAccounts.actAs permission in the service account. See
  #     https://cloud.google.com/iam/docs/understanding-service-accounts?hl=en#sa_common
  #     for more information. Eventarc service agents must have
  #     roles/roles/iam.serviceAccountTokenCreator role to allow the
  #     Pipeline to create OpenID tokens for authenticated requests.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Audience to be used to generate the OIDC Token. The
  #     audience claim identifies the recipient that the JWT is intended for.
  #     If unspecified, the destination URI will be used.
  class OidcToken
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Contains information needed for generating an
  # [OAuth token](https://developers.google.com/identity/protocols/OAuth2).
  # This type of authorization should generally only be used when calling
  # Google APIs hosted on *.googleapis.com.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. Service account email used to generate the [OAuth
  #     token](https://developers.google.com/identity/protocols/OAuth2).
  #     The principal who calls this API must have
  #     iam.serviceAccounts.actAs permission in the service account. See
  #     https://cloud.google.com/iam/docs/understanding-service-accounts?hl=en#sa_common
  #     for more information. Eventarc service agents must have
  #     roles/roles/iam.serviceAccountTokenCreator role to allow Pipeline
  #     to create OAuth2 tokens for authenticated requests.
  # @!attribute [rw] scope
  #   @return [::String]
  #     Optional. OAuth scope to be used for generating OAuth access token.
  #     If not specified, "https://www.googleapis.com/auth/cloud-platform"
  #     will be used.
  class OAuthToken
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#oauth_token ⇒ `::Google::Cloud::Eventarc::V1::Pipeline::Destination::AuthenticationConfig::OAuthToken`

Returns Optional. If specified, an OAuth token will be generated and attached as an Authorization header in the HTTP request.

This type of authorization should generally only be used when calling Google APIs hosted on *.googleapis.com.