Creates an auth config record. Fetch corresponding credentials for specific auth types, e.g. access token for OAuth 2.0, JWT token for JWT. Encrypt the auth config with Cloud KMS and store the encrypted credentials in Spanner. Returns the encrypted auth config.
Arguments
| Parameters | |
|---|---|
parent |
Required. "projects/{project}/locations/{location}" format. |
clientCertificate.encryptedPrivateKey |
The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines. For example, -----BEGIN CERTIFICATE----- MIICTTCCAbagAwIBAgIJAPT0tSKNxan/MA0GCSqGSIb3DQEBCwUAMCoxFzAVBgNV BAoTDkdvb2dsZSBURVNUSU5HMQ8wDQYDVQQDEwZ0ZXN0Q0EwHhcNMTUwMTAxMDAw MDAwWhcNMjUwMTAxMDAwMDAwWjAuMRcwFQYDVQQKEw5Hb29nbGUgVEVTVElORzET MBEGA1UEAwwKam9lQGJhbmFuYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA vDYFgMgxi5W488d9J7UpCInl0NXmZQpJDEHE4hvkaRlH7pnC71H0DLt0/3zATRP1 JzY2+eqBmbGl4/sgZKYv8UrLnNyQNUTsNx1iZAfPUflf5FwgVsai8BM0pUciq1NB xD429VFcrGZNucvFLh72RuRFIKH8WUpiK/iZNFkWhZ0CAwEAAaN3MHUwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMBkGA1UdDgQSBBCVgnFBCWgL/iwCqnGrhTPQMBsGA1UdIwQUMBKAEKey Um2o4k2WiEVA0ldQvNYwDQYJKoZIhvcNAQELBQADgYEAYK986R4E3L1v+Q6esBtW JrUwA9UmJRSQr0N5w3o9XzarU37/bkjOP0Fw0k/A6Vv1n3vlciYfBFaBIam1qRHr 5dMsYf4CZS6w50r7hyzqyrwDoyNxkLnd2PdcHT/sym1QmflsjEs7pejtnohO6N2H wQW6M0H7Zt8claGRla4fKkg= -----END CERTIFICATE----- |
clientCertificate.passphrase |
'passphrase' should be left unset if private key is not encrypted. Note that 'passphrase' is not the password for web server, but an extra layer of security to protected private key. |
clientCertificate.sslCertificate |
The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines. For example, -----BEGIN CERTIFICATE----- MIICTTCCAbagAwIBAgIJAPT0tSKNxan/MA0GCSqGSIb3DQEBCwUAMCoxFzAVBgNV BAoTDkdvb2dsZSBURVNUSU5HMQ8wDQYDVQQDEwZ0ZXN0Q0EwHhcNMTUwMTAxMDAw MDAwWhcNMjUwMTAxMDAwMDAwWjAuMRcwFQYDVQQKEw5Hb29nbGUgVEVTVElORzET MBEGA1UEAwwKam9lQGJhbmFuYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA vDYFgMgxi5W488d9J7UpCInl0NXmZQpJDEHE4hvkaRlH7pnC71H0DLt0/3zATRP1 JzY2+eqBmbGl4/sgZKYv8UrLnNyQNUTsNx1iZAfPUflf5FwgVsai8BM0pUciq1NB xD429VFcrGZNucvFLh72RuRFIKH8WUpiK/iZNFkWhZ0CAwEAAaN3MHUwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMBkGA1UdDgQSBBCVgnFBCWgL/iwCqnGrhTPQMBsGA1UdIwQUMBKAEKey Um2o4k2WiEVA0ldQvNYwDQYJKoZIhvcNAQELBQADgYEAYK986R4E3L1v+Q6esBtW JrUwA9UmJRSQr0N5w3o9XzarU37/bkjOP0Fw0k/A6Vv1n3vlciYfBFaBIam1qRHr 5dMsYf4CZS6w50r7hyzqyrwDoyNxkLnd2PdcHT/sym1QmflsjEs7pejtnohO6N2H wQW6M0H7Zt8claGRla4fKkg= -----END CERTIFICATE----- |
location |
Location of the HTTP endpoint. For example, if location is set to |
body |
Required. |
Raised exceptions
| Exceptions | |
|---|---|
ConnectionError |
In case of a network problem (such as DNS failure or refused connection). |
HttpError |
If the response status is >= 400 (excluding 429 and 503). |
TimeoutError |
If a long-running operation takes longer to finish than the specified timeout limit. |
TypeError |
If an operation or function receives an argument of the wrong type. |
ValueError |
If an operation or function receives an argument of the right type but an inappropriate value. For example, a negative timeout. |
Response
If successful, the response contains an instance of GoogleCloudIntegrationsV1alphaAuthConfig.
Subworkflow snippet
Some fields might be optional or required. To identify required fields, refer to the API documentation.
YAML
- create: call: googleapis.integrations.v1.projects.locations.authConfigs.create args: parent: ... clientCertificate: encryptedPrivateKey: ... passphrase: ... sslCertificate: ... body: certificateId: ... creatorEmail: ... credentialType: ... decryptedCredential: authToken: token: ... type: ... credentialType: ... jwt: jwt: ... jwtHeader: ... jwtPayload: ... secret: ... oauth2AuthorizationCode: accessToken: accessToken: ... accessTokenExpireTime: ... refreshToken: ... refreshTokenExpireTime: ... tokenType: ... applyReauthPolicy: ... authCode: ... authEndpoint: ... authParams: entries: ... keyType: ... valueType: ... clientId: ... clientSecret: ... requestType: ... scope: ... tokenEndpoint: ... tokenParams: ... oauth2ClientCredentials: accessToken: ... clientId: ... clientSecret: ... requestType: ... scope: ... tokenEndpoint: ... tokenParams: ... oauth2ResourceOwnerCredentials: accessToken: ... clientId: ... clientSecret: ... password: ... requestType: ... scope: ... tokenEndpoint: ... tokenParams: ... username: ... oidcToken: audience: ... serviceAccountEmail: ... token: ... tokenExpireTime: ... serviceAccountCredentials: scope: ... serviceAccount: ... usernameAndPassword: password: ... username: ... description: ... displayName: ... encryptedCredential: ... expiryNotificationDuration: ... lastModifierEmail: ... name: ... overrideValidTime: ... reason: ... state: ... validTime: ... visibility: ... result: createResult
JSON
[ { "create": { "call": "googleapis.integrations.v1.projects.locations.authConfigs.create", "args": { "parent": "...", "clientCertificate": { "encryptedPrivateKey": "...", "passphrase": "...", "sslCertificate": "..." }, "body": { "certificateId": "...", "creatorEmail": "...", "credentialType": "...", "decryptedCredential": { "authToken": { "token": "...", "type": "..." }, "credentialType": "...", "jwt": { "jwt": "...", "jwtHeader": "...", "jwtPayload": "...", "secret": "..." }, "oauth2AuthorizationCode": { "accessToken": { "accessToken": "...", "accessTokenExpireTime": "...", "refreshToken": "...", "refreshTokenExpireTime": "...", "tokenType": "..." }, "applyReauthPolicy": "...", "authCode": "...", "authEndpoint": "...", "authParams": { "entries": "...", "keyType": "...", "valueType": "..." }, "clientId": "...", "clientSecret": "...", "requestType": "...", "scope": "...", "tokenEndpoint": "...", "tokenParams": "..." }, "oauth2ClientCredentials": { "accessToken": "...", "clientId": "...", "clientSecret": "...", "requestType": "...", "scope": "...", "tokenEndpoint": "...", "tokenParams": "..." }, "oauth2ResourceOwnerCredentials": { "accessToken": "...", "clientId": "...", "clientSecret": "...", "password": "...", "requestType": "...", "scope": "...", "tokenEndpoint": "...", "tokenParams": "...", "username": "..." }, "oidcToken": { "audience": "...", "serviceAccountEmail": "...", "token": "...", "tokenExpireTime": "..." }, "serviceAccountCredentials": { "scope": "...", "serviceAccount": "..." }, "usernameAndPassword": { "password": "...", "username": "..." } }, "description": "...", "displayName": "...", "encryptedCredential": "...", "expiryNotificationDuration": "...", "lastModifierEmail": "...", "name": "...", "overrideValidTime": "...", "reason": "...", "state": "...", "validTime": "...", "visibility": "..." } }, "result": "createResult" } } ]