service_accounts
Creates, updates, deletes, gets or lists a service_accounts resource.
Overview
| Name | service_accounts |
| Type | Resource |
| Id | google.iamcredentials.service_accounts |
Fields
The following fields are returned by SELECT queries:
SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
generate_access_token | exec | projectsId, serviceAccountsId | Generates an OAuth 2.0 access token for a service account. | |
generate_id_token | exec | projectsId, serviceAccountsId | Generates an OpenID Connect ID token for a service account. | |
sign_blob | exec | projectsId, serviceAccountsId | Signs a blob using a service account's system-managed private key. | |
sign_jwt | exec | projectsId, serviceAccountsId | Signs a JWT using a service account's system-managed private key. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
projectsId | string | |
serviceAccountsId | string |
Lifecycle Methods
- generate_access_token
- generate_id_token
- sign_blob
- sign_jwt
Generates an OAuth 2.0 access token for a service account.
EXEC google.iamcredentials.service_accounts.generate_access_token
@projectsId='{{ projectsId }}' --required,
@serviceAccountsId='{{ serviceAccountsId }}' --required
@@json=
'{
"delegates": "{{ delegates }}",
"scope": "{{ scope }}",
"lifetime": "{{ lifetime }}"
}';
Generates an OpenID Connect ID token for a service account.
EXEC google.iamcredentials.service_accounts.generate_id_token
@projectsId='{{ projectsId }}' --required,
@serviceAccountsId='{{ serviceAccountsId }}' --required
@@json=
'{
"delegates": "{{ delegates }}",
"audience": "{{ audience }}",
"includeEmail": {{ includeEmail }},
"organizationNumberIncluded": {{ organizationNumberIncluded }}
}';
Signs a blob using a service account's system-managed private key.
EXEC google.iamcredentials.service_accounts.sign_blob
@projectsId='{{ projectsId }}' --required,
@serviceAccountsId='{{ serviceAccountsId }}' --required
@@json=
'{
"delegates": "{{ delegates }}",
"payload": "{{ payload }}"
}';
Signs a JWT using a service account's system-managed private key.
EXEC google.iamcredentials.service_accounts.sign_jwt
@projectsId='{{ projectsId }}' --required,
@serviceAccountsId='{{ serviceAccountsId }}' --required
@@json=
'{
"delegates": "{{ delegates }}",
"payload": "{{ payload }}"
}';