Skip to main content

auth_configs

Creates, updates, deletes, gets or lists an auth_configs resource.

Overview

Nameauth_configs
TypeResource
Idgoogle.integrations.auth_configs

Fields

The following fields are returned by SELECT queries:

Successful response

NameDatatypeDescription
namestringResource name of the auth config. For more information, see Manage authentication profiles. projects/{project}/locations/{location}/authConfigs/{authConfig}.
certificateIdstringCertificate id for client certificate
createTimestring (google-datetime)Output only. The timestamp when the auth config is created.
creatorEmailstringThe creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.
credentialTypestringRequired. Credential type of the encrypted credential.
decryptedCredentialobjectRaw auth credentials. (id: GoogleCloudIntegrationsV1alphaCredential)
descriptionstringOptional. A description of the auth config.
displayNamestringRequired. The name of the auth config.
encryptedCredentialstring (byte)Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key.
expiryNotificationDurationarrayOptional. User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours.
lastModifierEmailstringThe last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.
overrideValidTimestring (google-datetime)Optional. User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings.
reasonstringOutput only. The reason / details of the current status.
statestringOutput only. The status of the auth config.
updateTimestring (google-datetime)Output only. The timestamp when the auth config is modified.
validTimestring (google-datetime)Optional. The time until the auth config is valid. Empty or max value is considered the auth config won't expire.
visibilitystringOptional. The visibility of the auth config.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
projects_locations_products_auth_configs_getselectprojectsId, locationsId, productsId, authConfigsIdGets a complete auth config. If the auth config doesn't exist, Code.NOT_FOUND exception will be thrown. Returns the decrypted auth config.
projects_locations_products_auth_configs_listselectprojectsId, locationsId, productsIdpageSize, pageToken, filter, readMaskLists all auth configs that match the filter. Restrict to auth configs belong to the current client only.
projects_locations_auth_configs_getselectprojectsId, locationsId, authConfigsIdGets a complete auth config. If the auth config doesn't exist, Code.NOT_FOUND exception will be thrown. Returns the decrypted auth config.
projects_locations_auth_configs_listselectprojectsId, locationsIdpageSize, pageToken, filter, readMaskLists all auth configs that match the filter. Restrict to auth configs belong to the current client only.
projects_locations_products_auth_configs_createinsertprojectsId, locationsId, productsIdclientCertificate.sslCertificate, clientCertificate.encryptedPrivateKey, clientCertificate.passphraseCreates an auth config record. Fetch corresponding credentials for specific auth types, e.g. access token for OAuth 2.0, JWT token for JWT. Encrypt the auth config with Cloud KMS and store the encrypted credentials in Spanner. Returns the encrypted auth config.
projects_locations_auth_configs_createinsertprojectsId, locationsIdclientCertificate.sslCertificate, clientCertificate.encryptedPrivateKey, clientCertificate.passphraseCreates an auth config record. Fetch corresponding credentials for specific auth types, e.g. access token for OAuth 2.0, JWT token for JWT. Encrypt the auth config with Cloud KMS and store the encrypted credentials in Spanner. Returns the encrypted auth config.
projects_locations_products_auth_configs_patchupdateprojectsId, locationsId, productsId, authConfigsIdupdateMask, clientCertificate.sslCertificate, clientCertificate.encryptedPrivateKey, clientCertificate.passphraseUpdates an auth config. If credential is updated, fetch the encrypted auth config from Spanner, decrypt with Cloud KMS key, update the credential fields, re-encrypt with Cloud KMS key and update the Spanner record. For other fields, directly update the Spanner record. Returns the encrypted auth config.
projects_locations_auth_configs_patchupdateprojectsId, locationsId, authConfigsIdupdateMask, clientCertificate.sslCertificate, clientCertificate.encryptedPrivateKey, clientCertificate.passphraseUpdates an auth config. If credential is updated, fetch the encrypted auth config from Spanner, decrypt with Cloud KMS key, update the credential fields, re-encrypt with Cloud KMS key and update the Spanner record. For other fields, directly update the Spanner record. Returns the encrypted auth config.
projects_locations_products_auth_configs_deletedeleteprojectsId, locationsId, productsId, authConfigsIdDeletes an auth config.
projects_locations_auth_configs_deletedeleteprojectsId, locationsId, authConfigsIdDeletes an auth config.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
authConfigsIdstring
locationsIdstring
productsIdstring
projectsIdstring
clientCertificate.encryptedPrivateKeystring
clientCertificate.passphrasestring
clientCertificate.sslCertificatestring
filterstring
pageSizeinteger (int32)
pageTokenstring
readMaskstring (google-fieldmask)
updateMaskstring (google-fieldmask)

SELECT examples

Gets a complete auth config. If the auth config doesn't exist, Code.NOT_FOUND exception will be thrown. Returns the decrypted auth config.

SELECT
name,
certificateId,
createTime,
creatorEmail,
credentialType,
decryptedCredential,
description,
displayName,
encryptedCredential,
expiryNotificationDuration,
lastModifierEmail,
overrideValidTime,
reason,
state,
updateTime,
validTime,
visibility
FROM google.integrations.auth_configs
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND productsId = '{{ productsId }}' -- required
AND authConfigsId = '{{ authConfigsId }}' -- required;

INSERT examples

Creates an auth config record. Fetch corresponding credentials for specific auth types, e.g. access token for OAuth 2.0, JWT token for JWT. Encrypt the auth config with Cloud KMS and store the encrypted credentials in Spanner. Returns the encrypted auth config.

INSERT INTO google.integrations.auth_configs (
data__name,
data__displayName,
data__description,
data__encryptedCredential,
data__decryptedCredential,
data__certificateId,
data__credentialType,
data__creatorEmail,
data__lastModifierEmail,
data__visibility,
data__expiryNotificationDuration,
data__validTime,
data__overrideValidTime,
projectsId,
locationsId,
productsId,
clientCertificate.sslCertificate,
clientCertificate.encryptedPrivateKey,
clientCertificate.passphrase
)
SELECT 
'{{ name }}',
'{{ displayName }}',
'{{ description }}',
'{{ encryptedCredential }}',
'{{ decryptedCredential }}',
'{{ certificateId }}',
'{{ credentialType }}',
'{{ creatorEmail }}',
'{{ lastModifierEmail }}',
'{{ visibility }}',
'{{ expiryNotificationDuration }}',
'{{ validTime }}',
'{{ overrideValidTime }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ productsId }}',
'{{ clientCertificate.sslCertificate }}',
'{{ clientCertificate.encryptedPrivateKey }}',
'{{ clientCertificate.passphrase }}'
RETURNING
name,
certificateId,
createTime,
creatorEmail,
credentialType,
decryptedCredential,
description,
displayName,
encryptedCredential,
expiryNotificationDuration,
lastModifierEmail,
overrideValidTime,
reason,
state,
updateTime,
validTime,
visibility
;

UPDATE examples

Updates an auth config. If credential is updated, fetch the encrypted auth config from Spanner, decrypt with Cloud KMS key, update the credential fields, re-encrypt with Cloud KMS key and update the Spanner record. For other fields, directly update the Spanner record. Returns the encrypted auth config.

UPDATE google.integrations.auth_configs
SET 
data__name = '{{ name }}',
data__displayName = '{{ displayName }}',
data__description = '{{ description }}',
data__encryptedCredential = '{{ encryptedCredential }}',
data__decryptedCredential = '{{ decryptedCredential }}',
data__certificateId = '{{ certificateId }}',
data__credentialType = '{{ credentialType }}',
data__creatorEmail = '{{ creatorEmail }}',
data__lastModifierEmail = '{{ lastModifierEmail }}',
data__visibility = '{{ visibility }}',
data__expiryNotificationDuration = '{{ expiryNotificationDuration }}',
data__validTime = '{{ validTime }}',
data__overrideValidTime = '{{ overrideValidTime }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND productsId = '{{ productsId }}' --required
AND authConfigsId = '{{ authConfigsId }}' --required
AND updateMask = '{{ updateMask}}'
AND clientCertificate.sslCertificate = '{{ clientCertificate.sslCertificate}}'
AND clientCertificate.encryptedPrivateKey = '{{ clientCertificate.encryptedPrivateKey}}'
AND clientCertificate.passphrase = '{{ clientCertificate.passphrase}}'
RETURNING
name,
certificateId,
createTime,
creatorEmail,
credentialType,
decryptedCredential,
description,
displayName,
encryptedCredential,
expiryNotificationDuration,
lastModifierEmail,
overrideValidTime,
reason,
state,
updateTime,
validTime,
visibility;

DELETE examples

Deletes an auth config.

DELETE FROM google.integrations.auth_configs
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND productsId = '{{ productsId }}' --required
AND authConfigsId = '{{ authConfigsId }}' --required;