class Google::Apis::IamcredentialsV1::GenerateAccessTokenRequest
Attributes
The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/`ACCOUNT_EMAIL_OR_UNIQUEID“. The `-` wildcard character is required; replacing it with a project ID is invalid. Corresponds to the JSON property `delegates` @return [Array<String>]
The desired lifetime duration of the access token in seconds. By default, the maximum allowed value is 1 hour. To set a lifetime of up to 12 hours, you can add the service account as an allowed value in an Organization Policy that enforces the `constraints/iam.allowServiceAccountCredentialLifetimeExtension` constraint. See detailed instructions at cloud.google.com/iam/help/ credentials/lifetime If a value is not specified, the token's lifetime will be set to a default value of 1 hour. Corresponds to the JSON property `lifetime` @return [String]
Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See developers.google.com/identity/protocols/googlescopes for more information. At least one value required. Corresponds to the JSON property `scope` @return [Array<String>]
Public Class Methods
# File lib/google/apis/iamcredentials_v1/classes.rb, line 59 def initialize(**args) update!(**args) end
Public Instance Methods
Update properties of this object
# File lib/google/apis/iamcredentials_v1/classes.rb, line 64 def update!(**args) @delegates = args[:delegates] if args.key?(:delegates) @lifetime = args[:lifetime] if args.key?(:lifetime) @scope = args[:scope] if args.key?(:scope) end