Synchronize new proto/yaml changes.

PiperOrigin-RevId: 255260884
2019-06-26 14:10:06 -07:00 · 2019-06-26 14:10:06 -07:00 · 1f24e7e936
parent b0bea56a9b
commit 1f24e7e936
3 changed files with 0 additions and 100 deletions
--- a/google/iam/credentials/v1/common.proto
+++ b/google/iam/credentials/v1/common.proto
@ -152,72 +152,3 @@ message GenerateIdTokenResponse {
  // The OpenId Connect ID token.
  string token = 1;
 }
-
-message GenerateIdentityBindingAccessTokenRequest {
-  // The resource name of the service account for which the credentials
-  // are requested, in the following format:
-  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
-  string name = 1;
-
-  // Code to identify the scopes to be included in the OAuth 2.0 access token.
-  // See https://developers.google.com/identity/protocols/googlescopes for more
-  // information.
-  // At least one value required.
-  repeated string scope = 2;
-
-  // Required. Input token.
-  // Must be in JWT format according to
-  // RFC7523 (https://tools.ietf.org/html/rfc7523)
-  // and must have 'kid' field in the header.
-  // Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
-  // Mandatory payload fields (along the lines of RFC 7523, section 3):
-  // - iss: issuer of the token. Must provide a discovery document at
-  //        $iss/.well-known/openid-configuration . The document needs to be
-  //        formatted according to section 4.2 of the OpenID Connect Discovery
-  //        1.0 specification.
-  // - iat: Issue time in seconds since epoch. Must be in the past.
-  // - exp: Expiration time in seconds since epoch. Must be less than 48 hours
-  //        after iat. We recommend to create tokens that last shorter than 6
-  //        hours to improve security unless business reasons mandate longer
-  //        expiration times. Shorter token lifetimes are generally more secure
-  //        since tokens that have been exfiltrated by attackers can be used for
-  //        a shorter time. you can configure the maximum lifetime of the
-  //        incoming token in the configuration of the mapper.
-  //        The resulting Google token will expire within an hour or at "exp",
-  //        whichever is earlier.
-  // - sub: JWT subject, identity asserted in the JWT.
-  // - aud: Configured in the mapper policy. By default the service account
-  //        email.
-  //
-  // Claims from the incoming token can be transferred into the output token
-  // accoding to the mapper configuration. The outgoing claim size is limited.
-  // Outgoing claims size must be less than 4kB serialized as JSON without
-  // whitespace.
-  //
-  // Example header:
-  // {
-  //   "alg": "RS256",
-  //   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
-  // }
-  // Example payload:
-  // {
-  //   "iss": "https://accounts.google.com",
-  //   "iat": 1517963104,
-  //   "exp": 1517966704,
-  //   "aud": "https://iamcredentials.googleapis.com/",
-  //   "sub": "113475438248934895348",
-  //   "my_claims": {
-  //     "additional_claim": "value"
-  //   }
-  // }
-  string jwt = 3;
-}
-
-message GenerateIdentityBindingAccessTokenResponse {
-  // The OAuth 2.0 access token.
-  string access_token = 1;
-
-  // Token expiration time.
-  // The expiration time is always set.
-  google.protobuf.Timestamp expire_time = 2;
-}
--- a/google/iam/credentials/v1/iamcredentials.proto
+++ b/google/iam/credentials/v1/iamcredentials.proto
@ -68,15 +68,4 @@ service IAMCredentials {
      body: "*"
    };
  }
-
-  // Exchange a JWT signed by third party identity provider to an OAuth 2.0
-  // access token
-  rpc GenerateIdentityBindingAccessToken(
-      GenerateIdentityBindingAccessTokenRequest)
-      returns (GenerateIdentityBindingAccessTokenResponse) {
-    option (google.api.http) = {
-      post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdentityBindingAccessToken"
-      body: "*"
-    };
-  }
 }
--- a/google/iam/credentials/v1/iamcredentials_gapic.yaml
+++ b/google/iam/credentials/v1/iamcredentials_gapic.yaml
@ -118,23 +118,6 @@ interfaces:
      name: service_account
    timeout_millis: 60000
    resource_name_treatment: STATIC_TYPES
-  - name: GenerateIdentityBindingAccessToken
-    flattening:
-      groups:
-      - parameters:
-        - name
-        - scope
-        - jwt
-    required_fields:
-    - name
-    - scope
-    - jwt
-    retry_codes_name: idempotent
-    retry_params_name: default
-    field_name_patterns:
-      name: service_account
-    timeout_millis: 60000
-    resource_name_treatment: STATIC_TYPES
 resource_name_generation:
 - message_name: GenerateAccessTokenRequest
  field_entity_map:
@ -145,9 +128,6 @@ resource_name_generation:
 - message_name: SignBlobRequest
  field_entity_map:
    name: service_account
- message_name: GenerateIdentityBindingAccessTokenRequest
-  field_entity_map:
-    name: service_account
 - message_name: SignJwtRequest
  field_entity_map:
    name: service_account