Synchronize new proto/yaml changes.

PiperOrigin-RevId: 224868701

google/iam/credentials/v1/common.proto

@@ -23,7 +23,7 @@ option cc_enable_arenas = true;
 option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
 option java_multiple_files = true;
 option java_outer_classname = "IAMCredentialsCommonProto";
-option java_package = "com.google.iam.credentials.v1";
+option java_package = "com.google.cloud.iam.credentials.v1";
 
 
 message GenerateAccessTokenRequest {
@@ -154,71 +154,3 @@ message GenerateIdTokenResponse {
   string token = 1;
 }
 
-message GenerateIdentityBindingAccessTokenRequest {
-  // The resource name of the service account for which the credentials
-  // are requested, in the following format:
-  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
-  string name = 1;
-
-  // Code to identify the scopes to be included in the OAuth 2.0 access token.
-  // See https://developers.google.com/identity/protocols/googlescopes for more
-  // information.
-  // At least one value required.
-  repeated string scope = 2;
-
-  // Required. Input token.
-  // Must be in JWT format according to
-  // RFC7523 (https://tools.ietf.org/html/rfc7523)
-  // and must have 'kid' field in the header.
-  // Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
-  // Mandatory payload fields (along the lines of RFC 7523, section 3):
-  // - iss: issuer of the token. Must provide a discovery document at
-  //        $iss/.well-known/openid-configuration . The document needs to be
-  //        formatted according to section 4.2 of the OpenID Connect Discovery
-  //        1.0 specification.
-  // - iat: Issue time in seconds since epoch. Must be in the past.
-  // - exp: Expiration time in seconds since epoch. Must be less than 48 hours
-  //        after iat. We recommend to create tokens that last shorter than 6
-  //        hours to improve security unless business reasons mandate longer
-  //        expiration times. Shorter token lifetimes are generally more secure
-  //        since tokens that have been exfiltrated by attackers can be used for
-  //        a shorter time. you can configure the maximum lifetime of the
-  //        incoming token in the configuration of the mapper.
-  //        The resulting Google token will expire within an hour or at "exp",
-  //        whichever is earlier.
-  // - sub: JWT subject, identity asserted in the JWT.
-  // - aud: Configured in the mapper policy. By default the service account
-  //        email.
-  //
-  // Claims from the incoming token can be transferred into the output token
-  // accoding to the mapper configuration. The outgoing claim size is limited.
-  // Outgoing claims size must be less than 4kB serialized as JSON without
-  // whitespace.
-  //
-  // Example header:
-  // {
-  //   "alg": "RS256",
-  //   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
-  // }
-  // Example payload:
-  // {
-  //   "iss": "https://accounts.google.com",
-  //   "iat": 1517963104,
-  //   "exp": 1517966704,
-  //   "aud": "https://iamcredentials.googleapis.com/",
-  //   "sub": "113475438248934895348",
-  //   "my_claims": {
-  //     "additional_claim": "value"
-  //   }
-  // }
-  string jwt = 3;
-}
-
-message GenerateIdentityBindingAccessTokenResponse {
-  // The OAuth 2.0 access token.
-  string access_token = 1;
-
-  // Token expiration time.
-  // The expiration time is always set.
-  google.protobuf.Timestamp expire_time = 2;
-}

google/iam/credentials/v1/iamcredentials.proto

@@ -21,6 +21,9 @@ import "google/iam/credentials/v1/common.proto";
 
 option cc_enable_arenas = true;
 option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
+option java_multiple_files = true;
+option java_outer_classname = "IAMCredentialsProto";
+option java_package = "com.google.cloud.iam.credentials.v1";
 
 
 // A service account is a special type of Google account that belongs to your
@@ -64,15 +67,4 @@ service IAMCredentials {
       body: "*"
     };
   }
-
-  // Exchange a JWT signed by third party identity provider to an OAuth 2.0
-  // access token
-  rpc GenerateIdentityBindingAccessToken(
-      GenerateIdentityBindingAccessTokenRequest)
-      returns (GenerateIdentityBindingAccessTokenResponse) {
-    option (google.api.http) = {
-      post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdentityBindingAccessToken"
-      body: "*"
-    };
-  }
 }

google/iam/credentials/v1/iamcredentials_gapic.yaml

@@ -124,20 +124,3 @@ interfaces:
     field_name_patterns:
       name: service_account
     timeout_millis: 60000
-  - name: GenerateIdentityBindingAccessToken
-    flattening:
-      groups:
-      - parameters:
-        - name
-        - scope
-        - jwt
-    required_fields:
-    - name
-    - scope
-    - jwt
-    request_object_method: true
-    retry_codes_name: idempotent
-    retry_params_name: default
-    field_name_patterns:
-      name: service_account
-    timeout_millis: 60000