From 909b96449def2e8366270239a2151702f3b59a36 Mon Sep 17 00:00:00 2001 From: tmshn Date: Thu, 1 Aug 2019 15:37:30 +0900 Subject: [PATCH] Add oidcToken field to pubsub subscription --- products/pubsub/api.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/products/pubsub/api.yaml b/products/pubsub/api.yaml index 43b7ebd18971..0e137f8459dd 100644 --- a/products/pubsub/api.yaml +++ b/products/pubsub/api.yaml @@ -141,6 +141,30 @@ objects: - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + - !ruby/object:Api::Type::NestedObject + name: oidcToken + description: | + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + - !ruby/object:Api::Type::String + name: serviceAccountEmail + required: true + description: | + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, UpdateSubscription, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + - !ruby/object:Api::Type::String + name: audience + description: | + Audience to be used when generating OIDC token. The audience + claim identifies the recipients that the JWT is intended for. + The audience value is a single case-sensitive string. Having + multiple values (array) for the audience field is not supported. + More info about the OIDC JWT token audience here: + https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. - !ruby/object:Api::Type::Integer name: 'ackDeadlineSeconds' description: |