OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-25 12:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a20241b2412723b0062d1c19a8ec792837b145a4
google-apis-rs/google_iamcredentials1_cli/index.html
Sebastian Thiel a20241b241 Update documentation
2022-03-08 15:36:16 +08:00

218 lines
10 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>IAM Credentials v3.0.0+20220225</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="./css/theme.css" type="text/css" />
<link rel="stylesheet" href="./css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="./css/highlight.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js"></script>
<script type="text/javascript" src="./js/highlight.pack.js"></script>
<script src="./js/theme.js"></script>
<style>
body {font-size: 90%;}
pre, code {font-size: 100%;}
h3, h4, h5, h6 {color: #2980b9; font-weight: 300}
</style>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href="." class="icon icon-home"> IAM Credentials v3.0.0+20220225</a>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<span>Projects</span>
<li class="toctree-l1 ">
<a class="" href="projects_service-accounts-generate-access-token/">Service Accounts Generate Access Token</a>
</li>
<li class="toctree-l1 ">
<a class="" href="projects_service-accounts-generate-id-token/">Service Accounts Generate Id Token</a>
</li>
<li class="toctree-l1 ">
<a class="" href="projects_service-accounts-sign-blob/">Service Accounts Sign Blob</a>
</li>
<li class="toctree-l1 ">
<a class="" href="projects_service-accounts-sign-jwt/">Service Accounts Sign Jwt</a>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="icon icon-reorder"></i>
<a href="."></a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href=".">Docs</a> &raquo;</li>
<li>Home</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/Byron/google-apis-rs/tree/main/gen/iamcredentials1-cli" class="icon icon-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<!---
DO NOT EDIT !
This file was generated automatically from 'src/mako/cli/README.md.mako'
DO NOT EDIT !
-->
<p>The <code>iamcredentials1</code> command-line interface <em>(CLI)</em> allows to use most features of the <em>Google IAM Credentials</em> service from the comfort of your terminal.</p>
<p>By default all output is printed to standard out, but flags can be set to direct it into a file independent of your shell's
capabilities. Errors will be printed to standard error, and cause the program's exit code to be non-zero.</p>
<p>If data-structures are requested, these will be returned as pretty-printed JSON, to be useful as input to other tools.</p>
<p>Everything else about the <em>IAM Credentials</em> API can be found at the
<a href="https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials">official documentation site</a>.</p>
<h1 id="installation-and-source-code">Installation and Source Code</h1>
<p>Install the command-line interface with cargo using:</p>
<pre><code class="bash">cargo install google-iamcredentials1-cli
</code></pre>
<p>Find the source code <a href="https://github.com/Byron/google-apis-rs/tree/main/gen/iamcredentials1-cli">on github</a>.</p>
<h1 id="usage">Usage</h1>
<p>This documentation was generated from the <em>IAM Credentials</em> API at revision <em>20220225</em>. The CLI is at version <em>3.0.0</em>.</p>
<pre><code class="bash">iamcredentials1 [options]
projects
service-accounts-generate-access-token &lt;name&gt; (-r &lt;kv&gt;)... [-p &lt;v&gt;]... [-o &lt;out&gt;]
service-accounts-generate-id-token &lt;name&gt; (-r &lt;kv&gt;)... [-p &lt;v&gt;]... [-o &lt;out&gt;]
service-accounts-sign-blob &lt;name&gt; (-r &lt;kv&gt;)... [-p &lt;v&gt;]... [-o &lt;out&gt;]
service-accounts-sign-jwt &lt;name&gt; (-r &lt;kv&gt;)... [-p &lt;v&gt;]... [-o &lt;out&gt;]
iamcredentials1 --help
Configuration:
[--scope &lt;url&gt;]...
Specify the authentication a method should be executed in. Each scope
requires the user to grant this application permission to use it.
If unset, it defaults to the shortest scope url for a particular method.
--config-dir &lt;folder&gt;
A directory into which we will store our persistent data. Defaults to
a user-writable directory that we will create during the first invocation.
[default: ~/.google-service-cli]
</code></pre>
<h1 id="configuration">Configuration</h1>
<p>The program will store all persistent data in the <code>~/.google-service-cli</code> directory in <em>JSON</em> files prefixed with <code>iamcredentials1-</code>. You can change the directory used to store configuration with the <code>--config-dir</code> flag on a per-invocation basis.</p>
<p>More information about the various kinds of persistent data are given in the following paragraphs.</p>
<h1 id="authentication">Authentication</h1>
<p>Most APIs require a user to authenticate any request. If this is the case, the <a href="https://developers.google.com/+/api/oauth#scopes">scope</a> determines the
set of permissions granted. The granularity of these is usually no more than <em>read-only</em> or <em>full-access</em>.</p>
<p>If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a
method that is read-only, it will ask only for a read-only scope.
You may use the <code>--scope</code> flag to specify a scope directly.
All applicable scopes are documented in the respective method's CLI documentation.</p>
<p>The first time a scope is used, the user is asked for permission. Follow the instructions given
by the CLI to grant permissions, or to decline.</p>
<p>If a scope was authenticated by the user, the respective information will be stored as <em>JSON</em> in the configuration
directory, e.g. <code>~/.google-service-cli/iamcredentials1-token-&lt;scope-hash&gt;.json</code>. No manual management of these tokens
is necessary.</p>
<p>To revoke granted authentication, please refer to the <a href="http://webapps.stackexchange.com/a/30849">official documentation</a>.</p>
<h1 id="application-secrets">Application Secrets</h1>
<p>In order to allow any application to use Google services, it will need to be registered using the
<a href="https://console.developers.google.com/">Google Developer Console</a>. APIs the application may use are then enabled for it
one by one. Most APIs can be used for free and have a daily quota.</p>
<p>To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI
comes with a default application secret that is configured accordingly. This also means that heavy usage
all around the world may deplete the daily quota.</p>
<p>You can workaround this limitation by putting your own secrets file at this location:
<code>~/.google-service-cli/iamcredentials1-secret.json</code>, assuming that the required <em>iamcredentials</em> API
was enabled for it. Such a secret file can be downloaded in the <em>Google Developer Console</em> at
<em>APIs &amp; auth -&gt; Credentials -&gt; Download JSON</em> and used as is.</p>
<p>Learn more about how to setup Google projects and enable APIs using the <a href="https://developers.google.com/console/help/new/">official documentation</a>.</p>
<h1 id="debugging">Debugging</h1>
<p>Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know
what exactly led to a particular issue. This is done by allowing all client-server communication to be
output to standard error <em>as-is</em>.</p>
<p>The <code>--debug</code> flag will print errors using the <code>Debug</code> representation to standard error.</p>
<p>You may consider redirecting standard error into a file for ease of use, e.g. <code>iamcredentials1 --debug &lt;resource&gt; &lt;method&gt; [options] 2&gt;debug.txt</code>.</p>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="projects_service-accounts-generate-access-token/" class="btn btn-neutral float-right" title="Service Accounts Generate Access Token"/>Next <span class="icon icon-circle-arrow-right"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>
<!-- Copyright etc -->
</p>
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a>, using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<a class="icon icon-github" style="float: left; color: #fcfcfc"> GitHub</a>
<span><a href="" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="projects_service-accounts-generate-access-token/" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink