Auth configuration to run the extension.
authType
enum ( AuthType
)
type of auth scheme.
auth_config
Union type
auth_config
can be only one of the following:apiKeyConfig
object ( ApiKeyConfig
)
Config for API key auth.
httpBasicAuthConfig
object ( HttpBasicAuthConfig
)
Config for HTTP Basic auth.
googleServiceAccountConfig
object ( GoogleServiceAccountConfig
)
Config for Google service Account auth.
oauthConfig
object ( OauthConfig
)
Config for user oauth.
oidcConfig
object ( OidcConfig
)
Config for user OIDC auth.
| JSON representation |
|---|
{ "authType" : enum ( |
ApiKeyConfig
Config for authentication with API key.
name
string
Optional. The parameter name of the API key. E.g. If the API request is "https://example.com/act?apiKey=
apiKeySecret
string
Optional. The name of the SecretManager secret version resource storing the API key. Format: projects/{project}/secrets/{secrete}/versions/{version}
-
If both
apiKeySecretandapiKeyStringare specified, this field takes precedence overapiKeyString. -
If specified, the
secretmanager.versions.accesspermission should be granted to Vertex AI Extension service Agent ( https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents ) on the specified resource.
apiKeyString
string
Optional. The API key to be used in the request directly.
httpElementLocation
enum ( HttpElementLocation
)
Optional. The location of the API key.
| JSON representation |
|---|
{
"name"
:
string
,
"apiKeySecret"
:
string
,
"apiKeyString"
:
string
,
"httpElementLocation"
:
enum (
|
HttpElementLocation
Enum of location an HTTP element can be.
| Enums | |
|---|---|
HTTP_IN_UNSPECIFIED
|
|
HTTP_IN_QUERY
|
Element is in the HTTP request query. |
HTTP_IN_HEADER
|
Element is in the HTTP request header. |
HTTP_IN_PATH
|
Element is in the HTTP request path. |
HTTP_IN_BODY
|
Element is in the HTTP request body. |
HTTP_IN_COOKIE
|
Element is in the HTTP request cookie. |
HttpBasicAuthConfig
Config for HTTP Basic Authentication.
credentialSecret
string
Required. The name of the SecretManager secret version resource storing the base64 encoded credentials. Format: projects/{project}/secrets/{secrete}/versions/{version}
- If specified, the
secretmanager.versions.accesspermission should be granted to Vertex AI Extension service Agent ( https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents ) on the specified resource.
| JSON representation |
|---|
{ "credentialSecret" : string } |
GoogleServiceAccountConfig
Config for Google service Account Authentication.
serviceAccount
string
Optional. The service account that the extension execution service runs as.
-
If the service account is specified, the
iam.serviceAccounts.getAccessTokenpermission should be granted to Vertex AI Extension service Agent ( https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents ) on the specified service account. -
If not specified, the Vertex AI Extension service Agent will be used to execute the Extension.
| JSON representation |
|---|
{ "serviceAccount" : string } |
OauthConfig
Config for user oauth.
oauth_config
Union type
oauth_config
can be only one of the following:accessToken
string
Access token for extension endpoint. Only used to propagate token from [[ExecuteExtensionRequest.runtime_auth_config]] at request time.
serviceAccount
string
The service account used to generate access tokens for executing the Extension.
- If the service account is specified, the
iam.serviceAccounts.getAccessTokenpermission should be granted to Vertex AI Extension service Agent ( https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents ) on the provided service account.
| JSON representation |
|---|
{ // oauth_config "accessToken" : string , "serviceAccount" : string // Union type } |
OidcConfig
Config for user OIDC auth.
oidc_config
Union type
oidc_config
can be only one of the following:idToken
string
OpenID Connect formatted id token for extension endpoint. Only used to propagate token from [[ExecuteExtensionRequest.runtime_auth_config]] at request time.
serviceAccount
string
The service account used to generate an OpenID Connect (OIDC)-compatible JWT token signed by the Google OIDC Provider (accounts.google.com) for extension endpoint ( https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-oidc) .
-
The audience for the token will be set to the URL in the server url defined in the OpenApi spec.
-
If the service account is provided, the service account should grant
iam.serviceAccounts.getOpenIdTokenpermission to Vertex AI Extension service Agent ( https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) .
| JSON representation |
|---|
{ // oidc_config "idToken" : string , "serviceAccount" : string // Union type } |
AuthType
type of Auth.
| Enums | |
|---|---|
AUTH_TYPE_UNSPECIFIED
|
|
NO_AUTH
|
No Auth. |
API_KEY_AUTH
|
API Key Auth. |
HTTP_BASIC_AUTH
|
HTTP Basic Auth. |
GOOGLE_SERVICE_ACCOUNT_AUTH
|
Google service Account Auth. |
OAUTH
|
OAuth auth. |
OIDC_AUTH
|
OpenID Connect (OIDC) Auth. |
