AuthConfig

Auth configuration to run the extension.

Fields

authType enum (AuthType)

type of auth scheme.

auth_config Union type

auth_config can be only one of the following:

apiKeyConfig object (ApiKeyConfig)

Config for API key auth.

httpBasicAuthConfig object (HttpBasicAuthConfig)

Config for HTTP Basic auth.

googleServiceAccountConfig object (GoogleServiceAccountConfig)

Config for Google service Account auth.

oauthConfig object (OauthConfig)

Config for user oauth.

oidcConfig object (OidcConfig)

Config for user OIDC auth.

JSON representation

JSON representation
{ "authType": enum (`AuthType`), // auth_config "apiKeyConfig": { object (`ApiKeyConfig`) }, "httpBasicAuthConfig": { object (`HttpBasicAuthConfig`) }, "googleServiceAccountConfig": { object (`GoogleServiceAccountConfig`) }, "oauthConfig": { object (`OauthConfig`) }, "oidcConfig": { object (`OidcConfig`) } // Union type }

{ "authType": enum (AuthType), // auth_config "apiKeyConfig": { object (ApiKeyConfig) }, "httpBasicAuthConfig": { object (HttpBasicAuthConfig) }, "googleServiceAccountConfig": { object (GoogleServiceAccountConfig) }, "oauthConfig": { object (OauthConfig) }, "oidcConfig": { object (OidcConfig) } // Union type }

ApiKeyConfig

Config for authentication with API key.

Fields

name string

Optional. The parameter name of the API key. E.g. If the API request is "https://example.com/act?apiKey=", "apiKey" would be the parameter name.

apiKeySecret string

Optional. The name of the SecretManager secret version resource storing the API key. Format: projects/{project}/secrets/{secrete}/versions/{version}

If both apiKeySecret and apiKeyString are specified, this field takes precedence over apiKeyString.
If specified, the secretmanager.versions.access permission should be granted to Vertex AI Extension service Agent (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) on the specified resource.

apiKeyString string

Optional. The API key to be used in the request directly.

httpElementLocation enum (HttpElementLocation)

Optional. The location of the API key.

JSON representation
{ "name": string, "apiKeySecret": string, "apiKeyString": string, "httpElementLocation": enum (`HttpElementLocation`) }

HttpElementLocation

Enum of location an HTTP element can be.

Enums
`HTTP_IN_UNSPECIFIED`
`HTTP_IN_QUERY`	Element is in the HTTP request query.
`HTTP_IN_HEADER`	Element is in the HTTP request header.
`HTTP_IN_PATH`	Element is in the HTTP request path.
`HTTP_IN_BODY`	Element is in the HTTP request body.
`HTTP_IN_COOKIE`	Element is in the HTTP request cookie.

HttpBasicAuthConfig

Config for HTTP Basic Authentication.

Fields

credentialSecret string

Required. The name of the SecretManager secret version resource storing the base64 encoded credentials. Format: projects/{project}/secrets/{secrete}/versions/{version}

If specified, the secretmanager.versions.access permission should be granted to Vertex AI Extension service Agent (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) on the specified resource.

JSON representation
{ "credentialSecret": string }

GoogleServiceAccountConfig

Config for Google service Account Authentication.

Fields

serviceAccount string

Optional. The service account that the extension execution service runs as.

If the service account is specified, the iam.serviceAccounts.getAccessToken permission should be granted to Vertex AI Extension service Agent (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) on the specified service account.
If not specified, the Vertex AI Extension service Agent will be used to execute the Extension.

JSON representation
{ "serviceAccount": string }

OauthConfig

Config for user oauth.

Fields

oauth_config Union type

oauth_config can be only one of the following:

accessToken string

Access token for extension endpoint. Only used to propagate token from [[ExecuteExtensionRequest.runtime_auth_config]] at request time.

serviceAccount string

The service account used to generate access tokens for executing the Extension.

If the service account is specified, the iam.serviceAccounts.getAccessToken permission should be granted to Vertex AI Extension service Agent (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) on the provided service account.

JSON representation
{ // oauth_config "accessToken": string, "serviceAccount": string // Union type }

OidcConfig

Config for user OIDC auth.

Fields

oidc_config Union type

oidc_config can be only one of the following:

idToken string

OpenID Connect formatted id token for extension endpoint. Only used to propagate token from [[ExecuteExtensionRequest.runtime_auth_config]] at request time.

serviceAccount string

The service account used to generate an OpenID Connect (OIDC)-compatible JWT token signed by the Google OIDC Provider (accounts.google.com) for extension endpoint (https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-oidc).

The audience for the token will be set to the URL in the server url defined in the OpenApi spec.
If the service account is provided, the service account should grant iam.serviceAccounts.getOpenIdToken permission to Vertex AI Extension service Agent (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents).

JSON representation
{ // oidc_config "idToken": string, "serviceAccount": string // Union type }

AuthType

type of Auth.

Enums
`AUTH_TYPE_UNSPECIFIED`
`NO_AUTH`	No Auth.
`API_KEY_AUTH`	API Key Auth.
`HTTP_BASIC_AUTH`	HTTP Basic Auth.
`GOOGLE_SERVICE_ACCOUNT_AUTH`	Google service Account Auth.
`OAUTH`	OAuth auth.
`OIDC_AUTH`	OpenID Connect (OIDC) Auth.

AuthConfig Stay organized with collections Save and categorize content based on your preferences.

ApiKeyConfig

HttpElementLocation

HttpBasicAuthConfig

GoogleServiceAccountConfig

OauthConfig

OidcConfig

AuthType

AuthConfig