Cloud OS Login API
You can use OS Login to manage access to your VM instances using IAM roles
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"openapi": "3.0.0",
"servers": [
{
"url": "https://oslogin.googleapis.com/"
}
],
"info": {
"contact": {
"name": "Google",
"url": "https://google.com",
"x-twitter": "youtube"
},
"description": "You can use OS Login to manage access to your VM instances using IAM roles.",
"license": {
"name": "Creative Commons Attribution 3.0",
"url": "http://creativecommons.org/licenses/by/3.0/"
},
"termsOfService": "https://developers.google.com/terms/",
"title": "Cloud OS Login API",
"version": "v1beta",
"x-apiClientRegistration": {
"url": "https://console.developers.google.com"
},
"x-apisguru-categories": [
"analytics",
"media"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_www.google.com_images_branding_googlelogo_2x_googlelogo_color_272x92dp.png"
},
"x-origin": [
{
"format": "google",
"url": "https://oslogin.googleapis.com/$discovery/rest?version=v1beta",
"version": "v1"
}
],
"x-preferred": true,
"x-providerName": "googleapis.com",
"x-serviceName": "oslogin"
},
"externalDocs": {
"url": "https://cloud.google.com/compute/docs/oslogin/"
},
"tags": [
{
"name": "users"
}
],
"paths": {
"/v1beta/{name}": {
"delete": {
"description": "Deletes an SSH public key.",
"operationId": "oslogin.users.sshPublicKeys.delete",
"parameters": [
{
"description": "Required. The fingerprint of the public key to update. Public keys are identified by their SHA-256 fingerprint. The fingerprint of the public key is in format `users/{user}/sshPublicKeys/{fingerprint}`.",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Empty"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute"
]
}
],
"tags": [
"users"
]
},
"get": {
"description": "Retrieves an SSH public key.",
"operationId": "oslogin.users.sshPublicKeys.get",
"parameters": [
{
"description": "Required. The fingerprint of the public key to retrieve. Public keys are identified by their SHA-256 fingerprint. The fingerprint of the public key is in format `users/{user}/sshPublicKeys/{fingerprint}`.",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SshPublicKey"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute"
]
}
],
"tags": [
"users"
]
},
"parameters": [
{
"$ref": "#/components/parameters/_.xgafv"
},
{
"$ref": "#/components/parameters/access_token"
},
{
"$ref": "#/components/parameters/alt"
},
{
"$ref": "#/components/parameters/callback"
},
{
"$ref": "#/components/parameters/fields"
},
{
"$ref": "#/components/parameters/key"
},
{
"$ref": "#/components/parameters/oauth_token"
},
{
"$ref": "#/components/parameters/prettyPrint"
},
{
"$ref": "#/components/parameters/quotaUser"
},
{
"$ref": "#/components/parameters/upload_protocol"
},
{
"$ref": "#/components/parameters/uploadType"
}
],
"patch": {
"description": "Updates an SSH public key and returns the profile information. This method supports patch semantics.",
"operationId": "oslogin.users.sshPublicKeys.patch",
"parameters": [
{
"description": "Required. The fingerprint of the public key to update. Public keys are identified by their SHA-256 fingerprint. The fingerprint of the public key is in format `users/{user}/sshPublicKeys/{fingerprint}`.",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "Mask to control which fields get updated. Updates all if not present.",
"in": "query",
"name": "updateMask",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SshPublicKey"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SshPublicKey"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute"
]
}
],
"tags": [
"users"
]
}
},
"/v1beta/{name}/loginProfile": {
"get": {
"description": "Retrieves the profile information used for logging in to a virtual machine on Google Compute Engine.",
"operationId": "oslogin.users.getLoginProfile",
"parameters": [
{
"description": "Required. The unique ID for the user in format `users/{user}`.",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "The project ID of the Google Cloud Platform project.",
"in": "query",
"name": "projectId",
"schema": {
"type": "string"
}
},
{
"description": "A system ID for filtering the results of the request.",
"in": "query",
"name": "systemId",
"schema": {
"type": "string"
}
},
{
"description": "The view configures whether to retrieve security keys information.",
"in": "query",
"name": "view",
"schema": {
"enum": [
"LOGIN_PROFILE_VIEW_UNSPECIFIED",
"BASIC",
"SECURITY_KEY"
],
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LoginProfile"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform.read-only"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute.readonly"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute.readonly"
]
}
],
"tags": [
"users"
]
},
"parameters": [
{
"$ref": "#/components/parameters/_.xgafv"
},
{
"$ref": "#/components/parameters/access_token"
},
{
"$ref": "#/components/parameters/alt"
},
{
"$ref": "#/components/parameters/callback"
},
{
"$ref": "#/components/parameters/fields"
},
{
"$ref": "#/components/parameters/key"
},
{
"$ref": "#/components/parameters/oauth_token"
},
{
"$ref": "#/components/parameters/prettyPrint"
},
{
"$ref": "#/components/parameters/quotaUser"
},
{
"$ref": "#/components/parameters/upload_protocol"
},
{
"$ref": "#/components/parameters/uploadType"
}
]
},
"/v1beta/{parent}/sshPublicKeys": {
"parameters": [
{
"$ref": "#/components/parameters/_.xgafv"
},
{
"$ref": "#/components/parameters/access_token"
},
{
"$ref": "#/components/parameters/alt"
},
{
"$ref": "#/components/parameters/callback"
},
{
"$ref": "#/components/parameters/fields"
},
{
"$ref": "#/components/parameters/key"
},
{
"$ref": "#/components/parameters/oauth_token"
},
{
"$ref": "#/components/parameters/prettyPrint"
},
{
"$ref": "#/components/parameters/quotaUser"
},
{
"$ref": "#/components/parameters/upload_protocol"
},
{
"$ref": "#/components/parameters/uploadType"
}
],
"post": {
"description": "Create an SSH public key",
"operationId": "oslogin.users.sshPublicKeys.create",
"parameters": [
{
"description": "Required. The unique ID for the user in format `users/{user}`.",
"in": "path",
"name": "parent",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SshPublicKey"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SshPublicKey"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute"
]
}
],
"tags": [
"users"
]
}
},
"/v1beta/{parent}:importSshPublicKey": {
"parameters": [
{
"$ref": "#/components/parameters/_.xgafv"
},
{
"$ref": "#/components/parameters/access_token"
},
{
"$ref": "#/components/parameters/alt"
},
{
"$ref": "#/components/parameters/callback"
},
{
"$ref": "#/components/parameters/fields"
},
{
"$ref": "#/components/parameters/key"
},
{
"$ref": "#/components/parameters/oauth_token"
},
{
"$ref": "#/components/parameters/prettyPrint"
},
{
"$ref": "#/components/parameters/quotaUser"
},
{
"$ref": "#/components/parameters/upload_protocol"
},
{
"$ref": "#/components/parameters/uploadType"
}
],
"post": {
"description": "Adds an SSH public key and returns the profile information. Default POSIX account information is set when no username and UID exist as part of the login profile.",
"operationId": "oslogin.users.importSshPublicKey",
"parameters": [
{
"description": "The unique ID for the user in format `users/{user}`.",
"in": "path",
"name": "parent",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "The project ID of the Google Cloud Platform project.",
"in": "query",
"name": "projectId",
"schema": {
"type": "string"
}
},
{
"description": "The view configures whether to retrieve security keys information.",
"in": "query",
"name": "view",
"schema": {
"enum": [
"LOGIN_PROFILE_VIEW_UNSPECIFIED",
"BASIC",
"SECURITY_KEY"
],
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SshPublicKey"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ImportSshPublicKeyResponse"
}
}
},
"description": "Successful response"
}
},
"security": [
{
"Oauth2": [
"https://www.googleapis.com/auth/cloud-platform"
],
"Oauth2c": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
{
"Oauth2": [
"https://www.googleapis.com/auth/compute"
],
"Oauth2c": [
"https://www.googleapis.com/auth/compute"
]
}
],
"tags": [
"users"
]
}
}
},
"components": {
"parameters": {
"_.xgafv": {
"description": "V1 error format.",
"in": "query",
"name": "$.xgafv",
"schema": {
"enum": [
"1",
"2"
],
"type": "string"
}
},
"access_token": {
"description": "OAuth access token.",
"in": "query",
"name": "access_token",
"schema": {
"type": "string"
}
},
"alt": {
"description": "Data format for response.",
"in": "query",
"name": "alt",
"schema": {
"enum": [
"json",
"media",
"proto"
],
"type": "string"
}
},
"callback": {
"description": "JSONP",
"in": "query",
"name": "callback",
"schema": {
"type": "string"
}
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"in": "query",
"name": "fields",
"schema": {
"type": "string"
}
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"in": "query",
"name": "key",
"schema": {
"type": "string"
}
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"in": "query",
"name": "oauth_token",
"schema": {
"type": "string"
}
},
"prettyPrint": {
"description": "Returns response with indentations and line breaks.",
"in": "query",
"name": "prettyPrint",
"schema": {
"type": "boolean"
}
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"in": "query",
"name": "quotaUser",
"schema": {
"type": "string"
}
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"in": "query",
"name": "uploadType",
"schema": {
"type": "string"
}
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"in": "query",
"name": "upload_protocol",
"schema": {
"type": "string"
}
}
},
"schemas": {
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
"properties": {},
"type": "object"
},
"ImportSshPublicKeyResponse": {
"description": "A response message for importing an SSH public key.",
"properties": {
"details": {
"description": "Detailed information about import results.",
"type": "string"
},
"loginProfile": {
"$ref": "#/components/schemas/LoginProfile",
"description": "The login profile information for the user."
}
},
"type": "object"
},
"LoginProfile": {
"description": "The user profile information used for logging in to a virtual machine on Google Compute Engine.",
"properties": {
"name": {
"description": "Required. A unique user ID.",
"type": "string"
},
"posixAccounts": {
"description": "The list of POSIX accounts associated with the user.",
"items": {
"$ref": "#/components/schemas/PosixAccount"
},
"type": "array"
},
"securityKeys": {
"description": "The registered security key credentials for a user.",
"items": {
"$ref": "#/components/schemas/SecurityKey"
},
"type": "array"
},
"sshPublicKeys": {
"additionalProperties": {
"$ref": "#/components/schemas/SshPublicKey"
},
"description": "A map from SSH public key fingerprint to the associated key object.",
"type": "object"
}
},
"type": "object"
},
"PosixAccount": {
"description": "The POSIX account information associated with a Google account.",
"properties": {
"accountId": {
"description": "Output only. A POSIX account identifier.",
"readOnly": true,
"type": "string"
},
"gecos": {
"description": "The GECOS (user information) entry for this account.",
"type": "string"
},
"gid": {
"description": "The default group ID.",
"format": "int64",
"type": "string"
},
"homeDirectory": {
"description": "The path to the home directory for this account.",
"type": "string"
},
"name": {
"description": "Output only. The canonical resource name.",
"readOnly": true,
"type": "string"
},
"operatingSystemType": {
"description": "The operating system type where this account applies.",
"enum": [
"OPERATING_SYSTEM_TYPE_UNSPECIFIED",
"LINUX",
"WINDOWS"
],
"type": "string"
},
"primary": {
"description": "Only one POSIX account can be marked as primary.",
"type": "boolean"
},
"shell": {
"description": "The path to the logic shell for this account.",
"type": "string"
},
"systemId": {
"description": "System identifier for which account the username or uid applies to. By default, the empty value is used.",
"type": "string"
},
"uid": {
"description": "The user ID.",
"format": "int64",
"type": "string"
},
"username": {
"description": "The username of the POSIX account.",
"type": "string"
}
},
"type": "object"
},
"SecurityKey": {
"description": "The credential information for a Google registered security key.",
"properties": {
"privateKey": {
"description": "Hardware-backed private key text in SSH format.",
"type": "string"
},
"publicKey": {
"description": "Public key text in SSH format, defined by [RFC4253](\"https://www.ietf.org/rfc/rfc4253.txt\") section 6.6.",
"type": "string"
},
"universalTwoFactor": {
"$ref": "#/components/schemas/UniversalTwoFactor",
"description": "The U2F protocol type."
},
"webAuthn": {
"$ref": "#/components/schemas/WebAuthn",
"description": "The Web Authentication protocol type."
}
},
"type": "object"
},
"SshPublicKey": {
"description": "The SSH public key information associated with a Google account.",
"properties": {
"expirationTimeUsec": {
"description": "An expiration time in microseconds since epoch.",
"format": "int64",
"type": "string"
},
"fingerprint": {
"description": "Output only. The SHA-256 fingerprint of the SSH public key.",
"readOnly": true,
"type": "string"
},
"key": {
"description": "Public key text in SSH format, defined by RFC4253 section 6.6.",
"type": "string"
},
"name": {
"description": "Output only. The canonical resource name.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
},
"UniversalTwoFactor": {
"description": "Security key information specific to the U2F protocol.",
"properties": {
"appId": {
"description": "Application ID for the U2F protocol.",
"type": "string"
}
},
"type": "object"
},
"WebAuthn": {
"description": "Security key information specific to the Web Authentication protocol.",
"properties": {
"rpId": {
"description": "Relying party ID for Web Authentication.",
"type": "string"
}
},
"type": "object"
}
},
"securitySchemes": {
"Oauth2": {
"description": "Oauth 2.0 implicit authentication",
"flows": {
"implicit": {
"authorizationUrl": "https://accounts.google.com/o/oauth2/auth",
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.",
"https://www.googleapis.com/auth/cloud-platform.read-only": "View your data across Google Cloud services and see the email address of your Google Account",
"https://www.googleapis.com/auth/compute": "View and manage your Google Compute Engine resources",
"https://www.googleapis.com/auth/compute.readonly": "View your Google Compute Engine resources"
}
}
},
"type": "oauth2"
},
"Oauth2c": {
"description": "Oauth 2.0 authorizationCode authentication",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://accounts.google.com/o/oauth2/auth",
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.",
"https://www.googleapis.com/auth/cloud-platform.read-only": "View your data across Google Cloud services and see the email address of your Google Account",
"https://www.googleapis.com/auth/compute": "View and manage your Google Compute Engine resources",
"https://www.googleapis.com/auth/compute.readonly": "View your Google Compute Engine resources"
},
"tokenUrl": "https://accounts.google.com/o/oauth2/token"
}
},
"type": "oauth2"
}
}
}
}