google-apis-sts_v1 0.1.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db115d37034bb8686c8cf5225281dbd6153529e01f1e81137b081d72f18b60c9
-  data.tar.gz: 7fc7e1aae9d5b986ada9a538ff9c6883ce2edc83c51de32875939dacdbda749e
+  metadata.gz: ad83d8d7c878650c69654f899fd41ca7291c56ab4fd37225d56777daf805bffd
+  data.tar.gz: 372b9ea37cff48cf8c2d20d4b6ee48b3f5e9b37007be481da5496ea8b9dd95a0
 SHA512:
-  metadata.gz: ed2662bfb049ef121bbec32c21863e7b8dc956bb21621483e2746fdd091ebc7ad463527f4e4e5ee5d7628870b34c459af508e998953e1b21efd0fce9b396cccd
-  data.tar.gz: 154c551892c54a9c0064d08c35b4f69937f44d62cf6aadb8d9e6d71dd6adc90a599b01efb67cb729044da2a5ca213960431edcd55817ffc8433df732bc376fdb
+  metadata.gz: 8f1e72fe1f0dc5a65df53db3ecafbb48097947f6e92582628846246aec22bf3a9638ef62424bde82805904a0e24d7a3de787d63f17c1fb76f80179afb49a6bcd
+  data.tar.gz: 42884317e457d60fb8d9b9fde62ed8f43e853287c8dc30b54f6574962cdbb88430c644c850e6d1af644383232f39bbf7bd27fdc2897faa5ce3e61a4ae15c9129

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Release history for google-apis-sts_v1
 
+### v0.6.0 (2021-05-20)
+
+* Unspecified changes
+
+### v0.5.0 (2021-05-15)
+
+* Regenerated from discovery document revision 20210508
+* Regenerated using generator version 0.2.0
+
+### v0.4.0 (2021-03-04)
+
+* Unspecified changes
+
+### v0.3.0 (2021-02-12)
+
+* Regenerated from discovery document revision 20210206
+
+### v0.2.0 (2021-02-05)
+
+* Regenerated from discovery document revision 20210130
+* Regenerated using generator version 0.1.2
+
 ### v0.1.0 (2021-01-07)
 
 * Regenerated using generator version 0.1.1

data/lib/google/apis/sts_v1/classes.rb

@@ -26,6 +26,13 @@ module Google
       class GoogleIdentityStsV1ExchangeTokenRequest
         include Google::Apis::Core::Hashable
       
+        # The full resource name of the identity provider; for example: `//iam.
+        # googleapis.com/projects//workloadIdentityPools//providers/`. Required when
+        # exchanging an external credential for a Google access token.
+        # Corresponds to the JSON property `audience`
+        # @return [String]
+        attr_accessor :audience
+      
         # Required. The grant type. Must be `urn:ietf:params:oauth:grant-type:token-
         # exchange`, which indicates a token exchange.
         # Corresponds to the JSON property `grantType`
@@ -45,17 +52,86 @@ module Google
         # @return [String]
         attr_accessor :requested_token_type
       
-        # Required. The input token. You can use a Google-issued OAuth 2.0 access token
-        # with this field to obtain an access token with new security attributes applied,
-        # such as a Credential Access Boundary. If an access token already contains
-        # security attributes, you cannot apply additional security attributes.
+        # The OAuth 2.0 scopes to include on the resulting access token, formatted as a
+        # list of space-delimited, case-sensitive strings. Required when exchanging an
+        # external credential for a Google access token.
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+      
+        # Required. The input token. This token is a either an external credential
+        # issued by a workload identity pool provider, or a short-lived access token
+        # issued by Google. If the token is an OIDC JWT, it must use the JWT format
+        # defined in [RFC 7523](https://tools.ietf.org/html/rfc7523), and the `
+        # subject_token_type` must be `urn:ietf:params:oauth:token-type:jwt`. The
+        # following headers are required: - `kid`: The identifier of the signing key
+        # securing the JWT. - `alg`: The cryptographic algorithm securing the JWT. Must
+        # be `RS256` or `ES256`. The following payload fields are required. For more
+        # information, see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#
+        # section-3): - `iss`: The issuer of the token. The issuer must provide a
+        # discovery document at the URL `/.well-known/openid-configuration`, where `` is
+        # the value of this field. The document must be formatted according to section 4.
+        # 2 of the [OIDC 1.0 Discovery specification](https://openid.net/specs/openid-
+        # connect-discovery-1_0.html#ProviderConfigurationResponse). - `iat`: The issue
+        # time, in seconds, since the Unix epoch. Must be in the past. - `exp`: The
+        # expiration time, in seconds, since the Unix epoch. Must be less than 48 hours
+        # after `iat`. Shorter expiration times are more secure. If possible, we
+        # recommend setting an expiration time less than 6 hours. - `sub`: The identity
+        # asserted in the JWT. - `aud`: For workload identity pools, this must be a
+        # value specified in the allowed audiences for the workload identity pool
+        # provider, or one of the audiences allowed by default if no audiences were
+        # specified. See https://cloud.google.com/iam/docs/reference/rest/v1/projects.
+        # locations.workloadIdentityPools.providers#oidc Example header: ``` ` "alg": "
+        # RS256", "kid": "us-east-11" ` ``` Example payload: ``` ` "iss": "https://
+        # accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "//iam.
+        # googleapis.com/projects/1234567890123/locations/global/workloadIdentityPools/
+        # my-pool/providers/my-provider", "sub": "113475438248934895348", "my_claims": `
+        # "additional_claim": "value" ` ` ``` If `subject_token` is for AWS, it must be
+        # a serialized `GetCallerIdentity` token. This token contains the same
+        # information as a request to the AWS [`GetCallerIdentity()`](https://docs.aws.
+        # amazon.com/STS/latest/APIReference/API_GetCallerIdentity) method, as well as
+        # the AWS [signature](https://docs.aws.amazon.com/general/latest/gr/
+        # signing_aws_api_requests.html) for the request information. Use Signature
+        # Version 4. Format the request as URL-encoded JSON, and set the `
+        # subject_token_type` parameter to `urn:ietf:params:aws:token-type:aws4_request`.
+        # The following parameters are required: - `url`: The URL of the AWS STS
+        # endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.com?Action=
+        # GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also supported. -
+        # `method`: The HTTP request method: `POST`. - `headers`: The HTTP request
+        # headers, which must include: - `Authorization`: The request signature. - `x-
+        # amz-date`: The time you will send the request, formatted as an [ISO8601 Basic](
+        # https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
+        # sigv4_elements_date) string. This value is typically set to the current time
+        # and is used to help prevent replay attacks. - `host`: The hostname of the `url`
+        # field; for example, `sts.amazonaws.com`. - `x-goog-cloud-target-resource`:
+        # The full, canonical resource name of the workload identity pool provider, with
+        # or without an `https:` prefix. To help ensure data integrity, we recommend
+        # including this header in the `SignedHeaders` field of the signed request. For
+        # example: //iam.googleapis.com/projects//locations//workloadIdentityPools//
+        # providers/ https://iam.googleapis.com/projects//locations//
+        # workloadIdentityPools//providers/ If you are using temporary security
+        # credentials provided by AWS, you must also include the header `x-amz-security-
+        # token`, with the value set to the session token. The following example shows a
+        # `GetCallerIdentity` token: ``` ` "headers": [ `"key": "x-amz-date", "value": "
+        # 20200815T015049Z"`, `"key": "Authorization", "value": "AWS4-HMAC-SHA256+
+        # Credential=$credential,+SignedHeaders=host;x-amz-date;x-goog-cloud-target-
+        # resource,+Signature=$signature"`, `"key": "x-goog-cloud-target-resource", "
+        # value": "//iam.googleapis.com/projects//locations//workloadIdentityPools//
+        # providers/"`, `"key": "host", "value": "sts.amazonaws.com"` . ], "method": "
+        # POST", "url": "https://sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-
+        # 06-15" ` ``` You can also use a Google-issued OAuth 2.0 access token with this
+        # field to obtain an access token with new security attributes applied, such as
+        # a Credential Access Boundary. In this case, set `subject_token_type` to `urn:
+        # ietf:params:oauth:token-type:access_token`. If an access token already
+        # contains security attributes, you cannot apply additional security attributes.
         # Corresponds to the JSON property `subjectToken`
         # @return [String]
         attr_accessor :subject_token
       
         # Required. An identifier that indicates the type of the security token in the `
-        # subject_token` parameter. Must be `urn:ietf:params:oauth:token-type:
-        # access_token`.
+        # subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
+        # type:jwt`, `urn:ietf:params:aws:token-type:aws4_request`, and `urn:ietf:params:
+        # oauth:token-type:access_token`.
         # Corresponds to the JSON property `subjectTokenType`
         # @return [String]
         attr_accessor :subject_token_type
@@ -66,9 +142,11 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @audience = args[:audience] if args.key?(:audience)
           @grant_type = args[:grant_type] if args.key?(:grant_type)
           @options = args[:options] if args.key?(:options)
           @requested_token_type = args[:requested_token_type] if args.key?(:requested_token_type)
+          @scope = args[:scope] if args.key?(:scope)
           @subject_token = args[:subject_token] if args.key?(:subject_token)
           @subject_token_type = args[:subject_token_type] if args.key?(:subject_token_type)
         end
@@ -79,15 +157,17 @@ module Google
         include Google::Apis::Core::Hashable
       
         # An OAuth 2.0 security token, issued by Google, in response to the token
-        # exchange request.
+        # exchange request. Tokens can vary in size, depending in part on the size of
+        # mapped claims, up to a maximum of 12288 bytes (12 KB). Google reserves the
+        # right to change the token size and the maximum length at any time.
         # Corresponds to the JSON property `access_token`
         # @return [String]
         attr_accessor :access_token
       
-        # The amount of time, in seconds, between the time when the `access_token` was
-        # issued and the time when the `access_token` will expire. This field is absent
+        # The amount of time, in seconds, between the time when the access token was
+        # issued and the time when the access token will expire. This field is absent
         # when the `subject_token` in the request is a Google-issued, short-lived access
-        # token. In this case, the `access_token` has the same expiration time as the `
+        # token. In this case, the access token has the same expiration time as the `
         # subject_token`.
         # Corresponds to the JSON property `expires_in`
         # @return [Fixnum]
@@ -99,7 +179,7 @@ module Google
         # @return [String]
         attr_accessor :issued_token_type
       
-        # The type of `access_token`. Always has the value `Bearer`.
+        # The type of access token. Always has the value `Bearer`.
         # Corresponds to the JSON property `token_type`
         # @return [String]
         attr_accessor :token_type

data/lib/google/apis/sts_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module StsV1
       # Version of the google-apis-sts_v1 gem
-      GEM_VERSION = "0.1.0"
+      GEM_VERSION = "0.6.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.1.1"
+      GENERATOR_VERSION = "0.2.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20201004"
+      REVISION = "20210508"
     end
   end
 end

data/lib/google/apis/sts_v1/representations.rb

@@ -37,9 +37,11 @@ module Google
       class GoogleIdentityStsV1ExchangeTokenRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
+          property :audience, as: 'audience'
           property :grant_type, as: 'grantType'
           property :options, as: 'options'
           property :requested_token_type, as: 'requestedTokenType'
+          property :scope, as: 'scope'
           property :subject_token, as: 'subjectToken'
           property :subject_token_type, as: 'subjectTokenType'
         end

data/lib/google/apis/sts_v1/service.rb

@@ -50,7 +50,12 @@ module Google
           @batch_path = 'batch'
         end
         
-        # Exchanges a credential for a Google OAuth 2.0 access token.
+        # Exchanges a credential for a Google OAuth 2.0 access token. The token asserts
+        # an external identity within a workload identity pool, or it applies a
+        # Credential Access Boundary to a Google access token. When you call this method,
+        # do not send the `Authorization` HTTP header in the request. This method does
+        # not require the `Authorization` header, and using the header can cause the
+        # request to fail.
         # @param [Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenRequest] google_identity_sts_v1_exchange_token_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-sts_v1
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-08 00:00:00.000000000 Z
+date: 2021-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -52,7 +52,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1/v0.1.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1/v0.6.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1
 post_install_message: 
 rdoc_options: []
@@ -62,14 +62,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.17
 signing_key: 
 specification_version: 4
 summary: Simple REST client for Security Token Service API V1