google-apis-sts_v1 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db115d37034bb8686c8cf5225281dbd6153529e01f1e81137b081d72f18b60c9
-  data.tar.gz: 7fc7e1aae9d5b986ada9a538ff9c6883ce2edc83c51de32875939dacdbda749e
+  metadata.gz: 3a920e124439536ee81b5a68784019e5fc96fc7e2ff24d0cfee8eaddadb3e7be
+  data.tar.gz: 3ede3bb61ad59cefbc89716cf100a6b3a21afb9a540023df6b77a8e6b4a78b97
 SHA512:
-  metadata.gz: ed2662bfb049ef121bbec32c21863e7b8dc956bb21621483e2746fdd091ebc7ad463527f4e4e5ee5d7628870b34c459af508e998953e1b21efd0fce9b396cccd
-  data.tar.gz: 154c551892c54a9c0064d08c35b4f69937f44d62cf6aadb8d9e6d71dd6adc90a599b01efb67cb729044da2a5ca213960431edcd55817ffc8433df732bc376fdb
+  metadata.gz: cfc64901e5ce05654fda2135cd6090314793306caace1cd4e5fd6905a8ac8fdb9cf27e345e48eece45a05a500c685d1c87647f50ac491a2a69e80895ac8a4a4e
+  data.tar.gz: 31fe1167205d212999e8c5f16bbb8e7438d62c1431aee8c9f1b4c988e99b4a72e562a06e8dfbcbaeaeb0916dd13cb5e4399d55ffaacbeb53b8bf684758e964b4

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Release history for google-apis-sts_v1
 
+### v0.2.0 (2021-02-05)
+
+* Regenerated from discovery document revision 20210130
+* Regenerated using generator version 0.1.2
+
 ### v0.1.0 (2021-01-07)
 
 * Regenerated using generator version 0.1.1

data/lib/google/apis/sts_v1/classes.rb

@@ -26,6 +26,13 @@ module Google
       class GoogleIdentityStsV1ExchangeTokenRequest
         include Google::Apis::Core::Hashable
       
+        # The full resource name of the identity provider; for example: `//iam.
+        # googleapis.com/projects//workloadIdentityPools//providers/`. Required when
+        # exchanging an external credential for a Google access token.
+        # Corresponds to the JSON property `audience`
+        # @return [String]
+        attr_accessor :audience
+      
         # Required. The grant type. Must be `urn:ietf:params:oauth:grant-type:token-
         # exchange`, which indicates a token exchange.
         # Corresponds to the JSON property `grantType`
@@ -45,17 +52,81 @@ module Google
         # @return [String]
         attr_accessor :requested_token_type
       
-        # Required. The input token. You can use a Google-issued OAuth 2.0 access token
-        # with this field to obtain an access token with new security attributes applied,
-        # such as a Credential Access Boundary. If an access token already contains
-        # security attributes, you cannot apply additional security attributes.
+        # The OAuth 2.0 scopes to include on the resulting access token, formatted as a
+        # list of space-delimited, case-sensitive strings. Required when exchanging an
+        # external credential for a Google access token.
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+      
+        # Required. The input token. This token is a either an external credential
+        # issued by a workload identity pool provider, or a short-lived access token
+        # issued by Google. If the token is an OIDC JWT, it must use the JWT format
+        # defined in [RFC 7523](https://tools.ietf.org/html/rfc7523), and the `
+        # subject_token_type` must be `urn:ietf:params:oauth:token-type:jwt`. The
+        # following headers are required: - `kid`: The identifier of the signing key
+        # securing the JWT. - `alg`: The cryptographic algorithm securing the JWT. Must
+        # be `RS256`. The following payload fields are required. For more information,
+        # see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#section-3): - `
+        # iss`: The issuer of the token. The issuer must provide a discovery document at
+        # the URL `/.well-known/openid-configuration`, where `` is the value of this
+        # field. The document must be formatted according to section 4.2 of the [OIDC 1.
+        # 0 Discovery specification](https://openid.net/specs/openid-connect-discovery-
+        # 1_0.html#ProviderConfigurationResponse). - `iat`: The issue time, in seconds,
+        # since the Unix epoch. Must be in the past. - `exp`: The expiration time, in
+        # seconds, since the Unix epoch. Must be less than 48 hours after `iat`. Shorter
+        # expiration times are more secure. If possible, we recommend setting an
+        # expiration time less than 6 hours. - `sub`: The identity asserted in the JWT. -
+        # `aud`: Configured by the mapper policy. The default value is the service
+        # account's unique ID. Example header: ``` ` "alg": "RS256", "kid": "us-east-11"
+        # ` ``` Example payload: ``` ` "iss": "https://accounts.google.com", "iat":
+        # 1517963104, "exp": 1517966704, "aud": "113475438248934895348", "sub": "
+        # 113475438248934895348", "my_claims": ` "additional_claim": "value" ` ` ``` If `
+        # subject_token` is for AWS, it must be a serialized `GetCallerIdentity` token.
+        # This token contains the same information as a request to the AWS [`
+        # GetCallerIdentity()`](https://docs.aws.amazon.com/STS/latest/APIReference/
+        # API_GetCallerIdentity) method, as well as the AWS [signature](https://docs.aws.
+        # amazon.com/general/latest/gr/signing_aws_api_requests.html) for the request
+        # information. Use Signature Version 4. Format the request as URL-encoded JSON,
+        # and set the `subject_token_type` parameter to `urn:ietf:params:aws:token-type:
+        # aws4_request`. The following parameters are required: - `url`: The URL of the
+        # AWS STS endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.com?
+        # Action=GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also
+        # supported. - `method`: The HTTP request method: `POST`. - `headers`: The HTTP
+        # request headers, which must include: - `Authorization`: The request signature.
+        # - `x-amz-date`: The time you will send the request, formatted as an [ISO8601
+        # Basic](https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
+        # sigv4_elements_date) string. This value is typically set to the current time
+        # and is used to help prevent replay attacks. - `host`: The hostname of the `url`
+        # field; for example, `sts.amazonaws.com`. - `x-goog-cloud-target-resource`:
+        # The full, canonical resource name of the workload identity pool provider, with
+        # or without an `https:` prefix. To help ensure data integrity, we recommend
+        # including this header in the `SignedHeaders` field of the signed request. For
+        # example: //iam.googleapis.com/projects//locations//workloadIdentityPools//
+        # providers/ https://iam.googleapis.com/projects//locations//
+        # workloadIdentityPools//providers/ If you are using temporary security
+        # credentials provided by AWS, you must also include the header `x-amz-security-
+        # token`, with the value set to the session token. The following example shows a
+        # `GetCallerIdentity` token: ``` ` "headers": [ `"key": "x-amz-date", "value": "
+        # 20200815T015049Z"`, `"key": "Authorization", "value": "AWS4-HMAC-SHA256+
+        # Credential=$credential,+SignedHeaders=host;x-amz-date;x-goog-cloud-target-
+        # resource,+Signature=$signature"`, `"key": "x-goog-cloud-target-resource", "
+        # value": "//iam.googleapis.com/projects//locations//workloadIdentityPools//
+        # providers/"`, `"key": "host", "value": "sts.amazonaws.com"` . ], "method": "
+        # POST", "url": "https://sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-
+        # 06-15" ` ``` You can also use a Google-issued OAuth 2.0 access token with this
+        # field to obtain an access token with new security attributes applied, such as
+        # a Credential Access Boundary. In this case, set `subject_token_type` to `urn:
+        # ietf:params:oauth:token-type:access_token`. If an access token already
+        # contains security attributes, you cannot apply additional security attributes.
         # Corresponds to the JSON property `subjectToken`
         # @return [String]
         attr_accessor :subject_token
       
         # Required. An identifier that indicates the type of the security token in the `
-        # subject_token` parameter. Must be `urn:ietf:params:oauth:token-type:
-        # access_token`.
+        # subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
+        # type:jwt`, `urn:ietf:params:aws:token-type:aws4_request`, and `urn:ietf:params:
+        # oauth:token-type:access_token`.
         # Corresponds to the JSON property `subjectTokenType`
         # @return [String]
         attr_accessor :subject_token_type
@@ -66,9 +137,11 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @audience = args[:audience] if args.key?(:audience)
           @grant_type = args[:grant_type] if args.key?(:grant_type)
           @options = args[:options] if args.key?(:options)
           @requested_token_type = args[:requested_token_type] if args.key?(:requested_token_type)
+          @scope = args[:scope] if args.key?(:scope)
           @subject_token = args[:subject_token] if args.key?(:subject_token)
           @subject_token_type = args[:subject_token_type] if args.key?(:subject_token_type)
         end
@@ -79,15 +152,17 @@ module Google
         include Google::Apis::Core::Hashable
       
         # An OAuth 2.0 security token, issued by Google, in response to the token
-        # exchange request.
+        # exchange request. Tokens can vary in size, depending in part on the size of
+        # mapped claims, up to a maximum of 12288 bytes (12 KB). Google reserves the
+        # right to change the token size and the maximum length at any time.
         # Corresponds to the JSON property `access_token`
         # @return [String]
         attr_accessor :access_token
       
-        # The amount of time, in seconds, between the time when the `access_token` was
-        # issued and the time when the `access_token` will expire. This field is absent
+        # The amount of time, in seconds, between the time when the access token was
+        # issued and the time when the access token will expire. This field is absent
         # when the `subject_token` in the request is a Google-issued, short-lived access
-        # token. In this case, the `access_token` has the same expiration time as the `
+        # token. In this case, the access token has the same expiration time as the `
         # subject_token`.
         # Corresponds to the JSON property `expires_in`
         # @return [Fixnum]
@@ -99,7 +174,7 @@ module Google
         # @return [String]
         attr_accessor :issued_token_type
       
-        # The type of `access_token`. Always has the value `Bearer`.
+        # The type of access token. Always has the value `Bearer`.
         # Corresponds to the JSON property `token_type`
         # @return [String]
         attr_accessor :token_type

data/lib/google/apis/sts_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module StsV1
       # Version of the google-apis-sts_v1 gem
-      GEM_VERSION = "0.1.0"
+      GEM_VERSION = "0.2.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.1.1"
+      GENERATOR_VERSION = "0.1.2"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20201004"
+      REVISION = "20210130"
     end
   end
 end

data/lib/google/apis/sts_v1/representations.rb

@@ -37,9 +37,11 @@ module Google
       class GoogleIdentityStsV1ExchangeTokenRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
+          property :audience, as: 'audience'
           property :grant_type, as: 'grantType'
           property :options, as: 'options'
           property :requested_token_type, as: 'requestedTokenType'
+          property :scope, as: 'scope'
           property :subject_token, as: 'subjectToken'
           property :subject_token_type, as: 'subjectTokenType'
         end

data/lib/google/apis/sts_v1/service.rb

@@ -50,7 +50,9 @@ module Google
           @batch_path = 'batch'
         end
         
-        # Exchanges a credential for a Google OAuth 2.0 access token.
+        # Exchanges a credential for a Google OAuth 2.0 access token. The token asserts
+        # an external identity within a workload identity pool, or it applies a
+        # Credential Access Boundary to a Google access token.
         # @param [Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenRequest] google_identity_sts_v1_exchange_token_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-sts_v1
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-08 00:00:00.000000000 Z
+date: 2021-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -52,7 +52,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1/v0.1.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1/v0.2.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1
 post_install_message: 
 rdoc_options: []
@@ -69,7 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: Simple REST client for Security Token Service API V1