google-apis-sts_v1beta 0.1.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2f2aaac858819442bb1f774bd1bfc8fd476af13b1f2f86c244b82ad0eafbeb3
-  data.tar.gz: a86317e03fadebd26d01e9645e8fb8978a21fb4a2bdb515d61f3618d9e3b1091
+  metadata.gz: a32a3af4a922e2081537df49305eb12c9739d69689ed9bbb1e065f8fc4fef958
+  data.tar.gz: a01ce35bd257d7d0fdfee4ee449d65c6b60d40a5330a8a642a0b0ec082657c9c
 SHA512:
-  metadata.gz: e54370746a14fdda22fff7f12440aa8a0b1f8dfadfa2c5e2549af58a11fbff5ecdbbf9c201c51ef0e2f8803404966596f5f9077f37453e51733be276068dbf23
-  data.tar.gz: ae6e98ef9e87b3f54bfcff3dc2d2b84a5d9f2e35c88d400d1ebc5ff13eb3b3774fab0a03dca2a477bfce3939f863c42c2dfe7f0532d2dd8fccdff4bdf21e044f
+  metadata.gz: 580849a9f60be7a9462a490688e8df13e7051c2c7450128eea503519722c3532bc4f21a23d16cb84b1cd92a043b02ceb9f6b5ac8da8ba8d0c72407a3dc300c50
+  data.tar.gz: 12a58b5b3b7835beb1d935e442027888b8e27d2ef181d01b27fded8db971c22e707145cb4e18e24091529c5a3fa35fa9d261eca34bbf28c4b3e273843a5f8816

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Release history for google-apis-sts_v1beta
 
+### v0.6.0 (2021-05-20)
+
+* Unspecified changes
+
+### v0.5.0 (2021-05-15)
+
+* Regenerated from discovery document revision 20210508
+* Regenerated using generator version 0.2.0
+
+### v0.4.0 (2021-03-04)
+
+* Unspecified changes
+
+### v0.3.0 (2021-02-12)
+
+* Regenerated from discovery document revision 20210206
+
+### v0.2.0 (2021-01-23)
+
+* Regenerated from discovery document revision 20210116
+* Regenerated using generator version 0.1.2
+
 ### v0.1.0 (2021-01-07)
 
 * Regenerated using generator version 0.1.1

data/lib/google/apis/sts_v1beta/classes.rb

@@ -66,62 +66,72 @@ module Google
         # subject_token_type` must be `urn:ietf:params:oauth:token-type:jwt`. The
         # following headers are required: - `kid`: The identifier of the signing key
         # securing the JWT. - `alg`: The cryptographic algorithm securing the JWT. Must
-        # be `RS256`. The following payload fields are required. For more information,
-        # see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#section-3): - `
-        # iss`: The issuer of the token. The issuer must provide a discovery document at
-        # the URL `/.well-known/openid-configuration`, where `` is the value of this
-        # field. The document must be formatted according to section 4.2 of the [OIDC 1.
-        # 0 Discovery specification](https://openid.net/specs/openid-connect-discovery-
-        # 1_0.html#ProviderConfigurationResponse). - `iat`: The issue time, in seconds,
-        # since the Unix epoch. Must be in the past. - `exp`: The expiration time, in
-        # seconds, since the Unix epoch. Must be less than 48 hours after `iat`. Shorter
-        # expiration times are more secure. If possible, we recommend setting an
-        # expiration time less than 6 hours. - `sub`: The identity asserted in the JWT. -
-        # `aud`: Configured by the mapper policy. The default value is the service
-        # account's unique ID. Example header: ``` ` "alg": "RS256", "kid": "us-east-11"
-        # ` ``` Example payload: ``` ` "iss": "https://accounts.google.com", "iat":
-        # 1517963104, "exp": 1517966704, "aud": "113475438248934895348", "sub": "
-        # 113475438248934895348", "my_claims": ` "additional_claim": "value" ` ` ``` If `
-        # subject_token` is an AWS token, it must be a serialized, [signed](https://docs.
-        # aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) request to the
-        # AWS [`GetCallerIdentity()`](https://docs.aws.amazon.com/STS/latest/
-        # APIReference/API_GetCallerIdentity) method. Format the request as URL-encoded
-        # JSON, and set the `subject_token_type` parameter to `urn:ietf:params:aws:token-
-        # type:aws4_request`. The following parameters are required: - `url`: The URL of
-        # the AWS STS endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.
-        # com?Action=GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also
-        # supported. - `method`: The HTTP request method: `POST`. - `headers`: The HTTP
-        # request headers, which must include: - `Authorization`: The request signature.
-        # - `x-amz-date`: The time you will send the request, formatted as an [ISO8601
-        # Basic](https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
-        # sigv4_elements_date) string. This is typically set to the current time and
-        # used to prevent replay attacks. - `host`: The hostname of the `url` field; for
-        # example, `sts.amazonaws.com`. - `x-goog-cloud-target-resource`: The full,
-        # canonical resource name of the workload identity pool provider, with or
-        # without an `https:` prefix. To help ensure data integrity, we recommend
+        # be `RS256` or `ES256`. The following payload fields are required. For more
+        # information, see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#
+        # section-3): - `iss`: The issuer of the token. The issuer must provide a
+        # discovery document at the URL `/.well-known/openid-configuration`, where `` is
+        # the value of this field. The document must be formatted according to section 4.
+        # 2 of the [OIDC 1.0 Discovery specification](https://openid.net/specs/openid-
+        # connect-discovery-1_0.html#ProviderConfigurationResponse). - `iat`: The issue
+        # time, in seconds, since the Unix epoch. Must be in the past. - `exp`: The
+        # expiration time, in seconds, since the Unix epoch. Must be less than 48 hours
+        # after `iat`. Shorter expiration times are more secure. If possible, we
+        # recommend setting an expiration time less than 6 hours. - `sub`: The identity
+        # asserted in the JWT. - `aud`: For workload identity pools, this must be a
+        # value specified in the allowed audiences for the workload identity pool
+        # provider, or one of the audiences allowed by default if no audiences were
+        # specified. See https://cloud.google.com/iam/docs/reference/rest/v1/projects.
+        # locations.workloadIdentityPools.providers#oidc Example header: ``` ` "alg": "
+        # RS256", "kid": "us-east-11" ` ``` Example payload: ``` ` "iss": "https://
+        # accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "//iam.
+        # googleapis.com/projects/1234567890123/locations/global/workloadIdentityPools/
+        # my-pool/providers/my-provider", "sub": "113475438248934895348", "my_claims": `
+        # "additional_claim": "value" ` ` ``` If `subject_token` is for AWS, it must be
+        # a serialized `GetCallerIdentity` token. This token contains the same
+        # information as a request to the AWS [`GetCallerIdentity()`](https://docs.aws.
+        # amazon.com/STS/latest/APIReference/API_GetCallerIdentity) method, as well as
+        # the AWS [signature](https://docs.aws.amazon.com/general/latest/gr/
+        # signing_aws_api_requests.html) for the request information. Use Signature
+        # Version 4. Format the request as URL-encoded JSON, and set the `
+        # subject_token_type` parameter to `urn:ietf:params:aws:token-type:aws4_request`.
+        # The following parameters are required: - `url`: The URL of the AWS STS
+        # endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.com?Action=
+        # GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also supported. -
+        # `method`: The HTTP request method: `POST`. - `headers`: The HTTP request
+        # headers, which must include: - `Authorization`: The request signature. - `x-
+        # amz-date`: The time you will send the request, formatted as an [ISO8601 Basic](
+        # https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
+        # sigv4_elements_date) string. This value is typically set to the current time
+        # and is used to help prevent replay attacks. - `host`: The hostname of the `url`
+        # field; for example, `sts.amazonaws.com`. - `x-goog-cloud-target-resource`:
+        # The full, canonical resource name of the workload identity pool provider, with
+        # or without an `https:` prefix. To help ensure data integrity, we recommend
         # including this header in the `SignedHeaders` field of the signed request. For
         # example: //iam.googleapis.com/projects//locations//workloadIdentityPools//
         # providers/ https://iam.googleapis.com/projects//locations//
         # workloadIdentityPools//providers/ If you are using temporary security
         # credentials provided by AWS, you must also include the header `x-amz-security-
-        # token`, with the value ``. The following example shows a signed, serialized
-        # request: ``` ` "headers":[ `"key": "x-amz-date", "value": "20200815T015049Z"`,
-        # `"key": "Authorization", "value": "AWS4-HMAC-SHA256+Credential=$credential,+
-        # SignedHeaders=host;x-amz-date;x-goog-cloud-target-resource,+Signature=$
-        # signature"`, `"key": "x-goog-cloud-target-resource", "value": "//iam.
-        # googleapis.com/projects//locations//workloadIdentityPools//providers/"`, `"key"
-        # : "host", "value": "sts.amazonaws.com"` . ], "method":"POST", "url":"https://
-        # sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15" ` ``` You can
-        # also use a Google-issued OAuth 2.0 access token with this field to obtain an
-        # access token with new security attributes applied, such as a Credential Access
-        # Boundary. In this case, set `subject_token_type` to `urn:ietf:params:oauth:
-        # token-type:access_token`. If an access token already contains security
-        # attributes, you cannot apply additional security attributes.
+        # token`, with the value set to the session token. The following example shows a
+        # `GetCallerIdentity` token: ``` ` "headers": [ `"key": "x-amz-date", "value": "
+        # 20200815T015049Z"`, `"key": "Authorization", "value": "AWS4-HMAC-SHA256+
+        # Credential=$credential,+SignedHeaders=host;x-amz-date;x-goog-cloud-target-
+        # resource,+Signature=$signature"`, `"key": "x-goog-cloud-target-resource", "
+        # value": "//iam.googleapis.com/projects//locations//workloadIdentityPools//
+        # providers/"`, `"key": "host", "value": "sts.amazonaws.com"` . ], "method": "
+        # POST", "url": "https://sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-
+        # 06-15" ` ``` You can also use a Google-issued OAuth 2.0 access token with this
+        # field to obtain an access token with new security attributes applied, such as
+        # a Credential Access Boundary. In this case, set `subject_token_type` to `urn:
+        # ietf:params:oauth:token-type:access_token`. If an access token already
+        # contains security attributes, you cannot apply additional security attributes.
         # Corresponds to the JSON property `subjectToken`
         # @return [String]
         attr_accessor :subject_token
       
-        # Required. `urn:ietf:params:oauth:token-type:access_token`.
+        # Required. An identifier that indicates the type of the security token in the `
+        # subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
+        # type:jwt`, `urn:ietf:params:aws:token-type:aws4_request`, and `urn:ietf:params:
+        # oauth:token-type:access_token`.
         # Corresponds to the JSON property `subjectTokenType`
         # @return [String]
         attr_accessor :subject_token_type
@@ -154,10 +164,10 @@ module Google
         # @return [String]
         attr_accessor :access_token
       
-        # The amount of time, in seconds, between the time when the `access_token` was
-        # issued and the time when the `access_token` will expire. This field is absent
+        # The amount of time, in seconds, between the time when the access token was
+        # issued and the time when the access token will expire. This field is absent
         # when the `subject_token` in the request is a Google-issued, short-lived access
-        # token. In this case, the `access_token` has the same expiration time as the `
+        # token. In this case, the access token has the same expiration time as the `
         # subject_token`.
         # Corresponds to the JSON property `expires_in`
         # @return [Fixnum]
@@ -169,7 +179,7 @@ module Google
         # @return [String]
         attr_accessor :issued_token_type
       
-        # The type of `access_token`. Always has the value `Bearer`.
+        # The type of access token. Always has the value `Bearer`.
         # Corresponds to the JSON property `token_type`
         # @return [String]
         attr_accessor :token_type

data/lib/google/apis/sts_v1beta/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module StsV1beta
       # Version of the google-apis-sts_v1beta gem
-      GEM_VERSION = "0.1.0"
+      GEM_VERSION = "0.6.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.1.1"
+      GENERATOR_VERSION = "0.2.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20201009"
+      REVISION = "20210508"
     end
   end
 end

data/lib/google/apis/sts_v1beta/service.rb

@@ -52,7 +52,10 @@ module Google
         
         # Exchanges a credential for a Google OAuth 2.0 access token. The token asserts
         # an external identity within a workload identity pool, or it applies a
-        # Credential Access Boundary to a Google access token.
+        # Credential Access Boundary to a Google access token. When you call this method,
+        # do not send the `Authorization` HTTP header in the request. This method does
+        # not require the `Authorization` header, and using the header can cause the
+        # request to fail.
         # @param [Google::Apis::StsV1beta::GoogleIdentityStsV1betaExchangeTokenRequest] google_identity_sts_v1beta_exchange_token_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-sts_v1beta
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-08 00:00:00.000000000 Z
+date: 2021-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -52,7 +52,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1beta/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1beta/v0.1.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1beta/v0.6.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1beta
 post_install_message: 
 rdoc_options: []
@@ -62,14 +62,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.17
 signing_key: 
 specification_version: 4
 summary: Simple REST client for Security Token Service API V1beta