google-apis-sts_v1beta 0.1.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/lib/google/apis/sts_v1beta/classes.rb +61 -51
- data/lib/google/apis/sts_v1beta/gem_version.rb +3 -3
- data/lib/google/apis/sts_v1beta/service.rb +4 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a32a3af4a922e2081537df49305eb12c9739d69689ed9bbb1e065f8fc4fef958
|
4
|
+
data.tar.gz: a01ce35bd257d7d0fdfee4ee449d65c6b60d40a5330a8a642a0b0ec082657c9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 580849a9f60be7a9462a490688e8df13e7051c2c7450128eea503519722c3532bc4f21a23d16cb84b1cd92a043b02ceb9f6b5ac8da8ba8d0c72407a3dc300c50
|
7
|
+
data.tar.gz: 12a58b5b3b7835beb1d935e442027888b8e27d2ef181d01b27fded8db971c22e707145cb4e18e24091529c5a3fa35fa9d261eca34bbf28c4b3e273843a5f8816
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,27 @@
|
|
1
1
|
# Release history for google-apis-sts_v1beta
|
2
2
|
|
3
|
+
### v0.6.0 (2021-05-20)
|
4
|
+
|
5
|
+
* Unspecified changes
|
6
|
+
|
7
|
+
### v0.5.0 (2021-05-15)
|
8
|
+
|
9
|
+
* Regenerated from discovery document revision 20210508
|
10
|
+
* Regenerated using generator version 0.2.0
|
11
|
+
|
12
|
+
### v0.4.0 (2021-03-04)
|
13
|
+
|
14
|
+
* Unspecified changes
|
15
|
+
|
16
|
+
### v0.3.0 (2021-02-12)
|
17
|
+
|
18
|
+
* Regenerated from discovery document revision 20210206
|
19
|
+
|
20
|
+
### v0.2.0 (2021-01-23)
|
21
|
+
|
22
|
+
* Regenerated from discovery document revision 20210116
|
23
|
+
* Regenerated using generator version 0.1.2
|
24
|
+
|
3
25
|
### v0.1.0 (2021-01-07)
|
4
26
|
|
5
27
|
* Regenerated using generator version 0.1.1
|
@@ -66,62 +66,72 @@ module Google
|
|
66
66
|
# subject_token_type` must be `urn:ietf:params:oauth:token-type:jwt`. The
|
67
67
|
# following headers are required: - `kid`: The identifier of the signing key
|
68
68
|
# securing the JWT. - `alg`: The cryptographic algorithm securing the JWT. Must
|
69
|
-
# be `RS256`. The following payload fields are required. For more
|
70
|
-
# see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#
|
71
|
-
# iss`: The issuer of the token. The issuer must provide a
|
72
|
-
# the URL `/.well-known/openid-configuration`, where `` is
|
73
|
-
# field. The document must be formatted according to section 4.
|
74
|
-
# 0 Discovery specification](https://openid.net/specs/openid-
|
75
|
-
# 1_0.html#ProviderConfigurationResponse). - `iat`: The issue
|
76
|
-
# since the Unix epoch. Must be in the past. - `exp`: The
|
77
|
-
# seconds, since the Unix epoch. Must be less than 48 hours
|
78
|
-
# expiration times are more secure. If possible, we
|
79
|
-
# expiration time less than 6 hours. - `sub`: The identity
|
80
|
-
# `aud`:
|
81
|
-
#
|
82
|
-
#
|
83
|
-
#
|
84
|
-
#
|
85
|
-
#
|
86
|
-
#
|
87
|
-
#
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
-
#
|
92
|
-
# com
|
93
|
-
#
|
94
|
-
#
|
95
|
-
#
|
96
|
-
#
|
97
|
-
#
|
98
|
-
#
|
99
|
-
#
|
100
|
-
#
|
101
|
-
#
|
69
|
+
# be `RS256` or `ES256`. The following payload fields are required. For more
|
70
|
+
# information, see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#
|
71
|
+
# section-3): - `iss`: The issuer of the token. The issuer must provide a
|
72
|
+
# discovery document at the URL `/.well-known/openid-configuration`, where `` is
|
73
|
+
# the value of this field. The document must be formatted according to section 4.
|
74
|
+
# 2 of the [OIDC 1.0 Discovery specification](https://openid.net/specs/openid-
|
75
|
+
# connect-discovery-1_0.html#ProviderConfigurationResponse). - `iat`: The issue
|
76
|
+
# time, in seconds, since the Unix epoch. Must be in the past. - `exp`: The
|
77
|
+
# expiration time, in seconds, since the Unix epoch. Must be less than 48 hours
|
78
|
+
# after `iat`. Shorter expiration times are more secure. If possible, we
|
79
|
+
# recommend setting an expiration time less than 6 hours. - `sub`: The identity
|
80
|
+
# asserted in the JWT. - `aud`: For workload identity pools, this must be a
|
81
|
+
# value specified in the allowed audiences for the workload identity pool
|
82
|
+
# provider, or one of the audiences allowed by default if no audiences were
|
83
|
+
# specified. See https://cloud.google.com/iam/docs/reference/rest/v1/projects.
|
84
|
+
# locations.workloadIdentityPools.providers#oidc Example header: ``` ` "alg": "
|
85
|
+
# RS256", "kid": "us-east-11" ` ``` Example payload: ``` ` "iss": "https://
|
86
|
+
# accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "//iam.
|
87
|
+
# googleapis.com/projects/1234567890123/locations/global/workloadIdentityPools/
|
88
|
+
# my-pool/providers/my-provider", "sub": "113475438248934895348", "my_claims": `
|
89
|
+
# "additional_claim": "value" ` ` ``` If `subject_token` is for AWS, it must be
|
90
|
+
# a serialized `GetCallerIdentity` token. This token contains the same
|
91
|
+
# information as a request to the AWS [`GetCallerIdentity()`](https://docs.aws.
|
92
|
+
# amazon.com/STS/latest/APIReference/API_GetCallerIdentity) method, as well as
|
93
|
+
# the AWS [signature](https://docs.aws.amazon.com/general/latest/gr/
|
94
|
+
# signing_aws_api_requests.html) for the request information. Use Signature
|
95
|
+
# Version 4. Format the request as URL-encoded JSON, and set the `
|
96
|
+
# subject_token_type` parameter to `urn:ietf:params:aws:token-type:aws4_request`.
|
97
|
+
# The following parameters are required: - `url`: The URL of the AWS STS
|
98
|
+
# endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.com?Action=
|
99
|
+
# GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also supported. -
|
100
|
+
# `method`: The HTTP request method: `POST`. - `headers`: The HTTP request
|
101
|
+
# headers, which must include: - `Authorization`: The request signature. - `x-
|
102
|
+
# amz-date`: The time you will send the request, formatted as an [ISO8601 Basic](
|
103
|
+
# https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
|
104
|
+
# sigv4_elements_date) string. This value is typically set to the current time
|
105
|
+
# and is used to help prevent replay attacks. - `host`: The hostname of the `url`
|
106
|
+
# field; for example, `sts.amazonaws.com`. - `x-goog-cloud-target-resource`:
|
107
|
+
# The full, canonical resource name of the workload identity pool provider, with
|
108
|
+
# or without an `https:` prefix. To help ensure data integrity, we recommend
|
102
109
|
# including this header in the `SignedHeaders` field of the signed request. For
|
103
110
|
# example: //iam.googleapis.com/projects//locations//workloadIdentityPools//
|
104
111
|
# providers/ https://iam.googleapis.com/projects//locations//
|
105
112
|
# workloadIdentityPools//providers/ If you are using temporary security
|
106
113
|
# credentials provided by AWS, you must also include the header `x-amz-security-
|
107
|
-
# token`, with the value
|
108
|
-
#
|
109
|
-
# `"key": "Authorization", "value": "AWS4-HMAC-SHA256+
|
110
|
-
# SignedHeaders=host;x-amz-date;x-goog-cloud-target-
|
111
|
-
# signature"`, `"key": "x-goog-cloud-target-resource", "
|
112
|
-
# googleapis.com/projects//locations//workloadIdentityPools//
|
113
|
-
# : "host", "value": "sts.amazonaws.com"` . ], "method":
|
114
|
-
# sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-
|
115
|
-
# also use a Google-issued OAuth 2.0 access token with this
|
116
|
-
# access token with new security attributes applied, such as
|
117
|
-
# Boundary. In this case, set `subject_token_type` to `urn:
|
118
|
-
# token-type:access_token`. If an access token already
|
119
|
-
# attributes, you cannot apply additional security attributes.
|
114
|
+
# token`, with the value set to the session token. The following example shows a
|
115
|
+
# `GetCallerIdentity` token: ``` ` "headers": [ `"key": "x-amz-date", "value": "
|
116
|
+
# 20200815T015049Z"`, `"key": "Authorization", "value": "AWS4-HMAC-SHA256+
|
117
|
+
# Credential=$credential,+SignedHeaders=host;x-amz-date;x-goog-cloud-target-
|
118
|
+
# resource,+Signature=$signature"`, `"key": "x-goog-cloud-target-resource", "
|
119
|
+
# value": "//iam.googleapis.com/projects//locations//workloadIdentityPools//
|
120
|
+
# providers/"`, `"key": "host", "value": "sts.amazonaws.com"` . ], "method": "
|
121
|
+
# POST", "url": "https://sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-
|
122
|
+
# 06-15" ` ``` You can also use a Google-issued OAuth 2.0 access token with this
|
123
|
+
# field to obtain an access token with new security attributes applied, such as
|
124
|
+
# a Credential Access Boundary. In this case, set `subject_token_type` to `urn:
|
125
|
+
# ietf:params:oauth:token-type:access_token`. If an access token already
|
126
|
+
# contains security attributes, you cannot apply additional security attributes.
|
120
127
|
# Corresponds to the JSON property `subjectToken`
|
121
128
|
# @return [String]
|
122
129
|
attr_accessor :subject_token
|
123
130
|
|
124
|
-
# Required. `
|
131
|
+
# Required. An identifier that indicates the type of the security token in the `
|
132
|
+
# subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
|
133
|
+
# type:jwt`, `urn:ietf:params:aws:token-type:aws4_request`, and `urn:ietf:params:
|
134
|
+
# oauth:token-type:access_token`.
|
125
135
|
# Corresponds to the JSON property `subjectTokenType`
|
126
136
|
# @return [String]
|
127
137
|
attr_accessor :subject_token_type
|
@@ -154,10 +164,10 @@ module Google
|
|
154
164
|
# @return [String]
|
155
165
|
attr_accessor :access_token
|
156
166
|
|
157
|
-
# The amount of time, in seconds, between the time when the
|
158
|
-
# issued and the time when the
|
167
|
+
# The amount of time, in seconds, between the time when the access token was
|
168
|
+
# issued and the time when the access token will expire. This field is absent
|
159
169
|
# when the `subject_token` in the request is a Google-issued, short-lived access
|
160
|
-
# token. In this case, the
|
170
|
+
# token. In this case, the access token has the same expiration time as the `
|
161
171
|
# subject_token`.
|
162
172
|
# Corresponds to the JSON property `expires_in`
|
163
173
|
# @return [Fixnum]
|
@@ -169,7 +179,7 @@ module Google
|
|
169
179
|
# @return [String]
|
170
180
|
attr_accessor :issued_token_type
|
171
181
|
|
172
|
-
# The type of
|
182
|
+
# The type of access token. Always has the value `Bearer`.
|
173
183
|
# Corresponds to the JSON property `token_type`
|
174
184
|
# @return [String]
|
175
185
|
attr_accessor :token_type
|
@@ -16,13 +16,13 @@ module Google
|
|
16
16
|
module Apis
|
17
17
|
module StsV1beta
|
18
18
|
# Version of the google-apis-sts_v1beta gem
|
19
|
-
GEM_VERSION = "0.
|
19
|
+
GEM_VERSION = "0.6.0"
|
20
20
|
|
21
21
|
# Version of the code generator used to generate this client
|
22
|
-
GENERATOR_VERSION = "0.
|
22
|
+
GENERATOR_VERSION = "0.2.0"
|
23
23
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
25
|
-
REVISION = "
|
25
|
+
REVISION = "20210508"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
@@ -52,7 +52,10 @@ module Google
|
|
52
52
|
|
53
53
|
# Exchanges a credential for a Google OAuth 2.0 access token. The token asserts
|
54
54
|
# an external identity within a workload identity pool, or it applies a
|
55
|
-
# Credential Access Boundary to a Google access token.
|
55
|
+
# Credential Access Boundary to a Google access token. When you call this method,
|
56
|
+
# do not send the `Authorization` HTTP header in the request. This method does
|
57
|
+
# not require the `Authorization` header, and using the header can cause the
|
58
|
+
# request to fail.
|
56
59
|
# @param [Google::Apis::StsV1beta::GoogleIdentityStsV1betaExchangeTokenRequest] google_identity_sts_v1beta_exchange_token_request_object
|
57
60
|
# @param [String] fields
|
58
61
|
# Selector specifying which fields to include in a partial response.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-apis-sts_v1beta
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-05-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-apis-core
|
@@ -52,7 +52,7 @@ licenses:
|
|
52
52
|
metadata:
|
53
53
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
54
54
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1beta/CHANGELOG.md
|
55
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1beta/v0.
|
55
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1beta/v0.6.0
|
56
56
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1beta
|
57
57
|
post_install_message:
|
58
58
|
rdoc_options: []
|
@@ -62,14 +62,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
62
62
|
requirements:
|
63
63
|
- - ">="
|
64
64
|
- !ruby/object:Gem::Version
|
65
|
-
version: '2.
|
65
|
+
version: '2.5'
|
66
66
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
67
67
|
requirements:
|
68
68
|
- - ">="
|
69
69
|
- !ruby/object:Gem::Version
|
70
70
|
version: '0'
|
71
71
|
requirements: []
|
72
|
-
rubygems_version: 3.
|
72
|
+
rubygems_version: 3.2.17
|
73
73
|
signing_key:
|
74
74
|
specification_version: 4
|
75
75
|
summary: Simple REST client for Security Token Service API V1beta
|