google-iam-credentials-v1 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ # This gem does not autoload during Bundler.require. To load this gem,
20
+ # issue explicit require statements for the packages desired, e.g.:
21
+ # require "google/iam/credentials/v1"
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/iam/credentials/v1/iam_credentials"
20
+ require "google/iam/credentials/v1/version"
21
+
22
+ module Google
23
+ module Iam
24
+ module Credentials
25
+ ##
26
+ # To load this package, including all its services, and instantiate a client:
27
+ #
28
+ # require "google/iam/credentials/v1"
29
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new
30
+ #
31
+ module V1
32
+ end
33
+ end
34
+ end
35
+ end
36
+
37
+ helper_path = ::File.join __dir__, "v1", "_helpers.rb"
38
+ require "google/iam/credentials/v1/_helpers" if ::File.file? helper_path
@@ -0,0 +1,67 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/iam/credentials/v1/common.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/api/field_behavior_pb'
7
+ require 'google/api/resource_pb'
8
+ require 'google/protobuf/duration_pb'
9
+ require 'google/protobuf/timestamp_pb'
10
+ Google::Protobuf::DescriptorPool.generated_pool.build do
11
+ add_file("google/iam/credentials/v1/common.proto", :syntax => :proto3) do
12
+ add_message "google.iam.credentials.v1.GenerateAccessTokenRequest" do
13
+ optional :name, :string, 1
14
+ repeated :delegates, :string, 2
15
+ repeated :scope, :string, 4
16
+ optional :lifetime, :message, 7, "google.protobuf.Duration"
17
+ end
18
+ add_message "google.iam.credentials.v1.GenerateAccessTokenResponse" do
19
+ optional :access_token, :string, 1
20
+ optional :expire_time, :message, 3, "google.protobuf.Timestamp"
21
+ end
22
+ add_message "google.iam.credentials.v1.SignBlobRequest" do
23
+ optional :name, :string, 1
24
+ repeated :delegates, :string, 3
25
+ optional :payload, :bytes, 5
26
+ end
27
+ add_message "google.iam.credentials.v1.SignBlobResponse" do
28
+ optional :key_id, :string, 1
29
+ optional :signed_blob, :bytes, 4
30
+ end
31
+ add_message "google.iam.credentials.v1.SignJwtRequest" do
32
+ optional :name, :string, 1
33
+ repeated :delegates, :string, 3
34
+ optional :payload, :string, 5
35
+ end
36
+ add_message "google.iam.credentials.v1.SignJwtResponse" do
37
+ optional :key_id, :string, 1
38
+ optional :signed_jwt, :string, 2
39
+ end
40
+ add_message "google.iam.credentials.v1.GenerateIdTokenRequest" do
41
+ optional :name, :string, 1
42
+ repeated :delegates, :string, 2
43
+ optional :audience, :string, 3
44
+ optional :include_email, :bool, 4
45
+ end
46
+ add_message "google.iam.credentials.v1.GenerateIdTokenResponse" do
47
+ optional :token, :string, 1
48
+ end
49
+ end
50
+ end
51
+
52
+ module Google
53
+ module Iam
54
+ module Credentials
55
+ module V1
56
+ GenerateAccessTokenRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateAccessTokenRequest").msgclass
57
+ GenerateAccessTokenResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateAccessTokenResponse").msgclass
58
+ SignBlobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignBlobRequest").msgclass
59
+ SignBlobResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignBlobResponse").msgclass
60
+ SignJwtRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignJwtRequest").msgclass
61
+ SignJwtResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignJwtResponse").msgclass
62
+ GenerateIdTokenRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateIdTokenRequest").msgclass
63
+ GenerateIdTokenResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateIdTokenResponse").msgclass
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "gapic/common"
20
+ require "gapic/config"
21
+ require "gapic/config/method"
22
+
23
+ require "google/iam/credentials/v1/version"
24
+
25
+ require "google/iam/credentials/v1/iam_credentials/credentials"
26
+ require "google/iam/credentials/v1/iam_credentials/paths"
27
+ require "google/iam/credentials/v1/iam_credentials/client"
28
+
29
+ module Google
30
+ module Iam
31
+ module Credentials
32
+ module V1
33
+ ##
34
+ # A service account is a special type of Google account that belongs to your
35
+ # application or a virtual machine (VM), instead of to an individual end user.
36
+ # Your application assumes the identity of the service account to call Google
37
+ # APIs, so that the users aren't directly involved.
38
+ #
39
+ # Service account credentials are used to temporarily assume the identity
40
+ # of the service account. Supported credential types include OAuth 2.0 access
41
+ # tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
42
+ # more.
43
+ #
44
+ # To load this service and instantiate a client:
45
+ #
46
+ # require "google/iam/credentials/v1/iam_credentials"
47
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new
48
+ #
49
+ module IAMCredentials
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
55
+
56
+ helper_path = ::File.join __dir__, "iam_credentials", "helpers.rb"
57
+ require "google/iam/credentials/v1/iam_credentials/helpers" if ::File.file? helper_path
@@ -0,0 +1,704 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/errors"
20
+ require "google/iam/credentials/v1/iamcredentials_pb"
21
+
22
+ module Google
23
+ module Iam
24
+ module Credentials
25
+ module V1
26
+ module IAMCredentials
27
+ ##
28
+ # Client for the IAMCredentials service.
29
+ #
30
+ # A service account is a special type of Google account that belongs to your
31
+ # application or a virtual machine (VM), instead of to an individual end user.
32
+ # Your application assumes the identity of the service account to call Google
33
+ # APIs, so that the users aren't directly involved.
34
+ #
35
+ # Service account credentials are used to temporarily assume the identity
36
+ # of the service account. Supported credential types include OAuth 2.0 access
37
+ # tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
38
+ # more.
39
+ #
40
+ class Client
41
+ include Paths
42
+
43
+ # @private
44
+ attr_reader :iam_credentials_stub
45
+
46
+ ##
47
+ # Configure the IAMCredentials Client class.
48
+ #
49
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Client::Configuration}
50
+ # for a description of the configuration fields.
51
+ #
52
+ # ## Example
53
+ #
54
+ # To modify the configuration for all IAMCredentials clients:
55
+ #
56
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Client.configure do |config|
57
+ # config.timeout = 10.0
58
+ # end
59
+ #
60
+ # @yield [config] Configure the Client client.
61
+ # @yieldparam config [Client::Configuration]
62
+ #
63
+ # @return [Client::Configuration]
64
+ #
65
+ def self.configure
66
+ @configure ||= begin
67
+ namespace = ["Google", "Iam", "Credentials", "V1"]
68
+ parent_config = while namespace.any?
69
+ parent_name = namespace.join "::"
70
+ parent_const = const_get parent_name
71
+ break parent_const.configure if parent_const&.respond_to? :configure
72
+ namespace.pop
73
+ end
74
+ default_config = Client::Configuration.new parent_config
75
+
76
+ default_config.rpcs.generate_access_token.timeout = 60.0
77
+ default_config.rpcs.generate_access_token.retry_policy = {
78
+ initial_delay: 0.1,
79
+ max_delay: 60.0,
80
+ multiplier: 1.3,
81
+ retry_codes: [14, 4]
82
+ }
83
+
84
+ default_config.rpcs.generate_id_token.timeout = 60.0
85
+ default_config.rpcs.generate_id_token.retry_policy = {
86
+ initial_delay: 0.1,
87
+ max_delay: 60.0,
88
+ multiplier: 1.3,
89
+ retry_codes: [14, 4]
90
+ }
91
+
92
+ default_config.rpcs.sign_blob.timeout = 60.0
93
+ default_config.rpcs.sign_blob.retry_policy = {
94
+ initial_delay: 0.1,
95
+ max_delay: 60.0,
96
+ multiplier: 1.3,
97
+ retry_codes: [14, 4]
98
+ }
99
+
100
+ default_config.rpcs.sign_jwt.timeout = 60.0
101
+ default_config.rpcs.sign_jwt.retry_policy = {
102
+ initial_delay: 0.1,
103
+ max_delay: 60.0,
104
+ multiplier: 1.3,
105
+ retry_codes: [14, 4]
106
+ }
107
+
108
+ default_config
109
+ end
110
+ yield @configure if block_given?
111
+ @configure
112
+ end
113
+
114
+ ##
115
+ # Configure the IAMCredentials Client instance.
116
+ #
117
+ # The configuration is set to the derived mode, meaning that values can be changed,
118
+ # but structural changes (adding new fields, etc.) are not allowed. Structural changes
119
+ # should be made on {Client.configure}.
120
+ #
121
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Client::Configuration}
122
+ # for a description of the configuration fields.
123
+ #
124
+ # @yield [config] Configure the Client client.
125
+ # @yieldparam config [Client::Configuration]
126
+ #
127
+ # @return [Client::Configuration]
128
+ #
129
+ def configure
130
+ yield @config if block_given?
131
+ @config
132
+ end
133
+
134
+ ##
135
+ # Create a new IAMCredentials client object.
136
+ #
137
+ # ## Examples
138
+ #
139
+ # To create a new IAMCredentials client with the default
140
+ # configuration:
141
+ #
142
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new
143
+ #
144
+ # To create a new IAMCredentials client with a custom
145
+ # configuration:
146
+ #
147
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new do |config|
148
+ # config.timeout = 10.0
149
+ # end
150
+ #
151
+ # @yield [config] Configure the IAMCredentials client.
152
+ # @yieldparam config [Client::Configuration]
153
+ #
154
+ def initialize
155
+ # These require statements are intentionally placed here to initialize
156
+ # the gRPC module only when it's required.
157
+ # See https://github.com/googleapis/toolkit/issues/446
158
+ require "gapic/grpc"
159
+ require "google/iam/credentials/v1/iamcredentials_services_pb"
160
+
161
+ # Create the configuration object
162
+ @config = Configuration.new Client.configure
163
+
164
+ # Yield the configuration if needed
165
+ yield @config if block_given?
166
+
167
+ # Create credentials
168
+ credentials = @config.credentials
169
+ credentials ||= Credentials.default scope: @config.scope
170
+ if credentials.is_a?(String) || credentials.is_a?(Hash)
171
+ credentials = Credentials.new credentials, scope: @config.scope
172
+ end
173
+ @quota_project_id = @config.quota_project
174
+ @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
175
+
176
+ @iam_credentials_stub = ::Gapic::ServiceStub.new(
177
+ ::Google::Iam::Credentials::V1::IAMCredentials::Stub,
178
+ credentials: credentials,
179
+ endpoint: @config.endpoint,
180
+ channel_args: @config.channel_args,
181
+ interceptors: @config.interceptors
182
+ )
183
+ end
184
+
185
+ # Service calls
186
+
187
+ ##
188
+ # Generates an OAuth 2.0 access token for a service account.
189
+ #
190
+ # @overload generate_access_token(request, options = nil)
191
+ # Pass arguments to `generate_access_token` via a request object, either of type
192
+ # {::Google::Iam::Credentials::V1::GenerateAccessTokenRequest} or an equivalent Hash.
193
+ #
194
+ # @param request [::Google::Iam::Credentials::V1::GenerateAccessTokenRequest, ::Hash]
195
+ # A request object representing the call parameters. Required. To specify no
196
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
197
+ # @param options [::Gapic::CallOptions, ::Hash]
198
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
199
+ #
200
+ # @overload generate_access_token(name: nil, delegates: nil, scope: nil, lifetime: nil)
201
+ # Pass arguments to `generate_access_token` via keyword arguments. Note that at
202
+ # least one keyword argument is required. To specify no parameters, or to keep all
203
+ # the default parameter values, pass an empty Hash as a request object (see above).
204
+ #
205
+ # @param name [::String]
206
+ # Required. The resource name of the service account for which the credentials
207
+ # are requested, in the following format:
208
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
209
+ # character is required; replacing it with a project ID is invalid.
210
+ # @param delegates [::Array<::String>]
211
+ # The sequence of service accounts in a delegation chain. Each service
212
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
213
+ # on its next service account in the chain. The last service account in the
214
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
215
+ # on the service account that is specified in the `name` field of the
216
+ # request.
217
+ #
218
+ # The delegates must have the following format:
219
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
220
+ # character is required; replacing it with a project ID is invalid.
221
+ # @param scope [::Array<::String>]
222
+ # Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
223
+ # See https://developers.google.com/identity/protocols/googlescopes for more
224
+ # information.
225
+ # At least one value required.
226
+ # @param lifetime [::Google::Protobuf::Duration, ::Hash]
227
+ # The desired lifetime duration of the access token in seconds.
228
+ # Must be set to a value less than or equal to 3600 (1 hour). If a value is
229
+ # not specified, the token's lifetime will be set to a default value of one
230
+ # hour.
231
+ #
232
+ # @yield [response, operation] Access the result along with the RPC operation
233
+ # @yieldparam response [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
234
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
235
+ #
236
+ # @return [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
237
+ #
238
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
239
+ #
240
+ def generate_access_token request, options = nil
241
+ raise ::ArgumentError, "request must be provided" if request.nil?
242
+
243
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateAccessTokenRequest
244
+
245
+ # Converts hash and nil to an options object
246
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
247
+
248
+ # Customize the options with defaults
249
+ metadata = @config.rpcs.generate_access_token.metadata.to_h
250
+
251
+ # Set x-goog-api-client and x-goog-user-project headers
252
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
253
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
254
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
255
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
256
+
257
+ header_params = {
258
+ "name" => request.name
259
+ }
260
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
261
+ metadata[:"x-goog-request-params"] ||= request_params_header
262
+
263
+ options.apply_defaults timeout: @config.rpcs.generate_access_token.timeout,
264
+ metadata: metadata,
265
+ retry_policy: @config.rpcs.generate_access_token.retry_policy
266
+ options.apply_defaults metadata: @config.metadata,
267
+ retry_policy: @config.retry_policy
268
+
269
+ @iam_credentials_stub.call_rpc :generate_access_token, request, options: options do |response, operation|
270
+ yield response, operation if block_given?
271
+ return response
272
+ end
273
+ rescue ::GRPC::BadStatus => e
274
+ raise ::Google::Cloud::Error.from_error(e)
275
+ end
276
+
277
+ ##
278
+ # Generates an OpenID Connect ID token for a service account.
279
+ #
280
+ # @overload generate_id_token(request, options = nil)
281
+ # Pass arguments to `generate_id_token` via a request object, either of type
282
+ # {::Google::Iam::Credentials::V1::GenerateIdTokenRequest} or an equivalent Hash.
283
+ #
284
+ # @param request [::Google::Iam::Credentials::V1::GenerateIdTokenRequest, ::Hash]
285
+ # A request object representing the call parameters. Required. To specify no
286
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
287
+ # @param options [::Gapic::CallOptions, ::Hash]
288
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
289
+ #
290
+ # @overload generate_id_token(name: nil, delegates: nil, audience: nil, include_email: nil)
291
+ # Pass arguments to `generate_id_token` via keyword arguments. Note that at
292
+ # least one keyword argument is required. To specify no parameters, or to keep all
293
+ # the default parameter values, pass an empty Hash as a request object (see above).
294
+ #
295
+ # @param name [::String]
296
+ # Required. The resource name of the service account for which the credentials
297
+ # are requested, in the following format:
298
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
299
+ # character is required; replacing it with a project ID is invalid.
300
+ # @param delegates [::Array<::String>]
301
+ # The sequence of service accounts in a delegation chain. Each service
302
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
303
+ # on its next service account in the chain. The last service account in the
304
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
305
+ # on the service account that is specified in the `name` field of the
306
+ # request.
307
+ #
308
+ # The delegates must have the following format:
309
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
310
+ # character is required; replacing it with a project ID is invalid.
311
+ # @param audience [::String]
312
+ # Required. The audience for the token, such as the API or account that this token
313
+ # grants access to.
314
+ # @param include_email [::Boolean]
315
+ # Include the service account email in the token. If set to `true`, the
316
+ # token will contain `email` and `email_verified` claims.
317
+ #
318
+ # @yield [response, operation] Access the result along with the RPC operation
319
+ # @yieldparam response [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
320
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
321
+ #
322
+ # @return [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
323
+ #
324
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
325
+ #
326
+ def generate_id_token request, options = nil
327
+ raise ::ArgumentError, "request must be provided" if request.nil?
328
+
329
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateIdTokenRequest
330
+
331
+ # Converts hash and nil to an options object
332
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
333
+
334
+ # Customize the options with defaults
335
+ metadata = @config.rpcs.generate_id_token.metadata.to_h
336
+
337
+ # Set x-goog-api-client and x-goog-user-project headers
338
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
339
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
340
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
341
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
342
+
343
+ header_params = {
344
+ "name" => request.name
345
+ }
346
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
347
+ metadata[:"x-goog-request-params"] ||= request_params_header
348
+
349
+ options.apply_defaults timeout: @config.rpcs.generate_id_token.timeout,
350
+ metadata: metadata,
351
+ retry_policy: @config.rpcs.generate_id_token.retry_policy
352
+ options.apply_defaults metadata: @config.metadata,
353
+ retry_policy: @config.retry_policy
354
+
355
+ @iam_credentials_stub.call_rpc :generate_id_token, request, options: options do |response, operation|
356
+ yield response, operation if block_given?
357
+ return response
358
+ end
359
+ rescue ::GRPC::BadStatus => e
360
+ raise ::Google::Cloud::Error.from_error(e)
361
+ end
362
+
363
+ ##
364
+ # Signs a blob using a service account's system-managed private key.
365
+ #
366
+ # @overload sign_blob(request, options = nil)
367
+ # Pass arguments to `sign_blob` via a request object, either of type
368
+ # {::Google::Iam::Credentials::V1::SignBlobRequest} or an equivalent Hash.
369
+ #
370
+ # @param request [::Google::Iam::Credentials::V1::SignBlobRequest, ::Hash]
371
+ # A request object representing the call parameters. Required. To specify no
372
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
373
+ # @param options [::Gapic::CallOptions, ::Hash]
374
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
375
+ #
376
+ # @overload sign_blob(name: nil, delegates: nil, payload: nil)
377
+ # Pass arguments to `sign_blob` via keyword arguments. Note that at
378
+ # least one keyword argument is required. To specify no parameters, or to keep all
379
+ # the default parameter values, pass an empty Hash as a request object (see above).
380
+ #
381
+ # @param name [::String]
382
+ # Required. The resource name of the service account for which the credentials
383
+ # are requested, in the following format:
384
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
385
+ # character is required; replacing it with a project ID is invalid.
386
+ # @param delegates [::Array<::String>]
387
+ # The sequence of service accounts in a delegation chain. Each service
388
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
389
+ # on its next service account in the chain. The last service account in the
390
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
391
+ # on the service account that is specified in the `name` field of the
392
+ # request.
393
+ #
394
+ # The delegates must have the following format:
395
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
396
+ # character is required; replacing it with a project ID is invalid.
397
+ # @param payload [::String]
398
+ # Required. The bytes to sign.
399
+ #
400
+ # @yield [response, operation] Access the result along with the RPC operation
401
+ # @yieldparam response [::Google::Iam::Credentials::V1::SignBlobResponse]
402
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
403
+ #
404
+ # @return [::Google::Iam::Credentials::V1::SignBlobResponse]
405
+ #
406
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
407
+ #
408
+ def sign_blob request, options = nil
409
+ raise ::ArgumentError, "request must be provided" if request.nil?
410
+
411
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignBlobRequest
412
+
413
+ # Converts hash and nil to an options object
414
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
415
+
416
+ # Customize the options with defaults
417
+ metadata = @config.rpcs.sign_blob.metadata.to_h
418
+
419
+ # Set x-goog-api-client and x-goog-user-project headers
420
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
421
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
422
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
423
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
424
+
425
+ header_params = {
426
+ "name" => request.name
427
+ }
428
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
429
+ metadata[:"x-goog-request-params"] ||= request_params_header
430
+
431
+ options.apply_defaults timeout: @config.rpcs.sign_blob.timeout,
432
+ metadata: metadata,
433
+ retry_policy: @config.rpcs.sign_blob.retry_policy
434
+ options.apply_defaults metadata: @config.metadata,
435
+ retry_policy: @config.retry_policy
436
+
437
+ @iam_credentials_stub.call_rpc :sign_blob, request, options: options do |response, operation|
438
+ yield response, operation if block_given?
439
+ return response
440
+ end
441
+ rescue ::GRPC::BadStatus => e
442
+ raise ::Google::Cloud::Error.from_error(e)
443
+ end
444
+
445
+ ##
446
+ # Signs a JWT using a service account's system-managed private key.
447
+ #
448
+ # @overload sign_jwt(request, options = nil)
449
+ # Pass arguments to `sign_jwt` via a request object, either of type
450
+ # {::Google::Iam::Credentials::V1::SignJwtRequest} or an equivalent Hash.
451
+ #
452
+ # @param request [::Google::Iam::Credentials::V1::SignJwtRequest, ::Hash]
453
+ # A request object representing the call parameters. Required. To specify no
454
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
455
+ # @param options [::Gapic::CallOptions, ::Hash]
456
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
457
+ #
458
+ # @overload sign_jwt(name: nil, delegates: nil, payload: nil)
459
+ # Pass arguments to `sign_jwt` via keyword arguments. Note that at
460
+ # least one keyword argument is required. To specify no parameters, or to keep all
461
+ # the default parameter values, pass an empty Hash as a request object (see above).
462
+ #
463
+ # @param name [::String]
464
+ # Required. The resource name of the service account for which the credentials
465
+ # are requested, in the following format:
466
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
467
+ # character is required; replacing it with a project ID is invalid.
468
+ # @param delegates [::Array<::String>]
469
+ # The sequence of service accounts in a delegation chain. Each service
470
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
471
+ # on its next service account in the chain. The last service account in the
472
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
473
+ # on the service account that is specified in the `name` field of the
474
+ # request.
475
+ #
476
+ # The delegates must have the following format:
477
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
478
+ # character is required; replacing it with a project ID is invalid.
479
+ # @param payload [::String]
480
+ # Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
481
+ #
482
+ # @yield [response, operation] Access the result along with the RPC operation
483
+ # @yieldparam response [::Google::Iam::Credentials::V1::SignJwtResponse]
484
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
485
+ #
486
+ # @return [::Google::Iam::Credentials::V1::SignJwtResponse]
487
+ #
488
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
489
+ #
490
+ def sign_jwt request, options = nil
491
+ raise ::ArgumentError, "request must be provided" if request.nil?
492
+
493
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignJwtRequest
494
+
495
+ # Converts hash and nil to an options object
496
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
497
+
498
+ # Customize the options with defaults
499
+ metadata = @config.rpcs.sign_jwt.metadata.to_h
500
+
501
+ # Set x-goog-api-client and x-goog-user-project headers
502
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
503
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
504
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
505
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
506
+
507
+ header_params = {
508
+ "name" => request.name
509
+ }
510
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
511
+ metadata[:"x-goog-request-params"] ||= request_params_header
512
+
513
+ options.apply_defaults timeout: @config.rpcs.sign_jwt.timeout,
514
+ metadata: metadata,
515
+ retry_policy: @config.rpcs.sign_jwt.retry_policy
516
+ options.apply_defaults metadata: @config.metadata,
517
+ retry_policy: @config.retry_policy
518
+
519
+ @iam_credentials_stub.call_rpc :sign_jwt, request, options: options do |response, operation|
520
+ yield response, operation if block_given?
521
+ return response
522
+ end
523
+ rescue ::GRPC::BadStatus => e
524
+ raise ::Google::Cloud::Error.from_error(e)
525
+ end
526
+
527
+ ##
528
+ # Configuration class for the IAMCredentials API.
529
+ #
530
+ # This class represents the configuration for IAMCredentials,
531
+ # providing control over timeouts, retry behavior, logging, transport
532
+ # parameters, and other low-level controls. Certain parameters can also be
533
+ # applied individually to specific RPCs. See
534
+ # {::Google::Iam::Credentials::V1::IAMCredentials::Client::Configuration::Rpcs}
535
+ # for a list of RPCs that can be configured independently.
536
+ #
537
+ # Configuration can be applied globally to all clients, or to a single client
538
+ # on construction.
539
+ #
540
+ # # Examples
541
+ #
542
+ # To modify the global config, setting the timeout for generate_access_token
543
+ # to 20 seconds, and all remaining timeouts to 10 seconds:
544
+ #
545
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Client.configure do |config|
546
+ # config.timeout = 10.0
547
+ # config.rpcs.generate_access_token.timeout = 20.0
548
+ # end
549
+ #
550
+ # To apply the above configuration only to a new client:
551
+ #
552
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new do |config|
553
+ # config.timeout = 10.0
554
+ # config.rpcs.generate_access_token.timeout = 20.0
555
+ # end
556
+ #
557
+ # @!attribute [rw] endpoint
558
+ # The hostname or hostname:port of the service endpoint.
559
+ # Defaults to `"iamcredentials.googleapis.com"`.
560
+ # @return [::String]
561
+ # @!attribute [rw] credentials
562
+ # Credentials to send with calls. You may provide any of the following types:
563
+ # * (`String`) The path to a service account key file in JSON format
564
+ # * (`Hash`) A service account key as a Hash
565
+ # * (`Google::Auth::Credentials`) A googleauth credentials object
566
+ # (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
567
+ # * (`Signet::OAuth2::Client`) A signet oauth2 client object
568
+ # (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
569
+ # * (`GRPC::Core::Channel`) a gRPC channel with included credentials
570
+ # * (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
571
+ # * (`nil`) indicating no credentials
572
+ # @return [::Object]
573
+ # @!attribute [rw] scope
574
+ # The OAuth scopes
575
+ # @return [::Array<::String>]
576
+ # @!attribute [rw] lib_name
577
+ # The library name as recorded in instrumentation and logging
578
+ # @return [::String]
579
+ # @!attribute [rw] lib_version
580
+ # The library version as recorded in instrumentation and logging
581
+ # @return [::String]
582
+ # @!attribute [rw] channel_args
583
+ # Extra parameters passed to the gRPC channel. Note: this is ignored if a
584
+ # `GRPC::Core::Channel` object is provided as the credential.
585
+ # @return [::Hash]
586
+ # @!attribute [rw] interceptors
587
+ # An array of interceptors that are run before calls are executed.
588
+ # @return [::Array<::GRPC::ClientInterceptor>]
589
+ # @!attribute [rw] timeout
590
+ # The call timeout in seconds.
591
+ # @return [::Numeric]
592
+ # @!attribute [rw] metadata
593
+ # Additional gRPC headers to be sent with the call.
594
+ # @return [::Hash{::Symbol=>::String}]
595
+ # @!attribute [rw] retry_policy
596
+ # The retry policy. The value is a hash with the following keys:
597
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
598
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
599
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
600
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
601
+ # trigger a retry.
602
+ # @return [::Hash]
603
+ # @!attribute [rw] quota_project
604
+ # A separate project against which to charge quota.
605
+ # @return [::String]
606
+ #
607
+ class Configuration
608
+ extend ::Gapic::Config
609
+
610
+ config_attr :endpoint, "iamcredentials.googleapis.com", ::String
611
+ config_attr :credentials, nil do |value|
612
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
613
+ allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
614
+ allowed.any? { |klass| klass === value }
615
+ end
616
+ config_attr :scope, nil, ::String, ::Array, nil
617
+ config_attr :lib_name, nil, ::String, nil
618
+ config_attr :lib_version, nil, ::String, nil
619
+ config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
620
+ config_attr :interceptors, nil, ::Array, nil
621
+ config_attr :timeout, nil, ::Numeric, nil
622
+ config_attr :metadata, nil, ::Hash, nil
623
+ config_attr :retry_policy, nil, ::Hash, ::Proc, nil
624
+ config_attr :quota_project, nil, ::String, nil
625
+
626
+ # @private
627
+ def initialize parent_config = nil
628
+ @parent_config = parent_config unless parent_config.nil?
629
+
630
+ yield self if block_given?
631
+ end
632
+
633
+ ##
634
+ # Configurations for individual RPCs
635
+ # @return [Rpcs]
636
+ #
637
+ def rpcs
638
+ @rpcs ||= begin
639
+ parent_rpcs = nil
640
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
641
+ Rpcs.new parent_rpcs
642
+ end
643
+ end
644
+
645
+ ##
646
+ # Configuration RPC class for the IAMCredentials API.
647
+ #
648
+ # Includes fields providing the configuration for each RPC in this service.
649
+ # Each configuration object is of type `Gapic::Config::Method` and includes
650
+ # the following configuration fields:
651
+ #
652
+ # * `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
653
+ # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
654
+ # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
655
+ # include the following keys:
656
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
657
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
658
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
659
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
660
+ # trigger a retry.
661
+ #
662
+ class Rpcs
663
+ ##
664
+ # RPC-specific configuration for `generate_access_token`
665
+ # @return [::Gapic::Config::Method]
666
+ #
667
+ attr_reader :generate_access_token
668
+ ##
669
+ # RPC-specific configuration for `generate_id_token`
670
+ # @return [::Gapic::Config::Method]
671
+ #
672
+ attr_reader :generate_id_token
673
+ ##
674
+ # RPC-specific configuration for `sign_blob`
675
+ # @return [::Gapic::Config::Method]
676
+ #
677
+ attr_reader :sign_blob
678
+ ##
679
+ # RPC-specific configuration for `sign_jwt`
680
+ # @return [::Gapic::Config::Method]
681
+ #
682
+ attr_reader :sign_jwt
683
+
684
+ # @private
685
+ def initialize parent_rpcs = nil
686
+ generate_access_token_config = parent_rpcs&.generate_access_token if parent_rpcs&.respond_to? :generate_access_token
687
+ @generate_access_token = ::Gapic::Config::Method.new generate_access_token_config
688
+ generate_id_token_config = parent_rpcs&.generate_id_token if parent_rpcs&.respond_to? :generate_id_token
689
+ @generate_id_token = ::Gapic::Config::Method.new generate_id_token_config
690
+ sign_blob_config = parent_rpcs&.sign_blob if parent_rpcs&.respond_to? :sign_blob
691
+ @sign_blob = ::Gapic::Config::Method.new sign_blob_config
692
+ sign_jwt_config = parent_rpcs&.sign_jwt if parent_rpcs&.respond_to? :sign_jwt
693
+ @sign_jwt = ::Gapic::Config::Method.new sign_jwt_config
694
+
695
+ yield self if block_given?
696
+ end
697
+ end
698
+ end
699
+ end
700
+ end
701
+ end
702
+ end
703
+ end
704
+ end