google-iam-credentials-v1 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ # This gem does not autoload during Bundler.require. To load this gem,
20
+ # issue explicit require statements for the packages desired, e.g.:
21
+ # require "google/iam/credentials/v1"
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/iam/credentials/v1/iam_credentials"
20
+ require "google/iam/credentials/v1/version"
21
+
22
+ module Google
23
+ module Iam
24
+ module Credentials
25
+ ##
26
+ # To load this package, including all its services, and instantiate a client:
27
+ #
28
+ # require "google/iam/credentials/v1"
29
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new
30
+ #
31
+ module V1
32
+ end
33
+ end
34
+ end
35
+ end
36
+
37
+ helper_path = ::File.join __dir__, "v1", "_helpers.rb"
38
+ require "google/iam/credentials/v1/_helpers" if ::File.file? helper_path
@@ -0,0 +1,67 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/iam/credentials/v1/common.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ require 'google/api/field_behavior_pb'
7
+ require 'google/api/resource_pb'
8
+ require 'google/protobuf/duration_pb'
9
+ require 'google/protobuf/timestamp_pb'
10
+ Google::Protobuf::DescriptorPool.generated_pool.build do
11
+ add_file("google/iam/credentials/v1/common.proto", :syntax => :proto3) do
12
+ add_message "google.iam.credentials.v1.GenerateAccessTokenRequest" do
13
+ optional :name, :string, 1
14
+ repeated :delegates, :string, 2
15
+ repeated :scope, :string, 4
16
+ optional :lifetime, :message, 7, "google.protobuf.Duration"
17
+ end
18
+ add_message "google.iam.credentials.v1.GenerateAccessTokenResponse" do
19
+ optional :access_token, :string, 1
20
+ optional :expire_time, :message, 3, "google.protobuf.Timestamp"
21
+ end
22
+ add_message "google.iam.credentials.v1.SignBlobRequest" do
23
+ optional :name, :string, 1
24
+ repeated :delegates, :string, 3
25
+ optional :payload, :bytes, 5
26
+ end
27
+ add_message "google.iam.credentials.v1.SignBlobResponse" do
28
+ optional :key_id, :string, 1
29
+ optional :signed_blob, :bytes, 4
30
+ end
31
+ add_message "google.iam.credentials.v1.SignJwtRequest" do
32
+ optional :name, :string, 1
33
+ repeated :delegates, :string, 3
34
+ optional :payload, :string, 5
35
+ end
36
+ add_message "google.iam.credentials.v1.SignJwtResponse" do
37
+ optional :key_id, :string, 1
38
+ optional :signed_jwt, :string, 2
39
+ end
40
+ add_message "google.iam.credentials.v1.GenerateIdTokenRequest" do
41
+ optional :name, :string, 1
42
+ repeated :delegates, :string, 2
43
+ optional :audience, :string, 3
44
+ optional :include_email, :bool, 4
45
+ end
46
+ add_message "google.iam.credentials.v1.GenerateIdTokenResponse" do
47
+ optional :token, :string, 1
48
+ end
49
+ end
50
+ end
51
+
52
+ module Google
53
+ module Iam
54
+ module Credentials
55
+ module V1
56
+ GenerateAccessTokenRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateAccessTokenRequest").msgclass
57
+ GenerateAccessTokenResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateAccessTokenResponse").msgclass
58
+ SignBlobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignBlobRequest").msgclass
59
+ SignBlobResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignBlobResponse").msgclass
60
+ SignJwtRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignJwtRequest").msgclass
61
+ SignJwtResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.SignJwtResponse").msgclass
62
+ GenerateIdTokenRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateIdTokenRequest").msgclass
63
+ GenerateIdTokenResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.iam.credentials.v1.GenerateIdTokenResponse").msgclass
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "gapic/common"
20
+ require "gapic/config"
21
+ require "gapic/config/method"
22
+
23
+ require "google/iam/credentials/v1/version"
24
+
25
+ require "google/iam/credentials/v1/iam_credentials/credentials"
26
+ require "google/iam/credentials/v1/iam_credentials/paths"
27
+ require "google/iam/credentials/v1/iam_credentials/client"
28
+
29
+ module Google
30
+ module Iam
31
+ module Credentials
32
+ module V1
33
+ ##
34
+ # A service account is a special type of Google account that belongs to your
35
+ # application or a virtual machine (VM), instead of to an individual end user.
36
+ # Your application assumes the identity of the service account to call Google
37
+ # APIs, so that the users aren't directly involved.
38
+ #
39
+ # Service account credentials are used to temporarily assume the identity
40
+ # of the service account. Supported credential types include OAuth 2.0 access
41
+ # tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
42
+ # more.
43
+ #
44
+ # To load this service and instantiate a client:
45
+ #
46
+ # require "google/iam/credentials/v1/iam_credentials"
47
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new
48
+ #
49
+ module IAMCredentials
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
55
+
56
+ helper_path = ::File.join __dir__, "iam_credentials", "helpers.rb"
57
+ require "google/iam/credentials/v1/iam_credentials/helpers" if ::File.file? helper_path
@@ -0,0 +1,704 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/errors"
20
+ require "google/iam/credentials/v1/iamcredentials_pb"
21
+
22
+ module Google
23
+ module Iam
24
+ module Credentials
25
+ module V1
26
+ module IAMCredentials
27
+ ##
28
+ # Client for the IAMCredentials service.
29
+ #
30
+ # A service account is a special type of Google account that belongs to your
31
+ # application or a virtual machine (VM), instead of to an individual end user.
32
+ # Your application assumes the identity of the service account to call Google
33
+ # APIs, so that the users aren't directly involved.
34
+ #
35
+ # Service account credentials are used to temporarily assume the identity
36
+ # of the service account. Supported credential types include OAuth 2.0 access
37
+ # tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
38
+ # more.
39
+ #
40
+ class Client
41
+ include Paths
42
+
43
+ # @private
44
+ attr_reader :iam_credentials_stub
45
+
46
+ ##
47
+ # Configure the IAMCredentials Client class.
48
+ #
49
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Client::Configuration}
50
+ # for a description of the configuration fields.
51
+ #
52
+ # ## Example
53
+ #
54
+ # To modify the configuration for all IAMCredentials clients:
55
+ #
56
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Client.configure do |config|
57
+ # config.timeout = 10.0
58
+ # end
59
+ #
60
+ # @yield [config] Configure the Client client.
61
+ # @yieldparam config [Client::Configuration]
62
+ #
63
+ # @return [Client::Configuration]
64
+ #
65
+ def self.configure
66
+ @configure ||= begin
67
+ namespace = ["Google", "Iam", "Credentials", "V1"]
68
+ parent_config = while namespace.any?
69
+ parent_name = namespace.join "::"
70
+ parent_const = const_get parent_name
71
+ break parent_const.configure if parent_const&.respond_to? :configure
72
+ namespace.pop
73
+ end
74
+ default_config = Client::Configuration.new parent_config
75
+
76
+ default_config.rpcs.generate_access_token.timeout = 60.0
77
+ default_config.rpcs.generate_access_token.retry_policy = {
78
+ initial_delay: 0.1,
79
+ max_delay: 60.0,
80
+ multiplier: 1.3,
81
+ retry_codes: [14, 4]
82
+ }
83
+
84
+ default_config.rpcs.generate_id_token.timeout = 60.0
85
+ default_config.rpcs.generate_id_token.retry_policy = {
86
+ initial_delay: 0.1,
87
+ max_delay: 60.0,
88
+ multiplier: 1.3,
89
+ retry_codes: [14, 4]
90
+ }
91
+
92
+ default_config.rpcs.sign_blob.timeout = 60.0
93
+ default_config.rpcs.sign_blob.retry_policy = {
94
+ initial_delay: 0.1,
95
+ max_delay: 60.0,
96
+ multiplier: 1.3,
97
+ retry_codes: [14, 4]
98
+ }
99
+
100
+ default_config.rpcs.sign_jwt.timeout = 60.0
101
+ default_config.rpcs.sign_jwt.retry_policy = {
102
+ initial_delay: 0.1,
103
+ max_delay: 60.0,
104
+ multiplier: 1.3,
105
+ retry_codes: [14, 4]
106
+ }
107
+
108
+ default_config
109
+ end
110
+ yield @configure if block_given?
111
+ @configure
112
+ end
113
+
114
+ ##
115
+ # Configure the IAMCredentials Client instance.
116
+ #
117
+ # The configuration is set to the derived mode, meaning that values can be changed,
118
+ # but structural changes (adding new fields, etc.) are not allowed. Structural changes
119
+ # should be made on {Client.configure}.
120
+ #
121
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Client::Configuration}
122
+ # for a description of the configuration fields.
123
+ #
124
+ # @yield [config] Configure the Client client.
125
+ # @yieldparam config [Client::Configuration]
126
+ #
127
+ # @return [Client::Configuration]
128
+ #
129
+ def configure
130
+ yield @config if block_given?
131
+ @config
132
+ end
133
+
134
+ ##
135
+ # Create a new IAMCredentials client object.
136
+ #
137
+ # ## Examples
138
+ #
139
+ # To create a new IAMCredentials client with the default
140
+ # configuration:
141
+ #
142
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new
143
+ #
144
+ # To create a new IAMCredentials client with a custom
145
+ # configuration:
146
+ #
147
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new do |config|
148
+ # config.timeout = 10.0
149
+ # end
150
+ #
151
+ # @yield [config] Configure the IAMCredentials client.
152
+ # @yieldparam config [Client::Configuration]
153
+ #
154
+ def initialize
155
+ # These require statements are intentionally placed here to initialize
156
+ # the gRPC module only when it's required.
157
+ # See https://github.com/googleapis/toolkit/issues/446
158
+ require "gapic/grpc"
159
+ require "google/iam/credentials/v1/iamcredentials_services_pb"
160
+
161
+ # Create the configuration object
162
+ @config = Configuration.new Client.configure
163
+
164
+ # Yield the configuration if needed
165
+ yield @config if block_given?
166
+
167
+ # Create credentials
168
+ credentials = @config.credentials
169
+ credentials ||= Credentials.default scope: @config.scope
170
+ if credentials.is_a?(String) || credentials.is_a?(Hash)
171
+ credentials = Credentials.new credentials, scope: @config.scope
172
+ end
173
+ @quota_project_id = @config.quota_project
174
+ @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
175
+
176
+ @iam_credentials_stub = ::Gapic::ServiceStub.new(
177
+ ::Google::Iam::Credentials::V1::IAMCredentials::Stub,
178
+ credentials: credentials,
179
+ endpoint: @config.endpoint,
180
+ channel_args: @config.channel_args,
181
+ interceptors: @config.interceptors
182
+ )
183
+ end
184
+
185
+ # Service calls
186
+
187
+ ##
188
+ # Generates an OAuth 2.0 access token for a service account.
189
+ #
190
+ # @overload generate_access_token(request, options = nil)
191
+ # Pass arguments to `generate_access_token` via a request object, either of type
192
+ # {::Google::Iam::Credentials::V1::GenerateAccessTokenRequest} or an equivalent Hash.
193
+ #
194
+ # @param request [::Google::Iam::Credentials::V1::GenerateAccessTokenRequest, ::Hash]
195
+ # A request object representing the call parameters. Required. To specify no
196
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
197
+ # @param options [::Gapic::CallOptions, ::Hash]
198
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
199
+ #
200
+ # @overload generate_access_token(name: nil, delegates: nil, scope: nil, lifetime: nil)
201
+ # Pass arguments to `generate_access_token` via keyword arguments. Note that at
202
+ # least one keyword argument is required. To specify no parameters, or to keep all
203
+ # the default parameter values, pass an empty Hash as a request object (see above).
204
+ #
205
+ # @param name [::String]
206
+ # Required. The resource name of the service account for which the credentials
207
+ # are requested, in the following format:
208
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
209
+ # character is required; replacing it with a project ID is invalid.
210
+ # @param delegates [::Array<::String>]
211
+ # The sequence of service accounts in a delegation chain. Each service
212
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
213
+ # on its next service account in the chain. The last service account in the
214
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
215
+ # on the service account that is specified in the `name` field of the
216
+ # request.
217
+ #
218
+ # The delegates must have the following format:
219
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
220
+ # character is required; replacing it with a project ID is invalid.
221
+ # @param scope [::Array<::String>]
222
+ # Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
223
+ # See https://developers.google.com/identity/protocols/googlescopes for more
224
+ # information.
225
+ # At least one value required.
226
+ # @param lifetime [::Google::Protobuf::Duration, ::Hash]
227
+ # The desired lifetime duration of the access token in seconds.
228
+ # Must be set to a value less than or equal to 3600 (1 hour). If a value is
229
+ # not specified, the token's lifetime will be set to a default value of one
230
+ # hour.
231
+ #
232
+ # @yield [response, operation] Access the result along with the RPC operation
233
+ # @yieldparam response [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
234
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
235
+ #
236
+ # @return [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
237
+ #
238
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
239
+ #
240
+ def generate_access_token request, options = nil
241
+ raise ::ArgumentError, "request must be provided" if request.nil?
242
+
243
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateAccessTokenRequest
244
+
245
+ # Converts hash and nil to an options object
246
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
247
+
248
+ # Customize the options with defaults
249
+ metadata = @config.rpcs.generate_access_token.metadata.to_h
250
+
251
+ # Set x-goog-api-client and x-goog-user-project headers
252
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
253
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
254
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
255
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
256
+
257
+ header_params = {
258
+ "name" => request.name
259
+ }
260
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
261
+ metadata[:"x-goog-request-params"] ||= request_params_header
262
+
263
+ options.apply_defaults timeout: @config.rpcs.generate_access_token.timeout,
264
+ metadata: metadata,
265
+ retry_policy: @config.rpcs.generate_access_token.retry_policy
266
+ options.apply_defaults metadata: @config.metadata,
267
+ retry_policy: @config.retry_policy
268
+
269
+ @iam_credentials_stub.call_rpc :generate_access_token, request, options: options do |response, operation|
270
+ yield response, operation if block_given?
271
+ return response
272
+ end
273
+ rescue ::GRPC::BadStatus => e
274
+ raise ::Google::Cloud::Error.from_error(e)
275
+ end
276
+
277
+ ##
278
+ # Generates an OpenID Connect ID token for a service account.
279
+ #
280
+ # @overload generate_id_token(request, options = nil)
281
+ # Pass arguments to `generate_id_token` via a request object, either of type
282
+ # {::Google::Iam::Credentials::V1::GenerateIdTokenRequest} or an equivalent Hash.
283
+ #
284
+ # @param request [::Google::Iam::Credentials::V1::GenerateIdTokenRequest, ::Hash]
285
+ # A request object representing the call parameters. Required. To specify no
286
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
287
+ # @param options [::Gapic::CallOptions, ::Hash]
288
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
289
+ #
290
+ # @overload generate_id_token(name: nil, delegates: nil, audience: nil, include_email: nil)
291
+ # Pass arguments to `generate_id_token` via keyword arguments. Note that at
292
+ # least one keyword argument is required. To specify no parameters, or to keep all
293
+ # the default parameter values, pass an empty Hash as a request object (see above).
294
+ #
295
+ # @param name [::String]
296
+ # Required. The resource name of the service account for which the credentials
297
+ # are requested, in the following format:
298
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
299
+ # character is required; replacing it with a project ID is invalid.
300
+ # @param delegates [::Array<::String>]
301
+ # The sequence of service accounts in a delegation chain. Each service
302
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
303
+ # on its next service account in the chain. The last service account in the
304
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
305
+ # on the service account that is specified in the `name` field of the
306
+ # request.
307
+ #
308
+ # The delegates must have the following format:
309
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
310
+ # character is required; replacing it with a project ID is invalid.
311
+ # @param audience [::String]
312
+ # Required. The audience for the token, such as the API or account that this token
313
+ # grants access to.
314
+ # @param include_email [::Boolean]
315
+ # Include the service account email in the token. If set to `true`, the
316
+ # token will contain `email` and `email_verified` claims.
317
+ #
318
+ # @yield [response, operation] Access the result along with the RPC operation
319
+ # @yieldparam response [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
320
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
321
+ #
322
+ # @return [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
323
+ #
324
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
325
+ #
326
+ def generate_id_token request, options = nil
327
+ raise ::ArgumentError, "request must be provided" if request.nil?
328
+
329
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateIdTokenRequest
330
+
331
+ # Converts hash and nil to an options object
332
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
333
+
334
+ # Customize the options with defaults
335
+ metadata = @config.rpcs.generate_id_token.metadata.to_h
336
+
337
+ # Set x-goog-api-client and x-goog-user-project headers
338
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
339
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
340
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
341
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
342
+
343
+ header_params = {
344
+ "name" => request.name
345
+ }
346
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
347
+ metadata[:"x-goog-request-params"] ||= request_params_header
348
+
349
+ options.apply_defaults timeout: @config.rpcs.generate_id_token.timeout,
350
+ metadata: metadata,
351
+ retry_policy: @config.rpcs.generate_id_token.retry_policy
352
+ options.apply_defaults metadata: @config.metadata,
353
+ retry_policy: @config.retry_policy
354
+
355
+ @iam_credentials_stub.call_rpc :generate_id_token, request, options: options do |response, operation|
356
+ yield response, operation if block_given?
357
+ return response
358
+ end
359
+ rescue ::GRPC::BadStatus => e
360
+ raise ::Google::Cloud::Error.from_error(e)
361
+ end
362
+
363
+ ##
364
+ # Signs a blob using a service account's system-managed private key.
365
+ #
366
+ # @overload sign_blob(request, options = nil)
367
+ # Pass arguments to `sign_blob` via a request object, either of type
368
+ # {::Google::Iam::Credentials::V1::SignBlobRequest} or an equivalent Hash.
369
+ #
370
+ # @param request [::Google::Iam::Credentials::V1::SignBlobRequest, ::Hash]
371
+ # A request object representing the call parameters. Required. To specify no
372
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
373
+ # @param options [::Gapic::CallOptions, ::Hash]
374
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
375
+ #
376
+ # @overload sign_blob(name: nil, delegates: nil, payload: nil)
377
+ # Pass arguments to `sign_blob` via keyword arguments. Note that at
378
+ # least one keyword argument is required. To specify no parameters, or to keep all
379
+ # the default parameter values, pass an empty Hash as a request object (see above).
380
+ #
381
+ # @param name [::String]
382
+ # Required. The resource name of the service account for which the credentials
383
+ # are requested, in the following format:
384
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
385
+ # character is required; replacing it with a project ID is invalid.
386
+ # @param delegates [::Array<::String>]
387
+ # The sequence of service accounts in a delegation chain. Each service
388
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
389
+ # on its next service account in the chain. The last service account in the
390
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
391
+ # on the service account that is specified in the `name` field of the
392
+ # request.
393
+ #
394
+ # The delegates must have the following format:
395
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
396
+ # character is required; replacing it with a project ID is invalid.
397
+ # @param payload [::String]
398
+ # Required. The bytes to sign.
399
+ #
400
+ # @yield [response, operation] Access the result along with the RPC operation
401
+ # @yieldparam response [::Google::Iam::Credentials::V1::SignBlobResponse]
402
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
403
+ #
404
+ # @return [::Google::Iam::Credentials::V1::SignBlobResponse]
405
+ #
406
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
407
+ #
408
+ def sign_blob request, options = nil
409
+ raise ::ArgumentError, "request must be provided" if request.nil?
410
+
411
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignBlobRequest
412
+
413
+ # Converts hash and nil to an options object
414
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
415
+
416
+ # Customize the options with defaults
417
+ metadata = @config.rpcs.sign_blob.metadata.to_h
418
+
419
+ # Set x-goog-api-client and x-goog-user-project headers
420
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
421
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
422
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
423
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
424
+
425
+ header_params = {
426
+ "name" => request.name
427
+ }
428
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
429
+ metadata[:"x-goog-request-params"] ||= request_params_header
430
+
431
+ options.apply_defaults timeout: @config.rpcs.sign_blob.timeout,
432
+ metadata: metadata,
433
+ retry_policy: @config.rpcs.sign_blob.retry_policy
434
+ options.apply_defaults metadata: @config.metadata,
435
+ retry_policy: @config.retry_policy
436
+
437
+ @iam_credentials_stub.call_rpc :sign_blob, request, options: options do |response, operation|
438
+ yield response, operation if block_given?
439
+ return response
440
+ end
441
+ rescue ::GRPC::BadStatus => e
442
+ raise ::Google::Cloud::Error.from_error(e)
443
+ end
444
+
445
+ ##
446
+ # Signs a JWT using a service account's system-managed private key.
447
+ #
448
+ # @overload sign_jwt(request, options = nil)
449
+ # Pass arguments to `sign_jwt` via a request object, either of type
450
+ # {::Google::Iam::Credentials::V1::SignJwtRequest} or an equivalent Hash.
451
+ #
452
+ # @param request [::Google::Iam::Credentials::V1::SignJwtRequest, ::Hash]
453
+ # A request object representing the call parameters. Required. To specify no
454
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
455
+ # @param options [::Gapic::CallOptions, ::Hash]
456
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
457
+ #
458
+ # @overload sign_jwt(name: nil, delegates: nil, payload: nil)
459
+ # Pass arguments to `sign_jwt` via keyword arguments. Note that at
460
+ # least one keyword argument is required. To specify no parameters, or to keep all
461
+ # the default parameter values, pass an empty Hash as a request object (see above).
462
+ #
463
+ # @param name [::String]
464
+ # Required. The resource name of the service account for which the credentials
465
+ # are requested, in the following format:
466
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
467
+ # character is required; replacing it with a project ID is invalid.
468
+ # @param delegates [::Array<::String>]
469
+ # The sequence of service accounts in a delegation chain. Each service
470
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
471
+ # on its next service account in the chain. The last service account in the
472
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
473
+ # on the service account that is specified in the `name` field of the
474
+ # request.
475
+ #
476
+ # The delegates must have the following format:
477
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
478
+ # character is required; replacing it with a project ID is invalid.
479
+ # @param payload [::String]
480
+ # Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
481
+ #
482
+ # @yield [response, operation] Access the result along with the RPC operation
483
+ # @yieldparam response [::Google::Iam::Credentials::V1::SignJwtResponse]
484
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
485
+ #
486
+ # @return [::Google::Iam::Credentials::V1::SignJwtResponse]
487
+ #
488
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
489
+ #
490
+ def sign_jwt request, options = nil
491
+ raise ::ArgumentError, "request must be provided" if request.nil?
492
+
493
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignJwtRequest
494
+
495
+ # Converts hash and nil to an options object
496
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
497
+
498
+ # Customize the options with defaults
499
+ metadata = @config.rpcs.sign_jwt.metadata.to_h
500
+
501
+ # Set x-goog-api-client and x-goog-user-project headers
502
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
503
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
504
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION
505
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
506
+
507
+ header_params = {
508
+ "name" => request.name
509
+ }
510
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
511
+ metadata[:"x-goog-request-params"] ||= request_params_header
512
+
513
+ options.apply_defaults timeout: @config.rpcs.sign_jwt.timeout,
514
+ metadata: metadata,
515
+ retry_policy: @config.rpcs.sign_jwt.retry_policy
516
+ options.apply_defaults metadata: @config.metadata,
517
+ retry_policy: @config.retry_policy
518
+
519
+ @iam_credentials_stub.call_rpc :sign_jwt, request, options: options do |response, operation|
520
+ yield response, operation if block_given?
521
+ return response
522
+ end
523
+ rescue ::GRPC::BadStatus => e
524
+ raise ::Google::Cloud::Error.from_error(e)
525
+ end
526
+
527
+ ##
528
+ # Configuration class for the IAMCredentials API.
529
+ #
530
+ # This class represents the configuration for IAMCredentials,
531
+ # providing control over timeouts, retry behavior, logging, transport
532
+ # parameters, and other low-level controls. Certain parameters can also be
533
+ # applied individually to specific RPCs. See
534
+ # {::Google::Iam::Credentials::V1::IAMCredentials::Client::Configuration::Rpcs}
535
+ # for a list of RPCs that can be configured independently.
536
+ #
537
+ # Configuration can be applied globally to all clients, or to a single client
538
+ # on construction.
539
+ #
540
+ # # Examples
541
+ #
542
+ # To modify the global config, setting the timeout for generate_access_token
543
+ # to 20 seconds, and all remaining timeouts to 10 seconds:
544
+ #
545
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Client.configure do |config|
546
+ # config.timeout = 10.0
547
+ # config.rpcs.generate_access_token.timeout = 20.0
548
+ # end
549
+ #
550
+ # To apply the above configuration only to a new client:
551
+ #
552
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new do |config|
553
+ # config.timeout = 10.0
554
+ # config.rpcs.generate_access_token.timeout = 20.0
555
+ # end
556
+ #
557
+ # @!attribute [rw] endpoint
558
+ # The hostname or hostname:port of the service endpoint.
559
+ # Defaults to `"iamcredentials.googleapis.com"`.
560
+ # @return [::String]
561
+ # @!attribute [rw] credentials
562
+ # Credentials to send with calls. You may provide any of the following types:
563
+ # * (`String`) The path to a service account key file in JSON format
564
+ # * (`Hash`) A service account key as a Hash
565
+ # * (`Google::Auth::Credentials`) A googleauth credentials object
566
+ # (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
567
+ # * (`Signet::OAuth2::Client`) A signet oauth2 client object
568
+ # (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
569
+ # * (`GRPC::Core::Channel`) a gRPC channel with included credentials
570
+ # * (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
571
+ # * (`nil`) indicating no credentials
572
+ # @return [::Object]
573
+ # @!attribute [rw] scope
574
+ # The OAuth scopes
575
+ # @return [::Array<::String>]
576
+ # @!attribute [rw] lib_name
577
+ # The library name as recorded in instrumentation and logging
578
+ # @return [::String]
579
+ # @!attribute [rw] lib_version
580
+ # The library version as recorded in instrumentation and logging
581
+ # @return [::String]
582
+ # @!attribute [rw] channel_args
583
+ # Extra parameters passed to the gRPC channel. Note: this is ignored if a
584
+ # `GRPC::Core::Channel` object is provided as the credential.
585
+ # @return [::Hash]
586
+ # @!attribute [rw] interceptors
587
+ # An array of interceptors that are run before calls are executed.
588
+ # @return [::Array<::GRPC::ClientInterceptor>]
589
+ # @!attribute [rw] timeout
590
+ # The call timeout in seconds.
591
+ # @return [::Numeric]
592
+ # @!attribute [rw] metadata
593
+ # Additional gRPC headers to be sent with the call.
594
+ # @return [::Hash{::Symbol=>::String}]
595
+ # @!attribute [rw] retry_policy
596
+ # The retry policy. The value is a hash with the following keys:
597
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
598
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
599
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
600
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
601
+ # trigger a retry.
602
+ # @return [::Hash]
603
+ # @!attribute [rw] quota_project
604
+ # A separate project against which to charge quota.
605
+ # @return [::String]
606
+ #
607
+ class Configuration
608
+ extend ::Gapic::Config
609
+
610
+ config_attr :endpoint, "iamcredentials.googleapis.com", ::String
611
+ config_attr :credentials, nil do |value|
612
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
613
+ allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
614
+ allowed.any? { |klass| klass === value }
615
+ end
616
+ config_attr :scope, nil, ::String, ::Array, nil
617
+ config_attr :lib_name, nil, ::String, nil
618
+ config_attr :lib_version, nil, ::String, nil
619
+ config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
620
+ config_attr :interceptors, nil, ::Array, nil
621
+ config_attr :timeout, nil, ::Numeric, nil
622
+ config_attr :metadata, nil, ::Hash, nil
623
+ config_attr :retry_policy, nil, ::Hash, ::Proc, nil
624
+ config_attr :quota_project, nil, ::String, nil
625
+
626
+ # @private
627
+ def initialize parent_config = nil
628
+ @parent_config = parent_config unless parent_config.nil?
629
+
630
+ yield self if block_given?
631
+ end
632
+
633
+ ##
634
+ # Configurations for individual RPCs
635
+ # @return [Rpcs]
636
+ #
637
+ def rpcs
638
+ @rpcs ||= begin
639
+ parent_rpcs = nil
640
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
641
+ Rpcs.new parent_rpcs
642
+ end
643
+ end
644
+
645
+ ##
646
+ # Configuration RPC class for the IAMCredentials API.
647
+ #
648
+ # Includes fields providing the configuration for each RPC in this service.
649
+ # Each configuration object is of type `Gapic::Config::Method` and includes
650
+ # the following configuration fields:
651
+ #
652
+ # * `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
653
+ # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
654
+ # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
655
+ # include the following keys:
656
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
657
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
658
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
659
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
660
+ # trigger a retry.
661
+ #
662
+ class Rpcs
663
+ ##
664
+ # RPC-specific configuration for `generate_access_token`
665
+ # @return [::Gapic::Config::Method]
666
+ #
667
+ attr_reader :generate_access_token
668
+ ##
669
+ # RPC-specific configuration for `generate_id_token`
670
+ # @return [::Gapic::Config::Method]
671
+ #
672
+ attr_reader :generate_id_token
673
+ ##
674
+ # RPC-specific configuration for `sign_blob`
675
+ # @return [::Gapic::Config::Method]
676
+ #
677
+ attr_reader :sign_blob
678
+ ##
679
+ # RPC-specific configuration for `sign_jwt`
680
+ # @return [::Gapic::Config::Method]
681
+ #
682
+ attr_reader :sign_jwt
683
+
684
+ # @private
685
+ def initialize parent_rpcs = nil
686
+ generate_access_token_config = parent_rpcs&.generate_access_token if parent_rpcs&.respond_to? :generate_access_token
687
+ @generate_access_token = ::Gapic::Config::Method.new generate_access_token_config
688
+ generate_id_token_config = parent_rpcs&.generate_id_token if parent_rpcs&.respond_to? :generate_id_token
689
+ @generate_id_token = ::Gapic::Config::Method.new generate_id_token_config
690
+ sign_blob_config = parent_rpcs&.sign_blob if parent_rpcs&.respond_to? :sign_blob
691
+ @sign_blob = ::Gapic::Config::Method.new sign_blob_config
692
+ sign_jwt_config = parent_rpcs&.sign_jwt if parent_rpcs&.respond_to? :sign_jwt
693
+ @sign_jwt = ::Gapic::Config::Method.new sign_jwt_config
694
+
695
+ yield self if block_given?
696
+ end
697
+ end
698
+ end
699
+ end
700
+ end
701
+ end
702
+ end
703
+ end
704
+ end