google-iam-credentials-v1 0.3.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,655 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2023 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/errors"
20
+ require "google/iam/credentials/v1/iamcredentials_pb"
21
+ require "google/iam/credentials/v1/iam_credentials/rest/service_stub"
22
+
23
+ module Google
24
+ module Iam
25
+ module Credentials
26
+ module V1
27
+ module IAMCredentials
28
+ module Rest
29
+ ##
30
+ # REST client for the IAMCredentials service.
31
+ #
32
+ # A service account is a special type of Google account that belongs to your
33
+ # application or a virtual machine (VM), instead of to an individual end user.
34
+ # Your application assumes the identity of the service account to call Google
35
+ # APIs, so that the users aren't directly involved.
36
+ #
37
+ # Service account credentials are used to temporarily assume the identity
38
+ # of the service account. Supported credential types include OAuth 2.0 access
39
+ # tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
40
+ # more.
41
+ #
42
+ class Client
43
+ include Paths
44
+
45
+ # @private
46
+ attr_reader :iam_credentials_stub
47
+
48
+ ##
49
+ # Configure the IAMCredentials Client class.
50
+ #
51
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client::Configuration}
52
+ # for a description of the configuration fields.
53
+ #
54
+ # @example
55
+ #
56
+ # # Modify the configuration for all IAMCredentials clients
57
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.configure do |config|
58
+ # config.timeout = 10.0
59
+ # end
60
+ #
61
+ # @yield [config] Configure the Client client.
62
+ # @yieldparam config [Client::Configuration]
63
+ #
64
+ # @return [Client::Configuration]
65
+ #
66
+ def self.configure
67
+ @configure ||= begin
68
+ namespace = ["Google", "Iam", "Credentials", "V1"]
69
+ parent_config = while namespace.any?
70
+ parent_name = namespace.join "::"
71
+ parent_const = const_get parent_name
72
+ break parent_const.configure if parent_const.respond_to? :configure
73
+ namespace.pop
74
+ end
75
+ default_config = Client::Configuration.new parent_config
76
+
77
+ default_config.rpcs.generate_access_token.timeout = 60.0
78
+ default_config.rpcs.generate_access_token.retry_policy = {
79
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
80
+ }
81
+
82
+ default_config.rpcs.generate_id_token.timeout = 60.0
83
+ default_config.rpcs.generate_id_token.retry_policy = {
84
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
85
+ }
86
+
87
+ default_config.rpcs.sign_blob.timeout = 60.0
88
+ default_config.rpcs.sign_blob.retry_policy = {
89
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
90
+ }
91
+
92
+ default_config.rpcs.sign_jwt.timeout = 60.0
93
+ default_config.rpcs.sign_jwt.retry_policy = {
94
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
95
+ }
96
+
97
+ default_config
98
+ end
99
+ yield @configure if block_given?
100
+ @configure
101
+ end
102
+
103
+ ##
104
+ # Configure the IAMCredentials Client instance.
105
+ #
106
+ # The configuration is set to the derived mode, meaning that values can be changed,
107
+ # but structural changes (adding new fields, etc.) are not allowed. Structural changes
108
+ # should be made on {Client.configure}.
109
+ #
110
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client::Configuration}
111
+ # for a description of the configuration fields.
112
+ #
113
+ # @yield [config] Configure the Client client.
114
+ # @yieldparam config [Client::Configuration]
115
+ #
116
+ # @return [Client::Configuration]
117
+ #
118
+ def configure
119
+ yield @config if block_given?
120
+ @config
121
+ end
122
+
123
+ ##
124
+ # Create a new IAMCredentials REST client object.
125
+ #
126
+ # @example
127
+ #
128
+ # # Create a client using the default configuration
129
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.new
130
+ #
131
+ # # Create a client using a custom configuration
132
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.new do |config|
133
+ # config.timeout = 10.0
134
+ # end
135
+ #
136
+ # @yield [config] Configure the IAMCredentials client.
137
+ # @yieldparam config [Client::Configuration]
138
+ #
139
+ def initialize
140
+ # Create the configuration object
141
+ @config = Configuration.new Client.configure
142
+
143
+ # Yield the configuration if needed
144
+ yield @config if block_given?
145
+
146
+ # Create credentials
147
+ credentials = @config.credentials
148
+ # Use self-signed JWT if the endpoint is unchanged from default,
149
+ # but only if the default endpoint does not have a region prefix.
150
+ enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
151
+ !@config.endpoint.split(".").first.include?("-")
152
+ credentials ||= Credentials.default scope: @config.scope,
153
+ enable_self_signed_jwt: enable_self_signed_jwt
154
+ if credentials.is_a?(::String) || credentials.is_a?(::Hash)
155
+ credentials = Credentials.new credentials, scope: @config.scope
156
+ end
157
+
158
+ @quota_project_id = @config.quota_project
159
+ @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
160
+
161
+ @iam_credentials_stub = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
162
+ end
163
+
164
+ # Service calls
165
+
166
+ ##
167
+ # Generates an OAuth 2.0 access token for a service account.
168
+ #
169
+ # @overload generate_access_token(request, options = nil)
170
+ # Pass arguments to `generate_access_token` via a request object, either of type
171
+ # {::Google::Iam::Credentials::V1::GenerateAccessTokenRequest} or an equivalent Hash.
172
+ #
173
+ # @param request [::Google::Iam::Credentials::V1::GenerateAccessTokenRequest, ::Hash]
174
+ # A request object representing the call parameters. Required. To specify no
175
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
176
+ # @param options [::Gapic::CallOptions, ::Hash]
177
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
178
+ #
179
+ # @overload generate_access_token(name: nil, delegates: nil, scope: nil, lifetime: nil)
180
+ # Pass arguments to `generate_access_token` via keyword arguments. Note that at
181
+ # least one keyword argument is required. To specify no parameters, or to keep all
182
+ # the default parameter values, pass an empty Hash as a request object (see above).
183
+ #
184
+ # @param name [::String]
185
+ # Required. The resource name of the service account for which the credentials
186
+ # are requested, in the following format:
187
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
188
+ # character is required; replacing it with a project ID is invalid.
189
+ # @param delegates [::Array<::String>]
190
+ # The sequence of service accounts in a delegation chain. Each service
191
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
192
+ # on its next service account in the chain. The last service account in the
193
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
194
+ # on the service account that is specified in the `name` field of the
195
+ # request.
196
+ #
197
+ # The delegates must have the following format:
198
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
199
+ # character is required; replacing it with a project ID is invalid.
200
+ # @param scope [::Array<::String>]
201
+ # Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
202
+ # See https://developers.google.com/identity/protocols/googlescopes for more
203
+ # information.
204
+ # At least one value required.
205
+ # @param lifetime [::Google::Protobuf::Duration, ::Hash]
206
+ # The desired lifetime duration of the access token in seconds.
207
+ # Must be set to a value less than or equal to 3600 (1 hour). If a value is
208
+ # not specified, the token's lifetime will be set to a default value of one
209
+ # hour.
210
+ # @yield [result, operation] Access the result along with the TransportOperation object
211
+ # @yieldparam result [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
212
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
213
+ #
214
+ # @return [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
215
+ #
216
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
217
+ def generate_access_token request, options = nil
218
+ raise ::ArgumentError, "request must be provided" if request.nil?
219
+
220
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateAccessTokenRequest
221
+
222
+ # Converts hash and nil to an options object
223
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
224
+
225
+ # Customize the options with defaults
226
+ call_metadata = @config.rpcs.generate_access_token.metadata.to_h
227
+
228
+ # Set x-goog-api-client and x-goog-user-project headers
229
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
230
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
231
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
232
+ transports_version_send: [:rest]
233
+
234
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
235
+
236
+ options.apply_defaults timeout: @config.rpcs.generate_access_token.timeout,
237
+ metadata: call_metadata,
238
+ retry_policy: @config.rpcs.generate_access_token.retry_policy
239
+
240
+ options.apply_defaults timeout: @config.timeout,
241
+ metadata: @config.metadata,
242
+ retry_policy: @config.retry_policy
243
+
244
+ @iam_credentials_stub.generate_access_token request, options do |result, operation|
245
+ yield result, operation if block_given?
246
+ return result
247
+ end
248
+ rescue ::Gapic::Rest::Error => e
249
+ raise ::Google::Cloud::Error.from_error(e)
250
+ end
251
+
252
+ ##
253
+ # Generates an OpenID Connect ID token for a service account.
254
+ #
255
+ # @overload generate_id_token(request, options = nil)
256
+ # Pass arguments to `generate_id_token` via a request object, either of type
257
+ # {::Google::Iam::Credentials::V1::GenerateIdTokenRequest} or an equivalent Hash.
258
+ #
259
+ # @param request [::Google::Iam::Credentials::V1::GenerateIdTokenRequest, ::Hash]
260
+ # A request object representing the call parameters. Required. To specify no
261
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
262
+ # @param options [::Gapic::CallOptions, ::Hash]
263
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
264
+ #
265
+ # @overload generate_id_token(name: nil, delegates: nil, audience: nil, include_email: nil)
266
+ # Pass arguments to `generate_id_token` via keyword arguments. Note that at
267
+ # least one keyword argument is required. To specify no parameters, or to keep all
268
+ # the default parameter values, pass an empty Hash as a request object (see above).
269
+ #
270
+ # @param name [::String]
271
+ # Required. The resource name of the service account for which the credentials
272
+ # are requested, in the following format:
273
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
274
+ # character is required; replacing it with a project ID is invalid.
275
+ # @param delegates [::Array<::String>]
276
+ # The sequence of service accounts in a delegation chain. Each service
277
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
278
+ # on its next service account in the chain. The last service account in the
279
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
280
+ # on the service account that is specified in the `name` field of the
281
+ # request.
282
+ #
283
+ # The delegates must have the following format:
284
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
285
+ # character is required; replacing it with a project ID is invalid.
286
+ # @param audience [::String]
287
+ # Required. The audience for the token, such as the API or account that this token
288
+ # grants access to.
289
+ # @param include_email [::Boolean]
290
+ # Include the service account email in the token. If set to `true`, the
291
+ # token will contain `email` and `email_verified` claims.
292
+ # @yield [result, operation] Access the result along with the TransportOperation object
293
+ # @yieldparam result [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
294
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
295
+ #
296
+ # @return [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
297
+ #
298
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
299
+ def generate_id_token request, options = nil
300
+ raise ::ArgumentError, "request must be provided" if request.nil?
301
+
302
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateIdTokenRequest
303
+
304
+ # Converts hash and nil to an options object
305
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
306
+
307
+ # Customize the options with defaults
308
+ call_metadata = @config.rpcs.generate_id_token.metadata.to_h
309
+
310
+ # Set x-goog-api-client and x-goog-user-project headers
311
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
312
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
313
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
314
+ transports_version_send: [:rest]
315
+
316
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
317
+
318
+ options.apply_defaults timeout: @config.rpcs.generate_id_token.timeout,
319
+ metadata: call_metadata,
320
+ retry_policy: @config.rpcs.generate_id_token.retry_policy
321
+
322
+ options.apply_defaults timeout: @config.timeout,
323
+ metadata: @config.metadata,
324
+ retry_policy: @config.retry_policy
325
+
326
+ @iam_credentials_stub.generate_id_token request, options do |result, operation|
327
+ yield result, operation if block_given?
328
+ return result
329
+ end
330
+ rescue ::Gapic::Rest::Error => e
331
+ raise ::Google::Cloud::Error.from_error(e)
332
+ end
333
+
334
+ ##
335
+ # Signs a blob using a service account's system-managed private key.
336
+ #
337
+ # @overload sign_blob(request, options = nil)
338
+ # Pass arguments to `sign_blob` via a request object, either of type
339
+ # {::Google::Iam::Credentials::V1::SignBlobRequest} or an equivalent Hash.
340
+ #
341
+ # @param request [::Google::Iam::Credentials::V1::SignBlobRequest, ::Hash]
342
+ # A request object representing the call parameters. Required. To specify no
343
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
344
+ # @param options [::Gapic::CallOptions, ::Hash]
345
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
346
+ #
347
+ # @overload sign_blob(name: nil, delegates: nil, payload: nil)
348
+ # Pass arguments to `sign_blob` via keyword arguments. Note that at
349
+ # least one keyword argument is required. To specify no parameters, or to keep all
350
+ # the default parameter values, pass an empty Hash as a request object (see above).
351
+ #
352
+ # @param name [::String]
353
+ # Required. The resource name of the service account for which the credentials
354
+ # are requested, in the following format:
355
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
356
+ # character is required; replacing it with a project ID is invalid.
357
+ # @param delegates [::Array<::String>]
358
+ # The sequence of service accounts in a delegation chain. Each service
359
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
360
+ # on its next service account in the chain. The last service account in the
361
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
362
+ # on the service account that is specified in the `name` field of the
363
+ # request.
364
+ #
365
+ # The delegates must have the following format:
366
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
367
+ # character is required; replacing it with a project ID is invalid.
368
+ # @param payload [::String]
369
+ # Required. The bytes to sign.
370
+ # @yield [result, operation] Access the result along with the TransportOperation object
371
+ # @yieldparam result [::Google::Iam::Credentials::V1::SignBlobResponse]
372
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
373
+ #
374
+ # @return [::Google::Iam::Credentials::V1::SignBlobResponse]
375
+ #
376
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
377
+ def sign_blob request, options = nil
378
+ raise ::ArgumentError, "request must be provided" if request.nil?
379
+
380
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignBlobRequest
381
+
382
+ # Converts hash and nil to an options object
383
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
384
+
385
+ # Customize the options with defaults
386
+ call_metadata = @config.rpcs.sign_blob.metadata.to_h
387
+
388
+ # Set x-goog-api-client and x-goog-user-project headers
389
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
390
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
391
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
392
+ transports_version_send: [:rest]
393
+
394
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
395
+
396
+ options.apply_defaults timeout: @config.rpcs.sign_blob.timeout,
397
+ metadata: call_metadata,
398
+ retry_policy: @config.rpcs.sign_blob.retry_policy
399
+
400
+ options.apply_defaults timeout: @config.timeout,
401
+ metadata: @config.metadata,
402
+ retry_policy: @config.retry_policy
403
+
404
+ @iam_credentials_stub.sign_blob request, options do |result, operation|
405
+ yield result, operation if block_given?
406
+ return result
407
+ end
408
+ rescue ::Gapic::Rest::Error => e
409
+ raise ::Google::Cloud::Error.from_error(e)
410
+ end
411
+
412
+ ##
413
+ # Signs a JWT using a service account's system-managed private key.
414
+ #
415
+ # @overload sign_jwt(request, options = nil)
416
+ # Pass arguments to `sign_jwt` via a request object, either of type
417
+ # {::Google::Iam::Credentials::V1::SignJwtRequest} or an equivalent Hash.
418
+ #
419
+ # @param request [::Google::Iam::Credentials::V1::SignJwtRequest, ::Hash]
420
+ # A request object representing the call parameters. Required. To specify no
421
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
422
+ # @param options [::Gapic::CallOptions, ::Hash]
423
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
424
+ #
425
+ # @overload sign_jwt(name: nil, delegates: nil, payload: nil)
426
+ # Pass arguments to `sign_jwt` via keyword arguments. Note that at
427
+ # least one keyword argument is required. To specify no parameters, or to keep all
428
+ # the default parameter values, pass an empty Hash as a request object (see above).
429
+ #
430
+ # @param name [::String]
431
+ # Required. The resource name of the service account for which the credentials
432
+ # are requested, in the following format:
433
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
434
+ # character is required; replacing it with a project ID is invalid.
435
+ # @param delegates [::Array<::String>]
436
+ # The sequence of service accounts in a delegation chain. Each service
437
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
438
+ # on its next service account in the chain. The last service account in the
439
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
440
+ # on the service account that is specified in the `name` field of the
441
+ # request.
442
+ #
443
+ # The delegates must have the following format:
444
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
445
+ # character is required; replacing it with a project ID is invalid.
446
+ # @param payload [::String]
447
+ # Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
448
+ # @yield [result, operation] Access the result along with the TransportOperation object
449
+ # @yieldparam result [::Google::Iam::Credentials::V1::SignJwtResponse]
450
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
451
+ #
452
+ # @return [::Google::Iam::Credentials::V1::SignJwtResponse]
453
+ #
454
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
455
+ def sign_jwt request, options = nil
456
+ raise ::ArgumentError, "request must be provided" if request.nil?
457
+
458
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignJwtRequest
459
+
460
+ # Converts hash and nil to an options object
461
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
462
+
463
+ # Customize the options with defaults
464
+ call_metadata = @config.rpcs.sign_jwt.metadata.to_h
465
+
466
+ # Set x-goog-api-client and x-goog-user-project headers
467
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
468
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
469
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
470
+ transports_version_send: [:rest]
471
+
472
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
473
+
474
+ options.apply_defaults timeout: @config.rpcs.sign_jwt.timeout,
475
+ metadata: call_metadata,
476
+ retry_policy: @config.rpcs.sign_jwt.retry_policy
477
+
478
+ options.apply_defaults timeout: @config.timeout,
479
+ metadata: @config.metadata,
480
+ retry_policy: @config.retry_policy
481
+
482
+ @iam_credentials_stub.sign_jwt request, options do |result, operation|
483
+ yield result, operation if block_given?
484
+ return result
485
+ end
486
+ rescue ::Gapic::Rest::Error => e
487
+ raise ::Google::Cloud::Error.from_error(e)
488
+ end
489
+
490
+ ##
491
+ # Configuration class for the IAMCredentials REST API.
492
+ #
493
+ # This class represents the configuration for IAMCredentials REST,
494
+ # providing control over timeouts, retry behavior, logging, transport
495
+ # parameters, and other low-level controls. Certain parameters can also be
496
+ # applied individually to specific RPCs. See
497
+ # {::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client::Configuration::Rpcs}
498
+ # for a list of RPCs that can be configured independently.
499
+ #
500
+ # Configuration can be applied globally to all clients, or to a single client
501
+ # on construction.
502
+ #
503
+ # @example
504
+ #
505
+ # # Modify the global config, setting the timeout for
506
+ # # generate_access_token to 20 seconds,
507
+ # # and all remaining timeouts to 10 seconds.
508
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.configure do |config|
509
+ # config.timeout = 10.0
510
+ # config.rpcs.generate_access_token.timeout = 20.0
511
+ # end
512
+ #
513
+ # # Apply the above configuration only to a new client.
514
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.new do |config|
515
+ # config.timeout = 10.0
516
+ # config.rpcs.generate_access_token.timeout = 20.0
517
+ # end
518
+ #
519
+ # @!attribute [rw] endpoint
520
+ # The hostname or hostname:port of the service endpoint.
521
+ # Defaults to `"iamcredentials.googleapis.com"`.
522
+ # @return [::String]
523
+ # @!attribute [rw] credentials
524
+ # Credentials to send with calls. You may provide any of the following types:
525
+ # * (`String`) The path to a service account key file in JSON format
526
+ # * (`Hash`) A service account key as a Hash
527
+ # * (`Google::Auth::Credentials`) A googleauth credentials object
528
+ # (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
529
+ # * (`Signet::OAuth2::Client`) A signet oauth2 client object
530
+ # (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
531
+ # * (`nil`) indicating no credentials
532
+ # @return [::Object]
533
+ # @!attribute [rw] scope
534
+ # The OAuth scopes
535
+ # @return [::Array<::String>]
536
+ # @!attribute [rw] lib_name
537
+ # The library name as recorded in instrumentation and logging
538
+ # @return [::String]
539
+ # @!attribute [rw] lib_version
540
+ # The library version as recorded in instrumentation and logging
541
+ # @return [::String]
542
+ # @!attribute [rw] timeout
543
+ # The call timeout in seconds.
544
+ # @return [::Numeric]
545
+ # @!attribute [rw] metadata
546
+ # Additional headers to be sent with the call.
547
+ # @return [::Hash{::Symbol=>::String}]
548
+ # @!attribute [rw] retry_policy
549
+ # The retry policy. The value is a hash with the following keys:
550
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
551
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
552
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
553
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
554
+ # trigger a retry.
555
+ # @return [::Hash]
556
+ # @!attribute [rw] quota_project
557
+ # A separate project against which to charge quota.
558
+ # @return [::String]
559
+ #
560
+ class Configuration
561
+ extend ::Gapic::Config
562
+
563
+ config_attr :endpoint, "iamcredentials.googleapis.com", ::String
564
+ config_attr :credentials, nil do |value|
565
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
566
+ allowed.any? { |klass| klass === value }
567
+ end
568
+ config_attr :scope, nil, ::String, ::Array, nil
569
+ config_attr :lib_name, nil, ::String, nil
570
+ config_attr :lib_version, nil, ::String, nil
571
+ config_attr :timeout, nil, ::Numeric, nil
572
+ config_attr :metadata, nil, ::Hash, nil
573
+ config_attr :retry_policy, nil, ::Hash, ::Proc, nil
574
+ config_attr :quota_project, nil, ::String, nil
575
+
576
+ # @private
577
+ def initialize parent_config = nil
578
+ @parent_config = parent_config unless parent_config.nil?
579
+
580
+ yield self if block_given?
581
+ end
582
+
583
+ ##
584
+ # Configurations for individual RPCs
585
+ # @return [Rpcs]
586
+ #
587
+ def rpcs
588
+ @rpcs ||= begin
589
+ parent_rpcs = nil
590
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
591
+ Rpcs.new parent_rpcs
592
+ end
593
+ end
594
+
595
+ ##
596
+ # Configuration RPC class for the IAMCredentials API.
597
+ #
598
+ # Includes fields providing the configuration for each RPC in this service.
599
+ # Each configuration object is of type `Gapic::Config::Method` and includes
600
+ # the following configuration fields:
601
+ #
602
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
603
+ # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional headers
604
+ # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
605
+ # include the following keys:
606
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
607
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
608
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
609
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
610
+ # trigger a retry.
611
+ #
612
+ class Rpcs
613
+ ##
614
+ # RPC-specific configuration for `generate_access_token`
615
+ # @return [::Gapic::Config::Method]
616
+ #
617
+ attr_reader :generate_access_token
618
+ ##
619
+ # RPC-specific configuration for `generate_id_token`
620
+ # @return [::Gapic::Config::Method]
621
+ #
622
+ attr_reader :generate_id_token
623
+ ##
624
+ # RPC-specific configuration for `sign_blob`
625
+ # @return [::Gapic::Config::Method]
626
+ #
627
+ attr_reader :sign_blob
628
+ ##
629
+ # RPC-specific configuration for `sign_jwt`
630
+ # @return [::Gapic::Config::Method]
631
+ #
632
+ attr_reader :sign_jwt
633
+
634
+ # @private
635
+ def initialize parent_rpcs = nil
636
+ generate_access_token_config = parent_rpcs.generate_access_token if parent_rpcs.respond_to? :generate_access_token
637
+ @generate_access_token = ::Gapic::Config::Method.new generate_access_token_config
638
+ generate_id_token_config = parent_rpcs.generate_id_token if parent_rpcs.respond_to? :generate_id_token
639
+ @generate_id_token = ::Gapic::Config::Method.new generate_id_token_config
640
+ sign_blob_config = parent_rpcs.sign_blob if parent_rpcs.respond_to? :sign_blob
641
+ @sign_blob = ::Gapic::Config::Method.new sign_blob_config
642
+ sign_jwt_config = parent_rpcs.sign_jwt if parent_rpcs.respond_to? :sign_jwt
643
+ @sign_jwt = ::Gapic::Config::Method.new sign_jwt_config
644
+
645
+ yield self if block_given?
646
+ end
647
+ end
648
+ end
649
+ end
650
+ end
651
+ end
652
+ end
653
+ end
654
+ end
655
+ end