google-iam-credentials-v1 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,655 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2023 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+ require "google/cloud/errors"
20
+ require "google/iam/credentials/v1/iamcredentials_pb"
21
+ require "google/iam/credentials/v1/iam_credentials/rest/service_stub"
22
+
23
+ module Google
24
+ module Iam
25
+ module Credentials
26
+ module V1
27
+ module IAMCredentials
28
+ module Rest
29
+ ##
30
+ # REST client for the IAMCredentials service.
31
+ #
32
+ # A service account is a special type of Google account that belongs to your
33
+ # application or a virtual machine (VM), instead of to an individual end user.
34
+ # Your application assumes the identity of the service account to call Google
35
+ # APIs, so that the users aren't directly involved.
36
+ #
37
+ # Service account credentials are used to temporarily assume the identity
38
+ # of the service account. Supported credential types include OAuth 2.0 access
39
+ # tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
40
+ # more.
41
+ #
42
+ class Client
43
+ include Paths
44
+
45
+ # @private
46
+ attr_reader :iam_credentials_stub
47
+
48
+ ##
49
+ # Configure the IAMCredentials Client class.
50
+ #
51
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client::Configuration}
52
+ # for a description of the configuration fields.
53
+ #
54
+ # @example
55
+ #
56
+ # # Modify the configuration for all IAMCredentials clients
57
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.configure do |config|
58
+ # config.timeout = 10.0
59
+ # end
60
+ #
61
+ # @yield [config] Configure the Client client.
62
+ # @yieldparam config [Client::Configuration]
63
+ #
64
+ # @return [Client::Configuration]
65
+ #
66
+ def self.configure
67
+ @configure ||= begin
68
+ namespace = ["Google", "Iam", "Credentials", "V1"]
69
+ parent_config = while namespace.any?
70
+ parent_name = namespace.join "::"
71
+ parent_const = const_get parent_name
72
+ break parent_const.configure if parent_const.respond_to? :configure
73
+ namespace.pop
74
+ end
75
+ default_config = Client::Configuration.new parent_config
76
+
77
+ default_config.rpcs.generate_access_token.timeout = 60.0
78
+ default_config.rpcs.generate_access_token.retry_policy = {
79
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
80
+ }
81
+
82
+ default_config.rpcs.generate_id_token.timeout = 60.0
83
+ default_config.rpcs.generate_id_token.retry_policy = {
84
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
85
+ }
86
+
87
+ default_config.rpcs.sign_blob.timeout = 60.0
88
+ default_config.rpcs.sign_blob.retry_policy = {
89
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
90
+ }
91
+
92
+ default_config.rpcs.sign_jwt.timeout = 60.0
93
+ default_config.rpcs.sign_jwt.retry_policy = {
94
+ initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
95
+ }
96
+
97
+ default_config
98
+ end
99
+ yield @configure if block_given?
100
+ @configure
101
+ end
102
+
103
+ ##
104
+ # Configure the IAMCredentials Client instance.
105
+ #
106
+ # The configuration is set to the derived mode, meaning that values can be changed,
107
+ # but structural changes (adding new fields, etc.) are not allowed. Structural changes
108
+ # should be made on {Client.configure}.
109
+ #
110
+ # See {::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client::Configuration}
111
+ # for a description of the configuration fields.
112
+ #
113
+ # @yield [config] Configure the Client client.
114
+ # @yieldparam config [Client::Configuration]
115
+ #
116
+ # @return [Client::Configuration]
117
+ #
118
+ def configure
119
+ yield @config if block_given?
120
+ @config
121
+ end
122
+
123
+ ##
124
+ # Create a new IAMCredentials REST client object.
125
+ #
126
+ # @example
127
+ #
128
+ # # Create a client using the default configuration
129
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.new
130
+ #
131
+ # # Create a client using a custom configuration
132
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.new do |config|
133
+ # config.timeout = 10.0
134
+ # end
135
+ #
136
+ # @yield [config] Configure the IAMCredentials client.
137
+ # @yieldparam config [Client::Configuration]
138
+ #
139
+ def initialize
140
+ # Create the configuration object
141
+ @config = Configuration.new Client.configure
142
+
143
+ # Yield the configuration if needed
144
+ yield @config if block_given?
145
+
146
+ # Create credentials
147
+ credentials = @config.credentials
148
+ # Use self-signed JWT if the endpoint is unchanged from default,
149
+ # but only if the default endpoint does not have a region prefix.
150
+ enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
151
+ !@config.endpoint.split(".").first.include?("-")
152
+ credentials ||= Credentials.default scope: @config.scope,
153
+ enable_self_signed_jwt: enable_self_signed_jwt
154
+ if credentials.is_a?(::String) || credentials.is_a?(::Hash)
155
+ credentials = Credentials.new credentials, scope: @config.scope
156
+ end
157
+
158
+ @quota_project_id = @config.quota_project
159
+ @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
160
+
161
+ @iam_credentials_stub = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
162
+ end
163
+
164
+ # Service calls
165
+
166
+ ##
167
+ # Generates an OAuth 2.0 access token for a service account.
168
+ #
169
+ # @overload generate_access_token(request, options = nil)
170
+ # Pass arguments to `generate_access_token` via a request object, either of type
171
+ # {::Google::Iam::Credentials::V1::GenerateAccessTokenRequest} or an equivalent Hash.
172
+ #
173
+ # @param request [::Google::Iam::Credentials::V1::GenerateAccessTokenRequest, ::Hash]
174
+ # A request object representing the call parameters. Required. To specify no
175
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
176
+ # @param options [::Gapic::CallOptions, ::Hash]
177
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
178
+ #
179
+ # @overload generate_access_token(name: nil, delegates: nil, scope: nil, lifetime: nil)
180
+ # Pass arguments to `generate_access_token` via keyword arguments. Note that at
181
+ # least one keyword argument is required. To specify no parameters, or to keep all
182
+ # the default parameter values, pass an empty Hash as a request object (see above).
183
+ #
184
+ # @param name [::String]
185
+ # Required. The resource name of the service account for which the credentials
186
+ # are requested, in the following format:
187
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
188
+ # character is required; replacing it with a project ID is invalid.
189
+ # @param delegates [::Array<::String>]
190
+ # The sequence of service accounts in a delegation chain. Each service
191
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
192
+ # on its next service account in the chain. The last service account in the
193
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
194
+ # on the service account that is specified in the `name` field of the
195
+ # request.
196
+ #
197
+ # The delegates must have the following format:
198
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
199
+ # character is required; replacing it with a project ID is invalid.
200
+ # @param scope [::Array<::String>]
201
+ # Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
202
+ # See https://developers.google.com/identity/protocols/googlescopes for more
203
+ # information.
204
+ # At least one value required.
205
+ # @param lifetime [::Google::Protobuf::Duration, ::Hash]
206
+ # The desired lifetime duration of the access token in seconds.
207
+ # Must be set to a value less than or equal to 3600 (1 hour). If a value is
208
+ # not specified, the token's lifetime will be set to a default value of one
209
+ # hour.
210
+ # @yield [result, operation] Access the result along with the TransportOperation object
211
+ # @yieldparam result [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
212
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
213
+ #
214
+ # @return [::Google::Iam::Credentials::V1::GenerateAccessTokenResponse]
215
+ #
216
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
217
+ def generate_access_token request, options = nil
218
+ raise ::ArgumentError, "request must be provided" if request.nil?
219
+
220
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateAccessTokenRequest
221
+
222
+ # Converts hash and nil to an options object
223
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
224
+
225
+ # Customize the options with defaults
226
+ call_metadata = @config.rpcs.generate_access_token.metadata.to_h
227
+
228
+ # Set x-goog-api-client and x-goog-user-project headers
229
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
230
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
231
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
232
+ transports_version_send: [:rest]
233
+
234
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
235
+
236
+ options.apply_defaults timeout: @config.rpcs.generate_access_token.timeout,
237
+ metadata: call_metadata,
238
+ retry_policy: @config.rpcs.generate_access_token.retry_policy
239
+
240
+ options.apply_defaults timeout: @config.timeout,
241
+ metadata: @config.metadata,
242
+ retry_policy: @config.retry_policy
243
+
244
+ @iam_credentials_stub.generate_access_token request, options do |result, operation|
245
+ yield result, operation if block_given?
246
+ return result
247
+ end
248
+ rescue ::Gapic::Rest::Error => e
249
+ raise ::Google::Cloud::Error.from_error(e)
250
+ end
251
+
252
+ ##
253
+ # Generates an OpenID Connect ID token for a service account.
254
+ #
255
+ # @overload generate_id_token(request, options = nil)
256
+ # Pass arguments to `generate_id_token` via a request object, either of type
257
+ # {::Google::Iam::Credentials::V1::GenerateIdTokenRequest} or an equivalent Hash.
258
+ #
259
+ # @param request [::Google::Iam::Credentials::V1::GenerateIdTokenRequest, ::Hash]
260
+ # A request object representing the call parameters. Required. To specify no
261
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
262
+ # @param options [::Gapic::CallOptions, ::Hash]
263
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
264
+ #
265
+ # @overload generate_id_token(name: nil, delegates: nil, audience: nil, include_email: nil)
266
+ # Pass arguments to `generate_id_token` via keyword arguments. Note that at
267
+ # least one keyword argument is required. To specify no parameters, or to keep all
268
+ # the default parameter values, pass an empty Hash as a request object (see above).
269
+ #
270
+ # @param name [::String]
271
+ # Required. The resource name of the service account for which the credentials
272
+ # are requested, in the following format:
273
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
274
+ # character is required; replacing it with a project ID is invalid.
275
+ # @param delegates [::Array<::String>]
276
+ # The sequence of service accounts in a delegation chain. Each service
277
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
278
+ # on its next service account in the chain. The last service account in the
279
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
280
+ # on the service account that is specified in the `name` field of the
281
+ # request.
282
+ #
283
+ # The delegates must have the following format:
284
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
285
+ # character is required; replacing it with a project ID is invalid.
286
+ # @param audience [::String]
287
+ # Required. The audience for the token, such as the API or account that this token
288
+ # grants access to.
289
+ # @param include_email [::Boolean]
290
+ # Include the service account email in the token. If set to `true`, the
291
+ # token will contain `email` and `email_verified` claims.
292
+ # @yield [result, operation] Access the result along with the TransportOperation object
293
+ # @yieldparam result [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
294
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
295
+ #
296
+ # @return [::Google::Iam::Credentials::V1::GenerateIdTokenResponse]
297
+ #
298
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
299
+ def generate_id_token request, options = nil
300
+ raise ::ArgumentError, "request must be provided" if request.nil?
301
+
302
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateIdTokenRequest
303
+
304
+ # Converts hash and nil to an options object
305
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
306
+
307
+ # Customize the options with defaults
308
+ call_metadata = @config.rpcs.generate_id_token.metadata.to_h
309
+
310
+ # Set x-goog-api-client and x-goog-user-project headers
311
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
312
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
313
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
314
+ transports_version_send: [:rest]
315
+
316
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
317
+
318
+ options.apply_defaults timeout: @config.rpcs.generate_id_token.timeout,
319
+ metadata: call_metadata,
320
+ retry_policy: @config.rpcs.generate_id_token.retry_policy
321
+
322
+ options.apply_defaults timeout: @config.timeout,
323
+ metadata: @config.metadata,
324
+ retry_policy: @config.retry_policy
325
+
326
+ @iam_credentials_stub.generate_id_token request, options do |result, operation|
327
+ yield result, operation if block_given?
328
+ return result
329
+ end
330
+ rescue ::Gapic::Rest::Error => e
331
+ raise ::Google::Cloud::Error.from_error(e)
332
+ end
333
+
334
+ ##
335
+ # Signs a blob using a service account's system-managed private key.
336
+ #
337
+ # @overload sign_blob(request, options = nil)
338
+ # Pass arguments to `sign_blob` via a request object, either of type
339
+ # {::Google::Iam::Credentials::V1::SignBlobRequest} or an equivalent Hash.
340
+ #
341
+ # @param request [::Google::Iam::Credentials::V1::SignBlobRequest, ::Hash]
342
+ # A request object representing the call parameters. Required. To specify no
343
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
344
+ # @param options [::Gapic::CallOptions, ::Hash]
345
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
346
+ #
347
+ # @overload sign_blob(name: nil, delegates: nil, payload: nil)
348
+ # Pass arguments to `sign_blob` via keyword arguments. Note that at
349
+ # least one keyword argument is required. To specify no parameters, or to keep all
350
+ # the default parameter values, pass an empty Hash as a request object (see above).
351
+ #
352
+ # @param name [::String]
353
+ # Required. The resource name of the service account for which the credentials
354
+ # are requested, in the following format:
355
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
356
+ # character is required; replacing it with a project ID is invalid.
357
+ # @param delegates [::Array<::String>]
358
+ # The sequence of service accounts in a delegation chain. Each service
359
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
360
+ # on its next service account in the chain. The last service account in the
361
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
362
+ # on the service account that is specified in the `name` field of the
363
+ # request.
364
+ #
365
+ # The delegates must have the following format:
366
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
367
+ # character is required; replacing it with a project ID is invalid.
368
+ # @param payload [::String]
369
+ # Required. The bytes to sign.
370
+ # @yield [result, operation] Access the result along with the TransportOperation object
371
+ # @yieldparam result [::Google::Iam::Credentials::V1::SignBlobResponse]
372
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
373
+ #
374
+ # @return [::Google::Iam::Credentials::V1::SignBlobResponse]
375
+ #
376
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
377
+ def sign_blob request, options = nil
378
+ raise ::ArgumentError, "request must be provided" if request.nil?
379
+
380
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignBlobRequest
381
+
382
+ # Converts hash and nil to an options object
383
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
384
+
385
+ # Customize the options with defaults
386
+ call_metadata = @config.rpcs.sign_blob.metadata.to_h
387
+
388
+ # Set x-goog-api-client and x-goog-user-project headers
389
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
390
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
391
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
392
+ transports_version_send: [:rest]
393
+
394
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
395
+
396
+ options.apply_defaults timeout: @config.rpcs.sign_blob.timeout,
397
+ metadata: call_metadata,
398
+ retry_policy: @config.rpcs.sign_blob.retry_policy
399
+
400
+ options.apply_defaults timeout: @config.timeout,
401
+ metadata: @config.metadata,
402
+ retry_policy: @config.retry_policy
403
+
404
+ @iam_credentials_stub.sign_blob request, options do |result, operation|
405
+ yield result, operation if block_given?
406
+ return result
407
+ end
408
+ rescue ::Gapic::Rest::Error => e
409
+ raise ::Google::Cloud::Error.from_error(e)
410
+ end
411
+
412
+ ##
413
+ # Signs a JWT using a service account's system-managed private key.
414
+ #
415
+ # @overload sign_jwt(request, options = nil)
416
+ # Pass arguments to `sign_jwt` via a request object, either of type
417
+ # {::Google::Iam::Credentials::V1::SignJwtRequest} or an equivalent Hash.
418
+ #
419
+ # @param request [::Google::Iam::Credentials::V1::SignJwtRequest, ::Hash]
420
+ # A request object representing the call parameters. Required. To specify no
421
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
422
+ # @param options [::Gapic::CallOptions, ::Hash]
423
+ # Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
424
+ #
425
+ # @overload sign_jwt(name: nil, delegates: nil, payload: nil)
426
+ # Pass arguments to `sign_jwt` via keyword arguments. Note that at
427
+ # least one keyword argument is required. To specify no parameters, or to keep all
428
+ # the default parameter values, pass an empty Hash as a request object (see above).
429
+ #
430
+ # @param name [::String]
431
+ # Required. The resource name of the service account for which the credentials
432
+ # are requested, in the following format:
433
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
434
+ # character is required; replacing it with a project ID is invalid.
435
+ # @param delegates [::Array<::String>]
436
+ # The sequence of service accounts in a delegation chain. Each service
437
+ # account must be granted the `roles/iam.serviceAccountTokenCreator` role
438
+ # on its next service account in the chain. The last service account in the
439
+ # chain must be granted the `roles/iam.serviceAccountTokenCreator` role
440
+ # on the service account that is specified in the `name` field of the
441
+ # request.
442
+ #
443
+ # The delegates must have the following format:
444
+ # `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
445
+ # character is required; replacing it with a project ID is invalid.
446
+ # @param payload [::String]
447
+ # Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
448
+ # @yield [result, operation] Access the result along with the TransportOperation object
449
+ # @yieldparam result [::Google::Iam::Credentials::V1::SignJwtResponse]
450
+ # @yieldparam operation [::Gapic::Rest::TransportOperation]
451
+ #
452
+ # @return [::Google::Iam::Credentials::V1::SignJwtResponse]
453
+ #
454
+ # @raise [::Google::Cloud::Error] if the REST call is aborted.
455
+ def sign_jwt request, options = nil
456
+ raise ::ArgumentError, "request must be provided" if request.nil?
457
+
458
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignJwtRequest
459
+
460
+ # Converts hash and nil to an options object
461
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
462
+
463
+ # Customize the options with defaults
464
+ call_metadata = @config.rpcs.sign_jwt.metadata.to_h
465
+
466
+ # Set x-goog-api-client and x-goog-user-project headers
467
+ call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
468
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
469
+ gapic_version: ::Google::Iam::Credentials::V1::VERSION,
470
+ transports_version_send: [:rest]
471
+
472
+ call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
473
+
474
+ options.apply_defaults timeout: @config.rpcs.sign_jwt.timeout,
475
+ metadata: call_metadata,
476
+ retry_policy: @config.rpcs.sign_jwt.retry_policy
477
+
478
+ options.apply_defaults timeout: @config.timeout,
479
+ metadata: @config.metadata,
480
+ retry_policy: @config.retry_policy
481
+
482
+ @iam_credentials_stub.sign_jwt request, options do |result, operation|
483
+ yield result, operation if block_given?
484
+ return result
485
+ end
486
+ rescue ::Gapic::Rest::Error => e
487
+ raise ::Google::Cloud::Error.from_error(e)
488
+ end
489
+
490
+ ##
491
+ # Configuration class for the IAMCredentials REST API.
492
+ #
493
+ # This class represents the configuration for IAMCredentials REST,
494
+ # providing control over timeouts, retry behavior, logging, transport
495
+ # parameters, and other low-level controls. Certain parameters can also be
496
+ # applied individually to specific RPCs. See
497
+ # {::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client::Configuration::Rpcs}
498
+ # for a list of RPCs that can be configured independently.
499
+ #
500
+ # Configuration can be applied globally to all clients, or to a single client
501
+ # on construction.
502
+ #
503
+ # @example
504
+ #
505
+ # # Modify the global config, setting the timeout for
506
+ # # generate_access_token to 20 seconds,
507
+ # # and all remaining timeouts to 10 seconds.
508
+ # ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.configure do |config|
509
+ # config.timeout = 10.0
510
+ # config.rpcs.generate_access_token.timeout = 20.0
511
+ # end
512
+ #
513
+ # # Apply the above configuration only to a new client.
514
+ # client = ::Google::Iam::Credentials::V1::IAMCredentials::Rest::Client.new do |config|
515
+ # config.timeout = 10.0
516
+ # config.rpcs.generate_access_token.timeout = 20.0
517
+ # end
518
+ #
519
+ # @!attribute [rw] endpoint
520
+ # The hostname or hostname:port of the service endpoint.
521
+ # Defaults to `"iamcredentials.googleapis.com"`.
522
+ # @return [::String]
523
+ # @!attribute [rw] credentials
524
+ # Credentials to send with calls. You may provide any of the following types:
525
+ # * (`String`) The path to a service account key file in JSON format
526
+ # * (`Hash`) A service account key as a Hash
527
+ # * (`Google::Auth::Credentials`) A googleauth credentials object
528
+ # (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
529
+ # * (`Signet::OAuth2::Client`) A signet oauth2 client object
530
+ # (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
531
+ # * (`nil`) indicating no credentials
532
+ # @return [::Object]
533
+ # @!attribute [rw] scope
534
+ # The OAuth scopes
535
+ # @return [::Array<::String>]
536
+ # @!attribute [rw] lib_name
537
+ # The library name as recorded in instrumentation and logging
538
+ # @return [::String]
539
+ # @!attribute [rw] lib_version
540
+ # The library version as recorded in instrumentation and logging
541
+ # @return [::String]
542
+ # @!attribute [rw] timeout
543
+ # The call timeout in seconds.
544
+ # @return [::Numeric]
545
+ # @!attribute [rw] metadata
546
+ # Additional headers to be sent with the call.
547
+ # @return [::Hash{::Symbol=>::String}]
548
+ # @!attribute [rw] retry_policy
549
+ # The retry policy. The value is a hash with the following keys:
550
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
551
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
552
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
553
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
554
+ # trigger a retry.
555
+ # @return [::Hash]
556
+ # @!attribute [rw] quota_project
557
+ # A separate project against which to charge quota.
558
+ # @return [::String]
559
+ #
560
+ class Configuration
561
+ extend ::Gapic::Config
562
+
563
+ config_attr :endpoint, "iamcredentials.googleapis.com", ::String
564
+ config_attr :credentials, nil do |value|
565
+ allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
566
+ allowed.any? { |klass| klass === value }
567
+ end
568
+ config_attr :scope, nil, ::String, ::Array, nil
569
+ config_attr :lib_name, nil, ::String, nil
570
+ config_attr :lib_version, nil, ::String, nil
571
+ config_attr :timeout, nil, ::Numeric, nil
572
+ config_attr :metadata, nil, ::Hash, nil
573
+ config_attr :retry_policy, nil, ::Hash, ::Proc, nil
574
+ config_attr :quota_project, nil, ::String, nil
575
+
576
+ # @private
577
+ def initialize parent_config = nil
578
+ @parent_config = parent_config unless parent_config.nil?
579
+
580
+ yield self if block_given?
581
+ end
582
+
583
+ ##
584
+ # Configurations for individual RPCs
585
+ # @return [Rpcs]
586
+ #
587
+ def rpcs
588
+ @rpcs ||= begin
589
+ parent_rpcs = nil
590
+ parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
591
+ Rpcs.new parent_rpcs
592
+ end
593
+ end
594
+
595
+ ##
596
+ # Configuration RPC class for the IAMCredentials API.
597
+ #
598
+ # Includes fields providing the configuration for each RPC in this service.
599
+ # Each configuration object is of type `Gapic::Config::Method` and includes
600
+ # the following configuration fields:
601
+ #
602
+ # * `timeout` (*type:* `Numeric`) - The call timeout in seconds
603
+ # * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional headers
604
+ # * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
605
+ # include the following keys:
606
+ # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
607
+ # * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
608
+ # * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
609
+ # * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
610
+ # trigger a retry.
611
+ #
612
+ class Rpcs
613
+ ##
614
+ # RPC-specific configuration for `generate_access_token`
615
+ # @return [::Gapic::Config::Method]
616
+ #
617
+ attr_reader :generate_access_token
618
+ ##
619
+ # RPC-specific configuration for `generate_id_token`
620
+ # @return [::Gapic::Config::Method]
621
+ #
622
+ attr_reader :generate_id_token
623
+ ##
624
+ # RPC-specific configuration for `sign_blob`
625
+ # @return [::Gapic::Config::Method]
626
+ #
627
+ attr_reader :sign_blob
628
+ ##
629
+ # RPC-specific configuration for `sign_jwt`
630
+ # @return [::Gapic::Config::Method]
631
+ #
632
+ attr_reader :sign_jwt
633
+
634
+ # @private
635
+ def initialize parent_rpcs = nil
636
+ generate_access_token_config = parent_rpcs.generate_access_token if parent_rpcs.respond_to? :generate_access_token
637
+ @generate_access_token = ::Gapic::Config::Method.new generate_access_token_config
638
+ generate_id_token_config = parent_rpcs.generate_id_token if parent_rpcs.respond_to? :generate_id_token
639
+ @generate_id_token = ::Gapic::Config::Method.new generate_id_token_config
640
+ sign_blob_config = parent_rpcs.sign_blob if parent_rpcs.respond_to? :sign_blob
641
+ @sign_blob = ::Gapic::Config::Method.new sign_blob_config
642
+ sign_jwt_config = parent_rpcs.sign_jwt if parent_rpcs.respond_to? :sign_jwt
643
+ @sign_jwt = ::Gapic::Config::Method.new sign_jwt_config
644
+
645
+ yield self if block_given?
646
+ end
647
+ end
648
+ end
649
+ end
650
+ end
651
+ end
652
+ end
653
+ end
654
+ end
655
+ end