google.auth.iam module¶
Tools for using the Google Cloud Identity and Access Management (IAM) API’s auth-related functionality.
- class Signer(request, credentials, service_account_email)[source]¶
Bases:
Signer
Signs messages using the IAM signBlob API.
This is useful when you need to sign bytes but do not have access to the credential’s private key file.
- Parameters:
request (google.auth.transport.Request) – The object used to make HTTP requests.
credentials (google.auth.credentials.Credentials) –
The credentials that will be used to authenticate the request to the IAM API. The credentials must have of one the following scopes:
service_account_email (str) – The service account email identifying which service account to use to sign bytes. Often, this can be the same as the service account email in the given credentials.
- property key_id¶
The key ID used to identify this private key.
Warning
This is always
None
. The key ID used by IAM can not be reliably determined ahead of time.