Class: Google::Apis::IamcredentialsV1::IAMCredentialsService

Inherits:

Core::BaseService

• Object
• Core::BaseService
• Google::Apis::IamcredentialsV1::IAMCredentialsService

Defined in:

lib/google/apis/iamcredentials_v1/service.rb

Overview

IAM Service Account Credentials API

Creates short-lived credentials for impersonating IAM service accounts. Disabling this API also disables the IAM API (iam.googleapis.com). However, enabling this API doesn't enable the IAM API.

Examples:

require 'google/apis/iamcredentials_v1'

Iamcredentials = Google::Apis::IamcredentialsV1 # Alias the module
service = Iamcredentials::IAMCredentialsService.new

See Also:

• https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials

Constant Summary

DEFAULT_ENDPOINT_TEMPLATE =

"https://iamcredentials.$UNIVERSE_DOMAIN$/"

Instance Attribute Summary

• #key ⇒ String

  API key.

• #quota_user ⇒ String

  Available to use for quota purposes for server-side applications.

Instance Method Summary

• #generate_service_account_access_token(name, generate_access_token_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::GenerateAccessTokenResponse

  Generates an OAuth 2.0 access token for a service account.

• #generate_service_account_id_token(name, generate_id_token_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::GenerateIdTokenResponse

  Generates an OpenID Connect ID token for a service account.

• #get_project_service_account_allowed_locations(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::ServiceAccountAllowedLocations

  Returns the trust boundary info for a given service account.

• #initialize ⇒ IAMCredentialsService constructor

  A new instance of IAMCredentialsService.

• #sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::SignBlobResponse

  Signs a blob using a service account's system-managed private key.

• #sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::SignJwtResponse

  Signs a JWT using a service account's system-managed private key.

Constructor Details

#initialize ⇒ IAMCredentialsService

Returns a new instance of IAMCredentialsService.

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 49

def initialize
  super(DEFAULT_ENDPOINT_TEMPLATE, '',
        client_name: 'google-apis-iamcredentials_v1',
        client_version: Google::Apis::IamcredentialsV1::GEM_VERSION)
  @batch_path = 'batch'
end

Instance Attribute Details

#key ⇒ String

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

• (String) —

  API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 42

def key
  @key
end

#quota_user ⇒ String

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

• (String) —

  Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 47

def quota_user
  @quota_user
end

Instance Method Details

#generate_service_account_access_token(name, generate_access_token_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::GenerateAccessTokenResponse

Generates an OAuth 2.0 access token for a service account.

Parameters:

• name (String) —

  Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/ ACCOUNT_EMAIL_OR_UNIQUEID`. The-` wildcard character is required; replacing it with a project ID is invalid.

• generate_access_token_request_object (Google::Apis::IamcredentialsV1::GenerateAccessTokenRequest) (defaults to: nil)
• fields (String) (defaults to: nil) —

  Selector specifying which fields to include in a partial response.

• quota_user (String) (defaults to: nil) —

  Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• options (Google::Apis::RequestOptions) (defaults to: nil) —

  Request-specific options

Yields:

• (result, err) —

  Result & error if block supplied

Yield Parameters:

• result (Google::Apis::IamcredentialsV1::GenerateAccessTokenResponse) —

  parsed result object

• err (StandardError) —

  error object if request failed

Returns:

• (Google::Apis::IamcredentialsV1::GenerateAccessTokenResponse)

Raises:

• (Google::Apis::ServerError) —

  An error occurred on the server and the request can be retried

• (Google::Apis::ClientError) —

  The request is invalid and should not be retried without modification

• (Google::Apis::AuthorizationError) —

  Authorization is required

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 80

def generate_service_account_access_token(name, generate_access_token_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:generateAccessToken', options)
  command.request_representation = Google::Apis::IamcredentialsV1::GenerateAccessTokenRequest::Representation
  command.request_object = generate_access_token_request_object
  command.response_representation = Google::Apis::IamcredentialsV1::GenerateAccessTokenResponse::Representation
  command.response_class = Google::Apis::IamcredentialsV1::GenerateAccessTokenResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#generate_service_account_id_token(name, generate_id_token_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::GenerateIdTokenResponse

Generates an OpenID Connect ID token for a service account.

Parameters:

• name (String) —

  Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/ ACCOUNT_EMAIL_OR_UNIQUEID`. The-` wildcard character is required; replacing it with a project ID is invalid.

• generate_id_token_request_object (Google::Apis::IamcredentialsV1::GenerateIdTokenRequest) (defaults to: nil)
• fields (String) (defaults to: nil) —

  Selector specifying which fields to include in a partial response.

• quota_user (String) (defaults to: nil) —

  Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• options (Google::Apis::RequestOptions) (defaults to: nil) —

  Request-specific options

Yields:

• (result, err) —

  Result & error if block supplied

Yield Parameters:

• result (Google::Apis::IamcredentialsV1::GenerateIdTokenResponse) —

  parsed result object

• err (StandardError) —

  error object if request failed

Returns:

• (Google::Apis::IamcredentialsV1::GenerateIdTokenResponse)

Raises:

• (Google::Apis::ServerError) —

  An error occurred on the server and the request can be retried

• (Google::Apis::ClientError) —

  The request is invalid and should not be retried without modification

• (Google::Apis::AuthorizationError) —

  Authorization is required

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 116

def generate_service_account_id_token(name, generate_id_token_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:generateIdToken', options)
  command.request_representation = Google::Apis::IamcredentialsV1::GenerateIdTokenRequest::Representation
  command.request_object = generate_id_token_request_object
  command.response_representation = Google::Apis::IamcredentialsV1::GenerateIdTokenResponse::Representation
  command.response_class = Google::Apis::IamcredentialsV1::GenerateIdTokenResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_allowed_locations(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::ServiceAccountAllowedLocations

Returns the trust boundary info for a given service account.

Parameters:

• name (String) —

  Required. Resource name of service account.

• fields (String) (defaults to: nil) —

  Selector specifying which fields to include in a partial response.

• quota_user (String) (defaults to: nil) —

  Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• options (Google::Apis::RequestOptions) (defaults to: nil) —

  Request-specific options

Yields:

• (result, err) —

  Result & error if block supplied

Yield Parameters:

• result (Google::Apis::IamcredentialsV1::ServiceAccountAllowedLocations) —

  parsed result object

• err (StandardError) —

  error object if request failed

Returns:

• (Google::Apis::IamcredentialsV1::ServiceAccountAllowedLocations)

Raises:

• (Google::Apis::ServerError) —

  An error occurred on the server and the request can be retried

• (Google::Apis::ClientError) —

  The request is invalid and should not be retried without modification

• (Google::Apis::AuthorizationError) —

  Authorization is required

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 148

def get_project_service_account_allowed_locations(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/allowedLocations', options)
  command.response_representation = Google::Apis::IamcredentialsV1::ServiceAccountAllowedLocations::Representation
  command.response_class = Google::Apis::IamcredentialsV1::ServiceAccountAllowedLocations
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::SignBlobResponse

Signs a blob using a service account's system-managed private key.

Parameters:

• name (String) —

  Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/ ACCOUNT_EMAIL_OR_UNIQUEID`. The-` wildcard character is required; replacing it with a project ID is invalid.

• sign_blob_request_object (Google::Apis::IamcredentialsV1::SignBlobRequest) (defaults to: nil)
• fields (String) (defaults to: nil) —

  Selector specifying which fields to include in a partial response.

• quota_user (String) (defaults to: nil) —

  Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• options (Google::Apis::RequestOptions) (defaults to: nil) —

  Request-specific options

Yields:

• (result, err) —

  Result & error if block supplied

Yield Parameters:

• result (Google::Apis::IamcredentialsV1::SignBlobResponse) —

  parsed result object

• err (StandardError) —

  error object if request failed

Returns:

• (Google::Apis::IamcredentialsV1::SignBlobResponse)

Raises:

• (Google::Apis::ServerError) —

  An error occurred on the server and the request can be retried

• (Google::Apis::ClientError) —

  The request is invalid and should not be retried without modification

• (Google::Apis::AuthorizationError) —

  Authorization is required

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 182

def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamcredentialsV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamcredentialsV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamcredentialsV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamcredentialsV1::SignJwtResponse

Signs a JWT using a service account's system-managed private key.

Parameters:

• name (String) —

  Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/ ACCOUNT_EMAIL_OR_UNIQUEID`. The-` wildcard character is required; replacing it with a project ID is invalid.

• sign_jwt_request_object (Google::Apis::IamcredentialsV1::SignJwtRequest) (defaults to: nil)
• fields (String) (defaults to: nil) —

  Selector specifying which fields to include in a partial response.

• quota_user (String) (defaults to: nil) —

  Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• options (Google::Apis::RequestOptions) (defaults to: nil) —

  Request-specific options

Yields:

• (result, err) —

  Result & error if block supplied

Yield Parameters:

• result (Google::Apis::IamcredentialsV1::SignJwtResponse) —

  parsed result object

• err (StandardError) —

  error object if request failed

Returns:

• (Google::Apis::IamcredentialsV1::SignJwtResponse)

Raises:

• (Google::Apis::ServerError) —

  An error occurred on the server and the request can be retried

• (Google::Apis::ClientError) —

  The request is invalid and should not be retried without modification

• (Google::Apis::AuthorizationError) —

  Authorization is required

# File 'lib/google/apis/iamcredentials_v1/service.rb', line 218

def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamcredentialsV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamcredentialsV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamcredentialsV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end