google-api-ruby-client/generated/google/apis/sts_v1beta/classes.rb

192 lines
10 KiB
Ruby
Raw Normal View History

Autogenerated update (2020-09-14) Update: - accessapproval_v1 - accesscontextmanager_v1 - accesscontextmanager_v1beta - admin_directory_v1 - admob_v1 - analyticsreporting_v4 - androidpublisher_v3 - appengine_v1 - appengine_v1beta - bigquery_v2 - bigtableadmin_v1 - bigtableadmin_v2 - binaryauthorization_v1 - binaryauthorization_v1beta1 - calendar_v3 - civicinfo_v2 - cloudasset_v1 - cloudasset_v1beta1 - cloudasset_v1p5beta1 - cloudbuild_v1 - cloudbuild_v1alpha1 - cloudbuild_v1alpha2 - clouderrorreporting_v1beta1 - cloudidentity_v1 - cloudidentity_v1beta1 - cloudiot_v1 - cloudresourcemanager_v1 - cloudresourcemanager_v1beta1 - cloudresourcemanager_v2 - cloudresourcemanager_v2beta1 - cloudsearch_v1 - cloudtasks_v2beta3 - container_v1 - container_v1beta1 - containeranalysis_v1alpha1 - containeranalysis_v1beta1 - content_v2 - content_v2_1 - datacatalog_v1beta1 - datafusion_v1 - datafusion_v1beta1 - dataproc_v1 - dataproc_v1beta2 - dialogflow_v2 - dialogflow_v2beta1 - dialogflow_v3beta1 - digitalassetlinks_v1 - displayvideo_v1 - dlp_v2 - documentai_v1beta2 - doubleclickbidmanager_v1 - doubleclickbidmanager_v1_1 - firebase_v1beta1 - firebasedynamiclinks_v1 - firebasehosting_v1beta1 - firebaseml_v1beta2 - firestore_v1 - firestore_v1beta1 - fitness_v1 - games_v1 - gameservices_v1 - gameservices_v1beta - healthcare_v1 - healthcare_v1beta1 - homegraph_v1 - iam_v1 - iap_v1 - iap_v1beta1 - jobs_v2 - jobs_v3 - jobs_v3p1beta1 - managedidentities_v1alpha1 - managedidentities_v1beta1 - ml_v1 - monitoring_v1 - osconfig_v1 - osconfig_v1beta - playcustomapp_v1 - prod_tt_sasportal_v1alpha1 - remotebuildexecution_v1 - remotebuildexecution_v1alpha - remotebuildexecution_v2 - runtimeconfig_v1beta1 - safebrowsing_v4 - secretmanager_v1 - secretmanager_v1beta1 - servicedirectory_v1beta1 - servicenetworking_v1 - speech_v1p1beta1 - sql_v1beta4 - storage_v1 - storagetransfer_v1 - texttospeech_v1beta1 - tpu_v1 - tpu_v1alpha1 - vault_v1 - verifiedaccess_v1 - videointelligence_v1 - videointelligence_v1beta2 - videointelligence_v1p1beta1 - videointelligence_v1p2beta1 - videointelligence_v1p3beta1 - vision_v1 - vision_v1p1beta1 - vision_v1p2beta1 - youtube_partner_v1 - youtube_v3
2020-09-14 23:21:28 +00:00
# Copyright 2015 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'date'
require 'google/apis/core/base_service'
require 'google/apis/core/json_representation'
require 'google/apis/core/hashable'
require 'google/apis/errors'
module Google
module Apis
module StsV1beta
# Request message for ExchangeToken.
class GoogleIdentityStsV1betaExchangeTokenRequest
include Google::Apis::Core::Hashable
# The full resource name of the identity provider; for example: `https://iam.
# googleapis.com/projects/`PROJECT_ID`/workloadIdentityPools/`POOL_ID`/providers/
# `PROVIDER_ID``. Required when exchanging an external credential for a Google
# access token.
# Corresponds to the JSON property `audience`
# @return [String]
attr_accessor :audience
# Required. The grant type. Must be `urn:ietf:params:oauth:grant-type:token-
# exchange`, which indicates a token exchange is requested.
# Corresponds to the JSON property `grantType`
# @return [String]
attr_accessor :grant_type
# A set of features that Security Token Service supports, in addition to the
# standard OAuth 2.0 token exchange, formatted as a serialized JSON object of
# Options.
# Corresponds to the JSON property `options`
# @return [String]
attr_accessor :options
# Required. An identifier for the type of requested security token. Must be `urn:
# ietf:params:oauth:token-type:access_token`.
# Corresponds to the JSON property `requestedTokenType`
# @return [String]
attr_accessor :requested_token_type
# The OAuth 2.0 scopes to include on the resulting access token, formatted as a
# list of space-delimited, case-sensitive strings. Required when exchanging an
# external credential for a Google access token.
# Corresponds to the JSON property `scope`
# @return [String]
attr_accessor :scope
# Required. The input token. This is a either an external credential issued by a
# WorkloadIdentityPoolProvider, or a short-lived access token issued by Google.
# If the token is an OIDC JWT, it must use the JWT format defined in [RFC 7523](
# https://tools.ietf.org/html/rfc7523), and `subject_token_type` must be `urn:
# ietf:params:oauth:token-type:jwt`. The following headers are required: - **`
# kid`**: The identifier of the signing key securing the JWT. - **`alg`**: The
# cryptographic algorithm securing the JWT. Must be `RS256`. The following
# payload fields are required. For more information, see [RFC 7523, Section 3](
# https://tools.ietf.org/html/rfc7523#section-3). - **`iss`**: The issuer of the
# token. The issuer must provide a discovery document at `/.well-known/openid-
# configuration`, formatted according to section 4.2 of the [OIDC 1.0 Discovery
# specification](https://openid.net/specs/openid-connect-discovery-1_0.html#
# ProviderConfigurationResponse). - **`iat`**: The issue time, in seconds, since
# epoch. Must be in the past. - **`exp`**: The expiration time, in seconds,
# since epoch. Must be fewer than 48 hours after `iat`. Shorter expiration times
# are more. secure. If possible, we recommend setting an expiration time fewer
# than 6 hours. - **`sub`**: The identity asserted in the JWT. - **`aud`**:
# Configured by the mapper policy. The default value is the service account's
# unique ID. Example header: ``` ` "alg": "RS256", "kid": "us-east-11" ` ```
# Example payload: ``` ` "iss": "https://accounts.google.com", "iat": 1517963104,
# "exp": 1517966704, "aud": "113475438248934895348", "sub": "
# 113475438248934895348", "my_claims": ` "additional_claim": "value" ` ` ``` If `
# subject_token` is an AWS token, it must be a serialized, [signed](https://docs.
# aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) request to the
# AWS [`GetCallerIdentity()`](https://docs.aws.amazon.com/STS/latest/
# APIReference/API_GetCallerIdentity) method. Format the request as URL-encoded
# JSON, and set the `subject_token_type` parameter to `urn:ietf:params:aws:token-
# type:aws4_request`. The following parameters are required: - **`url`**: The
# URL of the AWS STS endpoint for `GetCallerIdentity()`, such as `https://sts.
# amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15`. Regional endpoints
# are also supported. - **`method`:** The HTTP request method: `POST`. - **`
# headers`**: The HTTP request headers, which must include: - **`Authorization`**
# : The request signature. - **`x-amz-date`**`: The time you will send the
# request, formatted as an [ISO8601 Basic](https://docs.aws.amazon.com/general/
# latest/gr/sigv4_elements.html#sigv4_elements_date) string. This is typically
# set to the current time, and used to prevent replay attacks. - **`host`**: The
# hostname of the `url` field; for example, `sts.amazonaws.com`. - **`x-goog-
# cloud-target-resource`**: The full, canonical resource name of the
# WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``
# ` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/
# https://iam.googleapis.com/projects//locations//workloadIdentityPools//
# providers/ ``` Signing this header as part of the signature is recommended to
# ensure data integrity. If you are using temporary security credentials
# provided by AWS, you must also include the header `x-amz-security-token`, with
# the value `[SESSION_TOKEN]`. The following is an example of a signed,
# serialized request: ``` ` "headers":[ `"key": "x-amz-date", "value": "
# 20200815T015049Z"`, `"key": "Authorization", "value": "AWS4-HMAC-SHA256+
# Credential=$credential,+SignedHeaders=host;x-amz-date;x-goog-cloud-target-
# resource,+Signature=$signature"`, `"key": "x-goog-cloud-target-resource", "
# value": "//iam.googleapis.com/projects//locations//workloadIdentityPools//
# providers/"`, `"key": "host", "value": "sts.amazonaws.com"` . ], "method":"
# POST", "url":"https://sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-
# 06-15" ` ``` You can also use a Google-issued OAuth 2.0 access token with this
# field to obtain an access token with new security attributes applied, such as
# an AccessBoundary. In this case, set `subject_token_type` to `urn:ietf:params:
# oauth:token-type:access_token`. Applying additional security attributes on
# access tokens that already contain security attributes is not allowed.
# Corresponds to the JSON property `subjectToken`
# @return [String]
attr_accessor :subject_token
# Required. An identifier that indicates the type of the security token in the `
# subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
# type:jwt`, `urn:ietf:params:aws:token-type:aws4_request` and `urn:ietf:params:
# oauth:token-type:access_token`.
# Corresponds to the JSON property `subjectTokenType`
# @return [String]
attr_accessor :subject_token_type
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audience = args[:audience] if args.key?(:audience)
@grant_type = args[:grant_type] if args.key?(:grant_type)
@options = args[:options] if args.key?(:options)
@requested_token_type = args[:requested_token_type] if args.key?(:requested_token_type)
@scope = args[:scope] if args.key?(:scope)
@subject_token = args[:subject_token] if args.key?(:subject_token)
@subject_token_type = args[:subject_token_type] if args.key?(:subject_token_type)
end
end
# Response message for ExchangeToken.
class GoogleIdentityStsV1betaExchangeTokenResponse
include Google::Apis::Core::Hashable
# An OAuth 2.0 security token, issued by Google, in response to the token
# exchange request.
# Corresponds to the JSON property `access_token`
# @return [String]
attr_accessor :access_token
# The expiration time of `access_token`, in seconds, from the time of issuance.
# This field is absent when the `subject_token` in the request is a Google-
# issued, short-lived access token. In this case, the expiration time of the `
# access_token` is the same as the `subject_token`.
# Corresponds to the JSON property `expires_in`
# @return [Fixnum]
attr_accessor :expires_in
# The token type. Always matches the value of `requested_token_type` from the
# request.
# Corresponds to the JSON property `issued_token_type`
# @return [String]
attr_accessor :issued_token_type
# The type of `access_token`. Always has the value `Bearer`.
# Corresponds to the JSON property `token_type`
# @return [String]
attr_accessor :token_type
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@access_token = args[:access_token] if args.key?(:access_token)
@expires_in = args[:expires_in] if args.key?(:expires_in)
@issued_token_type = args[:issued_token_type] if args.key?(:issued_token_type)
@token_type = args[:token_type] if args.key?(:token_type)
end
end
end
end
end