Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/google/cloud/iam_credentials_v1/types/common.py: 100%

36 statements  

« prev     ^ index     » next       coverage.py v7.3.0, created at 2023-08-16 06:17 +0000

1# -*- coding: utf-8 -*- 

2# Copyright 2023 Google LLC 

3# 

4# Licensed under the Apache License, Version 2.0 (the "License"); 

5# you may not use this file except in compliance with the License. 

6# You may obtain a copy of the License at 

7# 

8# http://www.apache.org/licenses/LICENSE-2.0 

9# 

10# Unless required by applicable law or agreed to in writing, software 

11# distributed under the License is distributed on an "AS IS" BASIS, 

12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

13# See the License for the specific language governing permissions and 

14# limitations under the License. 

15# 

16from __future__ import annotations 

17 

18from typing import MutableMapping, MutableSequence 

19 

20from google.protobuf import duration_pb2 # type: ignore 

21from google.protobuf import timestamp_pb2 # type: ignore 

22import proto # type: ignore 

23 

24__protobuf__ = proto.module( 

25 package="google.iam.credentials.v1", 

26 manifest={ 

27 "GenerateAccessTokenRequest", 

28 "GenerateAccessTokenResponse", 

29 "SignBlobRequest", 

30 "SignBlobResponse", 

31 "SignJwtRequest", 

32 "SignJwtResponse", 

33 "GenerateIdTokenRequest", 

34 "GenerateIdTokenResponse", 

35 }, 

36) 

37 

38 

39class GenerateAccessTokenRequest(proto.Message): 

40 r""" 

41 

42 Attributes: 

43 name (str): 

44 Required. The resource name of the service account for which 

45 the credentials are requested, in the following format: 

46 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

47 The ``-`` wildcard character is required; replacing it with 

48 a project ID is invalid. 

49 delegates (MutableSequence[str]): 

50 The sequence of service accounts in a delegation chain. Each 

51 service account must be granted the 

52 ``roles/iam.serviceAccountTokenCreator`` role on its next 

53 service account in the chain. The last service account in 

54 the chain must be granted the 

55 ``roles/iam.serviceAccountTokenCreator`` role on the service 

56 account that is specified in the ``name`` field of the 

57 request. 

58 

59 The delegates must have the following format: 

60 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

61 The ``-`` wildcard character is required; replacing it with 

62 a project ID is invalid. 

63 scope (MutableSequence[str]): 

64 Required. Code to identify the scopes to be 

65 included in the OAuth 2.0 access token. See 

66 https://developers.google.com/identity/protocols/googlescopes 

67 for more information. 

68 At least one value required. 

69 lifetime (google.protobuf.duration_pb2.Duration): 

70 The desired lifetime duration of the access 

71 token in seconds. Must be set to a value less 

72 than or equal to 3600 (1 hour). If a value is 

73 not specified, the token's lifetime will be set 

74 to a default value of one hour. 

75 """ 

76 

77 name: str = proto.Field( 

78 proto.STRING, 

79 number=1, 

80 ) 

81 delegates: MutableSequence[str] = proto.RepeatedField( 

82 proto.STRING, 

83 number=2, 

84 ) 

85 scope: MutableSequence[str] = proto.RepeatedField( 

86 proto.STRING, 

87 number=4, 

88 ) 

89 lifetime: duration_pb2.Duration = proto.Field( 

90 proto.MESSAGE, 

91 number=7, 

92 message=duration_pb2.Duration, 

93 ) 

94 

95 

96class GenerateAccessTokenResponse(proto.Message): 

97 r""" 

98 

99 Attributes: 

100 access_token (str): 

101 The OAuth 2.0 access token. 

102 expire_time (google.protobuf.timestamp_pb2.Timestamp): 

103 Token expiration time. 

104 The expiration time is always set. 

105 """ 

106 

107 access_token: str = proto.Field( 

108 proto.STRING, 

109 number=1, 

110 ) 

111 expire_time: timestamp_pb2.Timestamp = proto.Field( 

112 proto.MESSAGE, 

113 number=3, 

114 message=timestamp_pb2.Timestamp, 

115 ) 

116 

117 

118class SignBlobRequest(proto.Message): 

119 r""" 

120 

121 Attributes: 

122 name (str): 

123 Required. The resource name of the service account for which 

124 the credentials are requested, in the following format: 

125 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

126 The ``-`` wildcard character is required; replacing it with 

127 a project ID is invalid. 

128 delegates (MutableSequence[str]): 

129 The sequence of service accounts in a delegation chain. Each 

130 service account must be granted the 

131 ``roles/iam.serviceAccountTokenCreator`` role on its next 

132 service account in the chain. The last service account in 

133 the chain must be granted the 

134 ``roles/iam.serviceAccountTokenCreator`` role on the service 

135 account that is specified in the ``name`` field of the 

136 request. 

137 

138 The delegates must have the following format: 

139 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

140 The ``-`` wildcard character is required; replacing it with 

141 a project ID is invalid. 

142 payload (bytes): 

143 Required. The bytes to sign. 

144 """ 

145 

146 name: str = proto.Field( 

147 proto.STRING, 

148 number=1, 

149 ) 

150 delegates: MutableSequence[str] = proto.RepeatedField( 

151 proto.STRING, 

152 number=3, 

153 ) 

154 payload: bytes = proto.Field( 

155 proto.BYTES, 

156 number=5, 

157 ) 

158 

159 

160class SignBlobResponse(proto.Message): 

161 r""" 

162 

163 Attributes: 

164 key_id (str): 

165 The ID of the key used to sign the blob. 

166 signed_blob (bytes): 

167 The signed blob. 

168 """ 

169 

170 key_id: str = proto.Field( 

171 proto.STRING, 

172 number=1, 

173 ) 

174 signed_blob: bytes = proto.Field( 

175 proto.BYTES, 

176 number=4, 

177 ) 

178 

179 

180class SignJwtRequest(proto.Message): 

181 r""" 

182 

183 Attributes: 

184 name (str): 

185 Required. The resource name of the service account for which 

186 the credentials are requested, in the following format: 

187 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

188 The ``-`` wildcard character is required; replacing it with 

189 a project ID is invalid. 

190 delegates (MutableSequence[str]): 

191 The sequence of service accounts in a delegation chain. Each 

192 service account must be granted the 

193 ``roles/iam.serviceAccountTokenCreator`` role on its next 

194 service account in the chain. The last service account in 

195 the chain must be granted the 

196 ``roles/iam.serviceAccountTokenCreator`` role on the service 

197 account that is specified in the ``name`` field of the 

198 request. 

199 

200 The delegates must have the following format: 

201 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

202 The ``-`` wildcard character is required; replacing it with 

203 a project ID is invalid. 

204 payload (str): 

205 Required. The JWT payload to sign: a JSON 

206 object that contains a JWT Claims Set. 

207 """ 

208 

209 name: str = proto.Field( 

210 proto.STRING, 

211 number=1, 

212 ) 

213 delegates: MutableSequence[str] = proto.RepeatedField( 

214 proto.STRING, 

215 number=3, 

216 ) 

217 payload: str = proto.Field( 

218 proto.STRING, 

219 number=5, 

220 ) 

221 

222 

223class SignJwtResponse(proto.Message): 

224 r""" 

225 

226 Attributes: 

227 key_id (str): 

228 The ID of the key used to sign the JWT. 

229 signed_jwt (str): 

230 The signed JWT. 

231 """ 

232 

233 key_id: str = proto.Field( 

234 proto.STRING, 

235 number=1, 

236 ) 

237 signed_jwt: str = proto.Field( 

238 proto.STRING, 

239 number=2, 

240 ) 

241 

242 

243class GenerateIdTokenRequest(proto.Message): 

244 r""" 

245 

246 Attributes: 

247 name (str): 

248 Required. The resource name of the service account for which 

249 the credentials are requested, in the following format: 

250 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

251 The ``-`` wildcard character is required; replacing it with 

252 a project ID is invalid. 

253 delegates (MutableSequence[str]): 

254 The sequence of service accounts in a delegation chain. Each 

255 service account must be granted the 

256 ``roles/iam.serviceAccountTokenCreator`` role on its next 

257 service account in the chain. The last service account in 

258 the chain must be granted the 

259 ``roles/iam.serviceAccountTokenCreator`` role on the service 

260 account that is specified in the ``name`` field of the 

261 request. 

262 

263 The delegates must have the following format: 

264 ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. 

265 The ``-`` wildcard character is required; replacing it with 

266 a project ID is invalid. 

267 audience (str): 

268 Required. The audience for the token, such as 

269 the API or account that this token grants access 

270 to. 

271 include_email (bool): 

272 Include the service account email in the token. If set to 

273 ``true``, the token will contain ``email`` and 

274 ``email_verified`` claims. 

275 """ 

276 

277 name: str = proto.Field( 

278 proto.STRING, 

279 number=1, 

280 ) 

281 delegates: MutableSequence[str] = proto.RepeatedField( 

282 proto.STRING, 

283 number=2, 

284 ) 

285 audience: str = proto.Field( 

286 proto.STRING, 

287 number=3, 

288 ) 

289 include_email: bool = proto.Field( 

290 proto.BOOL, 

291 number=4, 

292 ) 

293 

294 

295class GenerateIdTokenResponse(proto.Message): 

296 r""" 

297 

298 Attributes: 

299 token (str): 

300 The OpenId Connect ID token. 

301 """ 

302 

303 token: str = proto.Field( 

304 proto.STRING, 

305 number=1, 

306 ) 

307 

308 

309__all__ = tuple(sorted(__protobuf__.manifest))