Class: Google::Apis::StsV1::CloudSecurityTokenService

Inherits:
Core::BaseService
  • Object
show all
Defined in:
lib/google/apis/sts_v1/service.rb

Overview

Security Token Service API

The Security Token Service exchanges Google or third-party credentials for a short-lived access token to Google Cloud resources.

Examples:

require 'google/apis/sts_v1'

Sts = Google::Apis::StsV1 # Alias the module
service = Sts::CloudSecurityTokenService.new

See Also:

Constant Summary collapse

DEFAULT_ENDPOINT_TEMPLATE =
"https://sts.$UNIVERSE_DOMAIN$/"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeCloudSecurityTokenService

Returns a new instance of CloudSecurityTokenService.



48
49
50
51
52
53
# File 'lib/google/apis/sts_v1/service.rb', line 48

def initialize
  super(DEFAULT_ENDPOINT_TEMPLATE, '',
        client_name: 'google-apis-sts_v1',
        client_version: Google::Apis::StsV1::GEM_VERSION)
  @batch_path = 'batch'
end

Instance Attribute Details

#keyString

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

  • (String)

    API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



41
42
43
# File 'lib/google/apis/sts_v1/service.rb', line 41

def key
  @key
end

#quota_userString

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

  • (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



46
47
48
# File 'lib/google/apis/sts_v1/service.rb', line 46

def quota_user
  @quota_user
end

Instance Method Details

#get_organization_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1Jwks

Fetches the signing keys for an agentic or managed workload identity pool and returns them in JWKs format, defined in RFC 7517. For now, only agentic system pools are supported.

Parameters:

  • name (String)

    Required. The name of the pool whose JWKS needs to be retrieved. Format: ' organizations/ORGANIZATION_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' 'projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' Example(s): 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



83
84
85
86
87
88
89
90
91
# File 'lib/google/apis/sts_v1/service.rb', line 83

def get_organization_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/openid/jwks', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1Jwks::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1Jwks
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig

Gets the OIDC provider configuration for an agentic or managed workload identity pool following the OIDC 1.0 discovery specification. For now, only agentic system pools are supported.

Parameters:

  • name (String)

    Required. The name of the pool whose OpenID provider configuration to retrieve. Format: 'organizations/ORGANIZATION_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' 'projects/PROJECT_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' Example: 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



122
123
124
125
126
127
128
129
130
# File 'lib/google/apis/sts_v1/service.rb', line 122

def get_organization_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/.well-known/openid-configuration', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1Jwks

Fetches the signing keys for an agentic or managed workload identity pool and returns them in JWKs format, defined in RFC 7517. For now, only agentic system pools are supported.

Parameters:

  • name (String)

    Required. The name of the pool whose JWKS needs to be retrieved. Format: ' organizations/ORGANIZATION_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' 'projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' Example(s): 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



160
161
162
163
164
165
166
167
168
# File 'lib/google/apis/sts_v1/service.rb', line 160

def get_project_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/openid/jwks', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1Jwks::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1Jwks
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig

Gets the OIDC provider configuration for an agentic or managed workload identity pool following the OIDC 1.0 discovery specification. For now, only agentic system pools are supported.

Parameters:

  • name (String)

    Required. The name of the pool whose OpenID provider configuration to retrieve. Format: 'organizations/ORGANIZATION_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' 'projects/PROJECT_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' Example: 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



199
200
201
202
203
204
205
206
207
# File 'lib/google/apis/sts_v1/service.rb', line 199

def get_project_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/.well-known/openid-configuration', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#token(google_identity_sts_v1_exchange_token_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenResponse

Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within an identity pool, or it applies a Credential Access Boundary to a Google access token. Note that workforce pools do not support Credential Access Boundaries. When you call this method, do not send the Authorization HTTP header in the request. This method does not require the Authorization header, and using the header can cause the request to fail.

Parameters:

  • google_identity_sts_v1_exchange_token_request_object (Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



233
234
235
236
237
238
239
240
241
242
# File 'lib/google/apis/sts_v1/service.rb', line 233

def token(google_identity_sts_v1_exchange_token_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/token', options)
  command.request_representation = Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenRequest::Representation
  command.request_object = google_identity_sts_v1_exchange_token_request_object
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenResponse::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end