Class: Google::Apis::StsV1::CloudSecurityTokenService

Inherits:
Core::BaseService
  • Object
show all
Defined in:
lib/google/apis/sts_v1/service.rb

Overview

Security Token Service API

The Security Token Service exchanges Google or third-party credentials for a short-lived access token to Google Cloud resources.

Examples:

require 'google/apis/sts_v1'

Sts = Google::Apis::StsV1 # Alias the module
service = Sts::CloudSecurityTokenService.new

See Also:

Constant Summary collapse

DEFAULT_ENDPOINT_TEMPLATE =
"https://sts.$UNIVERSE_DOMAIN$/"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeCloudSecurityTokenService

Returns a new instance of CloudSecurityTokenService.



48
49
50
51
52
53
# File 'lib/google/apis/sts_v1/service.rb', line 48

def initialize
  super(DEFAULT_ENDPOINT_TEMPLATE, '',
        client_name: 'google-apis-sts_v1',
        client_version: Google::Apis::StsV1::GEM_VERSION)
  @batch_path = 'batch'
end

Instance Attribute Details

#keyString

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

  • (String)

    API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



41
42
43
# File 'lib/google/apis/sts_v1/service.rb', line 41

def key
  @key
end

#quota_userString

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

  • (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



46
47
48
# File 'lib/google/apis/sts_v1/service.rb', line 46

def quota_user
  @quota_user
end

Instance Method Details

#get_organization_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1Jwks

Fetches the signing keys for an agentic or managed workload identity pool and returns them in JWKs format, defined in RFC 7517. For now, only agentic system pools are supported. Preview This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.

Parameters:

  • name (String)

    Required. The name of the pool whose JWKS needs to be retrieved. Format: ' organizations/ORGANIZATION_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' 'projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' Example(s): 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



88
89
90
91
92
93
94
95
96
# File 'lib/google/apis/sts_v1/service.rb', line 88

def get_organization_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/openid/jwks', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1Jwks::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1Jwks
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig

Gets the OIDC provider configuration for an agentic or managed workload identity pool following the OIDC 1.0 discovery specification. For now, only agentic system pools are supported. Preview This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms . Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.

Parameters:

  • name (String)

    Required. The name of the pool whose OpenID provider configuration to retrieve. Format: 'organizations/ORGANIZATION_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' 'projects/PROJECT_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' Example: 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



132
133
134
135
136
137
138
139
140
# File 'lib/google/apis/sts_v1/service.rb', line 132

def get_organization_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/.well-known/openid-configuration', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1Jwks

Fetches the signing keys for an agentic or managed workload identity pool and returns them in JWKs format, defined in RFC 7517. For now, only agentic system pools are supported. Preview This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.

Parameters:

  • name (String)

    Required. The name of the pool whose JWKS needs to be retrieved. Format: ' organizations/ORGANIZATION_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' 'projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/ POOL_ID' Example(s): 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



175
176
177
178
179
180
181
182
183
# File 'lib/google/apis/sts_v1/service.rb', line 175

def get_project_location_workload_identity_pool_openid_jwks(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/openid/jwks', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1Jwks::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1Jwks
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig

Gets the OIDC provider configuration for an agentic or managed workload identity pool following the OIDC 1.0 discovery specification. For now, only agentic system pools are supported. Preview This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms . Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.

Parameters:

  • name (String)

    Required. The name of the pool whose OpenID provider configuration to retrieve. Format: 'organizations/ORGANIZATION_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' 'projects/PROJECT_NUMBER/locations/global/ workloadIdentityPools/POOL_ID' Example: 'organizations/1234/locations/global/ workloadIdentityPools/agents.global.org-1234.system.id.goog' 'projects/ 12345678/locations/global/workloadIdentityPools/agents.global.proj-12345678. system.id.goog'

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



219
220
221
222
223
224
225
226
227
# File 'lib/google/apis/sts_v1/service.rb', line 219

def get_project_location_workload_identity_pool_well_known_openid_configuration(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/.well-known/openid-configuration', options)
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1OpenIdProviderConfig
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#token(google_identity_sts_v1_exchange_token_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenResponse

Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within an identity pool, or it applies a Credential Access Boundary to a Google access token. Note that workforce pools do not support Credential Access Boundaries. When you call this method, do not send the Authorization HTTP header in the request. This method does not require the Authorization header, and using the header can cause the request to fail.

Parameters:

  • google_identity_sts_v1_exchange_token_request_object (Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



253
254
255
256
257
258
259
260
261
262
# File 'lib/google/apis/sts_v1/service.rb', line 253

def token(google_identity_sts_v1_exchange_token_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/token', options)
  command.request_representation = Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenRequest::Representation
  command.request_object = google_identity_sts_v1_exchange_token_request_object
  command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenResponse::Representation
  command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1ExchangeTokenResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end