Class: Google::Iam::Credentials::V1::IAMCredentials::Client

Inherits:

Object

• Object
• Google::Iam::Credentials::V1::IAMCredentials::Client

Includes:

Paths

Defined in:

lib/google/iam/credentials/v1/iam_credentials/client.rb

Overview

Client for the IAMCredentials service.

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

Defined Under Namespace

Classes: Configuration

Class Method Summary

• .configure {|config| ... } ⇒ Client::Configuration

  Configure the IAMCredentials Client class.

Instance Method Summary

• #configure {|config| ... } ⇒ Client::Configuration

  Configure the IAMCredentials Client instance.

• #generate_access_token(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::Credentials::V1::GenerateAccessTokenResponse

  Generates an OAuth 2.0 access token for a service account.

• #generate_id_token(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::Credentials::V1::GenerateIdTokenResponse

  Generates an OpenID Connect ID token for a service account.

• #initialize {|config| ... } ⇒ Client constructor

  Create a new IAMCredentials client object.

• #sign_blob(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::Credentials::V1::SignBlobResponse

  Signs a blob using a service account's system-managed private key.

• #sign_jwt(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::Credentials::V1::SignJwtResponse

  Signs a JWT using a service account's system-managed private key.

• #universe_domain ⇒ String

  The effective universe domain.

Methods included from Paths

#service_account_path

Constructor Details

#initialize {|config| ... } ⇒ Client

Create a new IAMCredentials client object.

Examples:

# Create a client using the default configuration
client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new

# Create a client using a custom configuration
client = ::Google::Iam::Credentials::V1::IAMCredentials::Client.new do |config|
  config.timeout = 10.0
end

Yields:

• (config) —

  Configure the IAMCredentials client.

Yield Parameters:

• config (Client::Configuration)

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 152

def initialize
  # These require statements are intentionally placed here to initialize
  # the gRPC module only when it's required.
  # See https://github.com/googleapis/toolkit/issues/446
  require "gapic/grpc"
  require "google/iam/credentials/v1/iamcredentials_services_pb"

  # Create the configuration object
  @config = Configuration.new Client.configure

  # Yield the configuration if needed
  yield @config if block_given?

  # Create credentials
  credentials = @config.credentials
  # Use self-signed JWT if the endpoint is unchanged from default,
  # but only if the default endpoint does not have a region prefix.
  enable_self_signed_jwt = @config.endpoint.nil? ||
                           (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                           !@config.endpoint.split(".").first.include?("-"))
  credentials ||= Credentials.default scope: @config.scope,
                                      enable_self_signed_jwt: enable_self_signed_jwt
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
    credentials = Credentials.new credentials, scope: @config.scope
  end
  @quota_project_id = @config.quota_project
  @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id

  @iam_credentials_stub = ::Gapic::ServiceStub.new(
    ::Google::Iam::Credentials::V1::IAMCredentials::Stub,
    credentials: credentials,
    endpoint: @config.endpoint,
    endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
    universe_domain: @config.universe_domain,
    channel_args: @config.channel_args,
    interceptors: @config.interceptors,
    channel_pool_config: @config.channel_pool
  )
end

Class Method Details

.configure {|config| ... } ⇒ Client::Configuration

Configure the IAMCredentials Client class.

See Configuration for a description of the configuration fields.

Examples:

# Modify the configuration for all IAMCredentials clients
::Google::Iam::Credentials::V1::IAMCredentials::Client.configure do |config|
  config.timeout = 10.0
end

Yields:

• (config) —

  Configure the Client client.

Yield Parameters:

• config (Client::Configuration)

Returns:

• (Client::Configuration)

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 70

def self.configure
  @configure ||= begin
    namespace = ["Google", "Iam", "Credentials", "V1"]
    parent_config = while namespace.any?
                      parent_name = namespace.join "::"
                      parent_const = const_get parent_name
                      break parent_const.configure if parent_const.respond_to? :configure
                      namespace.pop
                    end
    default_config = Client::Configuration.new parent_config

    default_config.rpcs.generate_access_token.timeout = 60.0
    default_config.rpcs.generate_access_token.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.generate_id_token.timeout = 60.0
    default_config.rpcs.generate_id_token.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.sign_blob.timeout = 60.0
    default_config.rpcs.sign_blob.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.sign_jwt.timeout = 60.0
    default_config.rpcs.sign_jwt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config
  end
  yield @configure if block_given?
  @configure
end

Instance Method Details

#configure {|config| ... } ⇒ Client::Configuration

Configure the IAMCredentials Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.

See Configuration for a description of the configuration fields.

Yields:

• (config) —

  Configure the Client client.

Yield Parameters:

• config (Client::Configuration)

Returns:

• (Client::Configuration)

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 122

def configure
  yield @config if block_given?
  @config
end

#generate_access_token(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::GenerateAccessTokenResponse #generate_access_token(name: nil, delegates: nil, scope: nil, lifetime: nil) ⇒ ::Google::Iam::Credentials::V1::GenerateAccessTokenResponse

Generates an OAuth 2.0 access token for a service account.

Examples:

Basic example

require "google/iam/credentials/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Iam::Credentials::V1::IAMCredentials::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::Credentials::V1::GenerateAccessTokenRequest.new

# Call the generate_access_token method.
result = client.generate_access_token request

# The returned object is of type Google::Iam::Credentials::V1::GenerateAccessTokenResponse.
p result

Overloads:

• #generate_access_token(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::GenerateAccessTokenResponse

  Pass arguments to generate_access_token via a request object, either of type GenerateAccessTokenRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Iam::Credentials::V1::GenerateAccessTokenRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #generate_access_token(name: nil, delegates: nil, scope: nil, lifetime: nil) ⇒ ::Google::Iam::Credentials::V1::GenerateAccessTokenResponse

  Pass arguments to generate_access_token via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • delegates (::Array<::String>) (defaults to: nil) —

    The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

    The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • scope (::Array<::String>) (defaults to: nil) —

    Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

  • lifetime (::Google::Protobuf::Duration, ::Hash) (defaults to: nil) —

    The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Iam::Credentials::V1::GenerateAccessTokenResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Iam::Credentials::V1::GenerateAccessTokenResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 262

def generate_access_token request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateAccessTokenRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.generate_access_token.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Iam::Credentials::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.generate_access_token.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.generate_access_token.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @iam_credentials_stub.call_rpc :generate_access_token, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#generate_id_token(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::GenerateIdTokenResponse #generate_id_token(name: nil, delegates: nil, audience: nil, include_email: nil) ⇒ ::Google::Iam::Credentials::V1::GenerateIdTokenResponse

Generates an OpenID Connect ID token for a service account.

Examples:

Basic example

require "google/iam/credentials/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Iam::Credentials::V1::IAMCredentials::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::Credentials::V1::GenerateIdTokenRequest.new

# Call the generate_id_token method.
result = client.generate_id_token request

# The returned object is of type Google::Iam::Credentials::V1::GenerateIdTokenResponse.
p result

Overloads:

• #generate_id_token(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::GenerateIdTokenResponse

  Pass arguments to generate_id_token via a request object, either of type GenerateIdTokenRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Iam::Credentials::V1::GenerateIdTokenRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #generate_id_token(name: nil, delegates: nil, audience: nil, include_email: nil) ⇒ ::Google::Iam::Credentials::V1::GenerateIdTokenResponse

  Pass arguments to generate_id_token via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • delegates (::Array<::String>) (defaults to: nil) —

    The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

    The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • audience (::String) (defaults to: nil) —

    Required. The audience for the token, such as the API or account that this token grants access to.

  • include_email (::Boolean) (defaults to: nil) —

    Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Iam::Credentials::V1::GenerateIdTokenResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Iam::Credentials::V1::GenerateIdTokenResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 368

def generate_id_token request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::GenerateIdTokenRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.generate_id_token.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Iam::Credentials::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.generate_id_token.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.generate_id_token.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @iam_credentials_stub.call_rpc :generate_id_token, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#sign_blob(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::SignBlobResponse #sign_blob(name: nil, delegates: nil, payload: nil) ⇒ ::Google::Iam::Credentials::V1::SignBlobResponse

Signs a blob using a service account's system-managed private key.

Examples:

Basic example

require "google/iam/credentials/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Iam::Credentials::V1::IAMCredentials::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::Credentials::V1::SignBlobRequest.new

# Call the sign_blob method.
result = client.sign_blob request

# The returned object is of type Google::Iam::Credentials::V1::SignBlobResponse.
p result

Overloads:

• #sign_blob(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::SignBlobResponse

  Pass arguments to sign_blob via a request object, either of type SignBlobRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Iam::Credentials::V1::SignBlobRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #sign_blob(name: nil, delegates: nil, payload: nil) ⇒ ::Google::Iam::Credentials::V1::SignBlobResponse

  Pass arguments to sign_blob via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • delegates (::Array<::String>) (defaults to: nil) —

    The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

    The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • payload (::String) (defaults to: nil) —

    Required. The bytes to sign.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Iam::Credentials::V1::SignBlobResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Iam::Credentials::V1::SignBlobResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 470

def sign_blob request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignBlobRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.sign_blob.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Iam::Credentials::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.sign_blob.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.sign_blob.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @iam_credentials_stub.call_rpc :sign_blob, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#sign_jwt(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::SignJwtResponse #sign_jwt(name: nil, delegates: nil, payload: nil) ⇒ ::Google::Iam::Credentials::V1::SignJwtResponse

Signs a JWT using a service account's system-managed private key.

Examples:

Basic example

require "google/iam/credentials/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Iam::Credentials::V1::IAMCredentials::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::Credentials::V1::SignJwtRequest.new

# Call the sign_jwt method.
result = client.sign_jwt request

# The returned object is of type Google::Iam::Credentials::V1::SignJwtResponse.
p result

Overloads:

• #sign_jwt(request, options = nil) ⇒ ::Google::Iam::Credentials::V1::SignJwtResponse

  Pass arguments to sign_jwt via a request object, either of type SignJwtRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Iam::Credentials::V1::SignJwtRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #sign_jwt(name: nil, delegates: nil, payload: nil) ⇒ ::Google::Iam::Credentials::V1::SignJwtResponse

  Pass arguments to sign_jwt via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • delegates (::Array<::String>) (defaults to: nil) —

    The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

    The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

  • payload (::String) (defaults to: nil) —

    Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Iam::Credentials::V1::SignJwtResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Iam::Credentials::V1::SignJwtResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 572

def sign_jwt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::Credentials::V1::SignJwtRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.sign_jwt.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Iam::Credentials::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.sign_jwt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.sign_jwt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @iam_credentials_stub.call_rpc :sign_jwt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#universe_domain ⇒ String

The effective universe domain

Returns:

• (String)

# File 'lib/google/iam/credentials/v1/iam_credentials/client.rb', line 132

def universe_domain
  @iam_credentials_stub.universe_domain
end