async def sign_blob(self,
request: Union[common.SignBlobRequest, dict] = None,
*,
name: str = None,
delegates: Sequence[str] = None,
payload: bytes = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
) -> common.SignBlobResponse:
r"""Signs a blob using a service account's system-managed
private key.
.. code-block:: python
from google.iam import credentials_v1
async def sample_sign_blob():
# Create a client
client = credentials_v1.IAMCredentialsAsyncClient()
# Initialize request argument(s)
request = credentials_v1.SignBlobRequest(
name="name_value",
payload=b'payload_blob',
)
# Make the request
response = await client.sign_blob(request=request)
# Handle the response
print(response)
Args:
request (Union[google.iam.credentials_v1.types.SignBlobRequest, dict]):
The request object.
name (:class:`str`):
Required. The resource name of the service account for
which the credentials are requested, in the following
format:
``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``.
The ``-`` wildcard character is required; replacing it
with a project ID is invalid.
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
delegates (:class:`Sequence[str]`):
The sequence of service accounts in a delegation chain.
Each service account must be granted the
``roles/iam.serviceAccountTokenCreator`` role on its
next service account in the chain. The last service
account in the chain must be granted the
``roles/iam.serviceAccountTokenCreator`` role on the
service account that is specified in the ``name`` field
of the request.
The delegates must have the following format:
``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``.
The ``-`` wildcard character is required; replacing it
with a project ID is invalid.
This corresponds to the ``delegates`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
payload (:class:`bytes`):
Required. The bytes to sign.
This corresponds to the ``payload`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
Returns:
google.iam.credentials_v1.types.SignBlobResponse:
"""
# Create or coerce a protobuf request object.
# Quick check: If we got a request object, we should *not* have
# gotten any keyword arguments that map to the request.
has_flattened_params = any([name, delegates, payload])
if request is not None and has_flattened_params:
raise ValueError("If the `request` argument is set, then none of "
"the individual field arguments should be set.")
request = common.SignBlobRequest(request)
# If we have keyword arguments corresponding to fields on the
# request, apply these.
if name is not None:
request.name = name
if payload is not None:
request.payload = payload
if delegates:
request.delegates.extend(delegates)
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
rpc = gapic_v1.method_async.wrap_method(
self._client._transport.sign_blob,
default_retry=retries.Retry(
initial=0.1,maximum=60.0,multiplier=1.3, predicate=retries.if_exception_type(
core_exceptions.DeadlineExceeded,
core_exceptions.ServiceUnavailable,
),
deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
)
# Certain fields should be provided within the metadata header;
# add these here.
metadata = tuple(metadata) + (
gapic_v1.routing_header.to_grpc_metadata((
("name", request.name),
)),
)
# Send the request.
response = await rpc(
request,
retry=retry,
timeout=timeout,
metadata=metadata,
)
# Done; return the response.
return response
def sign_blob(
self,
request: Union[common.SignBlobRequest, dict] = None,
*,
name: str = None,
delegates: Sequence[str] = None,
payload: bytes = None,
retry: OptionalRetry = gapic_v1.method.DEFAULT,
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
) -> common.SignBlobResponse:
r"""Signs a blob using a service account's system-managed
private key.
.. code-block:: python
from google.iam import credentials_v1
def sample_sign_blob():
# Create a client
client = credentials_v1.IAMCredentialsClient()
# Initialize request argument(s)
request = credentials_v1.SignBlobRequest(
name="name_value",
payload=b'payload_blob',
)
# Make the request
response = client.sign_blob(request=request)
# Handle the response
print(response)
Args:
request (Union[google.iam.credentials_v1.types.SignBlobRequest, dict]):
The request object.
name (str):
Required. The resource name of the service account for
which the credentials are requested, in the following
format:
``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``.
The ``-`` wildcard character is required; replacing it
with a project ID is invalid.
This corresponds to the ``name`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
delegates (Sequence[str]):
The sequence of service accounts in a delegation chain.
Each service account must be granted the
``roles/iam.serviceAccountTokenCreator`` role on its
next service account in the chain. The last service
account in the chain must be granted the
``roles/iam.serviceAccountTokenCreator`` role on the
service account that is specified in the ``name`` field
of the request.
The delegates must have the following format:
``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``.
The ``-`` wildcard character is required; replacing it
with a project ID is invalid.
This corresponds to the ``delegates`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
payload (bytes):
Required. The bytes to sign.
This corresponds to the ``payload`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
metadata (Sequence[Tuple[str, str]]): Strings which should be
sent along with the request as metadata.
Returns:
google.iam.credentials_v1.types.SignBlobResponse:
"""
# Create or coerce a protobuf request object.
# Quick check: If we got a request object, we should *not* have
# gotten any keyword arguments that map to the request.
has_flattened_params = any([name, delegates, payload])
if request is not None and has_flattened_params:
raise ValueError('If the `request` argument is set, then none of '
'the individual field arguments should be set.')
# Minor optimization to avoid making a copy if the user passes
# in a common.SignBlobRequest.
# There's no risk of modifying the input as we've already verified
# there are no flattened fields.
if not isinstance(request, common.SignBlobRequest):
request = common.SignBlobRequest(request)
# If we have keyword arguments corresponding to fields on the
# request, apply these.
if name is not None:
request.name = name
if delegates is not None:
request.delegates = delegates
if payload is not None:
request.payload = payload
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
rpc = self._transport._wrapped_methods[self._transport.sign_blob]
# Certain fields should be provided within the metadata header;
# add these here.
metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata(
(("name", request.name), )), )
# Send the request.
response = rpc(
request,
retry=retry,
timeout=timeout,
metadata=metadata,
)
# Done; return the response.
return response