def test_generate_id_token(self): # Setup Expected Response token = "token110541305" expected_response = {"token": token} expected_response = common_pb2.GenerateIdTokenResponse(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = iam_credentials_v1.IAMCredentialsClient() # Setup Request name = client.service_account_path("[PROJECT]", "[SERVICE_ACCOUNT]") audience = "audience975628804" response = client.generate_id_token(name, audience) assert expected_response == response assert len(channel.requests) == 1 expected_request = common_pb2.GenerateIdTokenRequest( name=name, audience=audience ) actual_request = channel.requests[0][1] assert expected_request == actual_request
def generate_id_token( self, name, audience, delegates=None, include_email=None, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, ): """ Generates an OpenID Connect ID token for a service account. Example: >>> from google.cloud import iam_credentials_v1 >>> >>> client = iam_credentials_v1.IAMCredentialsClient() >>> >>> name = client.service_account_path('[PROJECT]', '[SERVICE_ACCOUNT]') >>> >>> # TODO: Initialize `audience`: >>> audience = '' >>> >>> response = client.generate_id_token(name, audience) Args: name (str): The resource name of the service account for which the credentials are requested, in the following format: ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. audience (str): The audience for the token, such as the API or account that this token grants access to. delegates (list[str]): The sequence of service accounts in a delegation chain. Each service account must be granted the ``roles/iam.serviceAccountTokenCreator`` role on its next service account in the chain. The last service account in the chain must be granted the ``roles/iam.serviceAccountTokenCreator`` role on the service account that is specified in the ``name`` field of the request. The delegates must have the following format: ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`` include_email (bool): Include the service account email in the token. If set to ``true``, the token will contain ``email`` and ``email_verified`` claims. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will be retried using a default configuration. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.iam_credentials_v1.types.GenerateIdTokenResponse` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if "generate_id_token" not in self._inner_api_calls: self._inner_api_calls[ "generate_id_token"] = google.api_core.gapic_v1.method.wrap_method( self.transport.generate_id_token, default_retry=self._method_configs["GenerateIdToken"]. retry, default_timeout=self._method_configs["GenerateIdToken"]. timeout, client_info=self._client_info, ) request = common_pb2.GenerateIdTokenRequest( name=name, audience=audience, delegates=delegates, include_email=include_email, ) if metadata is None: metadata = [] metadata = list(metadata) try: routing_header = [("name", name)] except AttributeError: pass else: routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( routing_header) metadata.append(routing_metadata) return self._inner_api_calls["generate_id_token"](request, retry=retry, timeout=timeout, metadata=metadata)