YSrSSKrSSKJr SSKrSSKJr SSKJr SSKJ r Sr \ S-r "SS \R5r g) zTools for using the Google `Cloud Identity and Access Management (IAM) API`_'s auth-related functionality. .. _Cloud Identity and Access Management (IAM) API: https://cloud.google.com/iam/docs/ N)_helpers)crypt) exceptionsz(https://iamcredentials.googleapis.com/v1z0/projects/-/serviceAccounts/{}:signBlob?alt=jsoncx\rSrSrSrSrSr\S5r\ R"\ R5S5r Srg) Signer#aSigns messages using the IAM `signBlob API`_. This is useful when you need to sign bytes but do not have access to the credential's private key file. .. _signBlob API: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts /signBlob c(XlX lX0lg)au Args: request (google.auth.transport.Request): The object used to make HTTP requests. credentials (google.auth.credentials.Credentials): The credentials that will be used to authenticate the request to the IAM API. The credentials must have of one the following scopes: - https://www.googleapis.com/auth/iam - https://www.googleapis.com/auth/cloud-platform service_account_email (str): The service account email identifying which service account to use to sign bytes. Often, this can be the same as the service account email in the given credentials. N)_request _credentials_service_account_email)selfrequest credentialsservice_account_emails *platform/bq/third_party/google/auth/iam.py__init__Signer.__init__.s  '&;#cr[R"U5nSn[RUR5nSS0n[ R "S[R"U5RS505RS5nURRURX#U5 URX2XTS9nUR[R :wa/["R$"SRUR&55e[ R("UR&RS55$)z(Makes a request to the API signBlob API.POSTz Content-Typezapplication/jsonpayloadzutf-8)urlmethodbodyheadersz&Error calling the IAM signBlob API: {})rto_bytes_SIGN_BLOB_URIformatr jsondumpsbase64 b64encodedecodeencoder before_requestr status http_clientOKrTransportErrordataloads)r messagerrrrresponses r_make_signing_requestSigner._make_signing_requestBs##G,##D$?$?@!#56zz ((188A B &/  ((WM==Sd=T ??knn ,++8?? N zz(--..w788rcg)zOptional[str]: The key ID used to identify this private key. .. warning:: This is always ``None``. The key ID used by IAM can not be reliably determined ahead of time. N)r s rkey_id Signer.key_idWsrcVURU5n[R"US5$)N signedBlob)r.r! b64decode)r r,r-s rsign Signer.signas(--g6 677r)r r r N)__name__ __module__ __qualname____firstlineno____doc__rr.propertyr2rcopy_docstringrrr7__static_attributes__r1rrrr#sH<(9*U\\*8+8rr) r=r! http.clientclientr'r google.authrrr_IAM_API_ROOT_URIrrr1rrrEsA ! ">"%WWA8U\\A8r