iSrSSKrSSKJr SSKrSSKJr SSKJr SSKJ r SSKJ r SSKJ r SSK J r \R\R\R \R"1rS /r\"\ S 5(a&\ R*"5(aS \ R,3rOS \ R,3rS \S3r\S-r\S-r\S-r\S-r"SS\ R:5rg)zTools for using the Google `Cloud Identity and Access Management (IAM) API`_'s auth-related functionality. .. _Cloud Identity and Access Management (IAM) API: https://cloud.google.com/iam/docs/ N)_exponential_backoff)_helpers) credentials)crypt) exceptions) _mtls_helperz#https://www.googleapis.com/auth/iamcheck_use_client_certziamcredentials.mtls.ziamcredentials.zhttps://z!/v1/projects/-/serviceAccounts/{}z:generateAccessTokenz :signBlobz:signJwtz:generateIdTokencx\rSrSrSrSrSr\S5r\ R"\ R5S5r Srg) Signer?aSigns messages using the IAM `signBlob API`_. This is useful when you need to sign bytes but do not have access to the credential's private key file. .. _signBlob API: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts /signBlob c(XlX lX0lg)au Args: request (google.auth.transport.Request): The object used to make HTTP requests. credentials (google.auth.credentials.Credentials): The credentials that will be used to authenticate the request to the IAM API. The credentials must have of one the following scopes: - https://www.googleapis.com/auth/iam - https://www.googleapis.com/auth/cloud-platform service_account_email (str): The service account email identifying which service account to use to sign bytes. Often, this can be the same as the service account email in the given credentials. N)_request _credentials_service_account_email)selfrequestrservice_account_emails :/app/.venv/lib/python3.13/site-packages/google/auth/iam.py__init__Signer.__init__Js  '&;#cj[R"U5nSn[R[R UR R5RUR5nSS0n[R"S[R"U5RS505RS5n[ R""5nUHnUR R%UR&X#U5 UR'X2XTS9nUR([*;aMPUR([,R.:wa/[0R2"SRUR455e[R6"UR4RS55s $ [0R2"S5e) z(Makes a request to the API signBlob API.POSTz Content-Typezapplication/jsonpayloadzutf-8)urlmethodbodyheadersz&Error calling the IAM signBlob API: {}z#exhausted signBlob endpoint retries)rto_bytes_IAM_SIGN_ENDPOINTreplacerDEFAULT_UNIVERSE_DOMAINruniverse_domainformatrjsondumpsbase64 b64encodedecodeencoderExponentialBackoffbefore_requestrstatusIAM_RETRY_CODES http_clientOKrTransportErrordataloads) rmessagerrrrretries_responses r_make_signing_requestSigner._make_signing_request^sV##G, ((  / /1B1B1R1R &,, - "#56zz ((188A B &/ '99;A    , ,T]]F Q}}$}XH/1+..0 //<CCHMMR::hmm227;< <''(MNNrcg)zOptional[str]: The key ID used to identify this private key. .. warning:: This is always ``None``. The key ID used by IAM can not be reliably determined ahead of time. N)rs rkey_id Signer.key_id|srcVURU5n[R"US5$)N signedBlob)r8r' b64decode)rr4r7s rsign Signer.signs(--g6 677r)rrrN)__name__ __module__ __qualname____firstlineno____doc__rr8propertyr<rcopy_docstringrr rA__static_attributes__r;rrr r ?sI<(O<U\\*8+8rr )rGr' http.clientclientr/r% google.authrrrrrgoogle.auth.transportrINTERNAL_SERVER_ERROR BAD_GATEWAYSERVICE_UNAVAILABLEGATEWAY_TIMEOUTr. _IAM_SCOPEhasattrr r" _IAM_DOMAIN _IAM_BASE_URL _IAM_ENDPOINTr _IAM_SIGNJWT_ENDPOINT_IAM_IDTOKEN_ENDPOINTr r;rrrZs! , #".%%## 4 4  L122**,,))L)L(MNK#K$G$G#HIK;-'JK  66 "[0% 2%(::J8U\\J8r