(phBSrSSKrSSKJr SSKrSSKJr SSKJr SSKJ r SSKJ r SSKJ r \R\R\R\R1rS/rS rS rS rS r"S S\ R,5rg)zTools for using the Google `Cloud Identity and Access Management (IAM) API`_'s auth-related functionality. .. _Cloud Identity and Access Management (IAM) API: https://cloud.google.com/iam/docs/ N)_exponential_backoff)_helpers) credentials)crypt) exceptionsz#https://www.googleapis.com/auth/iamzZhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:generateAccessTokenzOhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:signBlobzNhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:signJwtzVhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:generateIdTokencx\rSrSrSrSrSr\S5r\ R"\ R5S5r Srg) Signer>aSigns messages using the IAM `signBlob API`_. This is useful when you need to sign bytes but do not have access to the credential's private key file. .. _signBlob API: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts /signBlob c(XlX lX0lg)au Args: request (google.auth.transport.Request): The object used to make HTTP requests. credentials (google.auth.credentials.Credentials): The credentials that will be used to authenticate the request to the IAM API. The credentials must have of one the following scopes: - https://www.googleapis.com/auth/iam - https://www.googleapis.com/auth/cloud-platform service_account_email (str): The service account email identifying which service account to use to sign bytes. Often, this can be the same as the service account email in the given credentials. N)_request _credentials_service_account_email)selfrequestrservice_account_emails B/var/www/html/venv/lib/python3.13/site-packages/google/auth/iam.py__init__Signer.__init__Is  '&;#cj[R"U5nSn[R[R UR R5RUR5nSS0n[R"S[R"U5RS505RS5n[ R""5nUHnUR R%UR&X#U5 UR'X2XTS9nUR([*;aMPUR([,R.:wa/[0R2"SRUR455e[R6"UR4RS55s $ [0R2"S5e) z(Makes a request to the API signBlob API.POSTz Content-Typezapplication/jsonpayloadzutf-8)urlmethodbodyheadersz&Error calling the IAM signBlob API: {}z#exhausted signBlob endpoint retries)rto_bytes_IAM_SIGN_ENDPOINTreplacerDEFAULT_UNIVERSE_DOMAINr universe_domainformatrjsondumpsbase64 b64encodedecodeencoderExponentialBackoffbefore_requestr statusIAM_RETRY_CODES http_clientOKrTransportErrordataloads) rmessagerrrrretries_responses r_make_signing_requestSigner._make_signing_request]sV##G, ((  / /1B1B1R1R &,, - "#56zz ((188A B &/ '99;A    , ,T]]F Q}}$}XH/1+..0 //<CCHMMR::hmm227;< <''(MNNrcg)zOptional[str]: The key ID used to identify this private key. .. warning:: This is always ``None``. The key ID used by IAM can not be reliably determined ahead of time. N)rs rkey_id Signer.key_id{srcVURU5n[R"US5$)N signedBlob)r6r% b64decode)rr2r5s rsign Signer.signs(--g6 677r)r r rN)__name__ __module__ __qualname____firstlineno____doc__rr6propertyr:rcopy_docstringrr r?__static_attributes__r9rrr r >sI<(O<U\\*8+8rr )rEr% http.clientclientr-r# google.authrrrrrINTERNAL_SERVER_ERROR BAD_GATEWAYSERVICE_UNAVAILABLEGATEWAY_TIMEOUTr, _IAM_SCOPE _IAM_ENDPOINTr_IAM_SIGNJWT_ENDPOINT_IAM_IDTOKEN_ENDPOINTr r9rrrTs! , #"%%## 4 4 0 % $ 6 J8U\\J8r