+ oiv.Rt^RIt^RIHt^RIt^RIt^RIHt^RIH t ^RIH t ^RIH t ^RIH t ^RI Ht]P]P ]P"]P$0tR.t]!]R 4'd]P,!4tM$]P0!R R 4P34R 8Ht]'dR ] P4 2tMR] P4 2tR] R2t]R,t]R,t]R,t]R,t !RR] PB4t!R#)zTools for using the Google `Cloud Identity and Access Management (IAM) API`_'s auth-related functionality. .. _Cloud Identity and Access Management (IAM) API: https://cloud.google.com/iam/docs/ N)_exponential_backoff)_helpers) credentials)crypt) exceptions)mtlsz#https://www.googleapis.com/auth/iamshould_use_client_cert!GOOGLE_API_USE_CLIENT_CERTIFICATEfalsetrueziamcredentials.mtls.ziamcredentials.zhttps://z!/v1/projects/-/serviceAccounts/{}z:generateAccessTokenz :signBlobz:signJwtz:generateIdTokenca]tRt^HtoRtRtRt]R4t] P!] P4R4t RtVtR#)SigneraSigns messages using the IAM `signBlob API`_. This is useful when you need to sign bytes but do not have access to the credential's private key file. .. _signBlob API: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts /signBlob c *WnW nW0nR#)au Args: request (google.auth.transport.Request): The object used to make HTTP requests. credentials (google.auth.credentials.Credentials): The credentials that will be used to authenticate the request to the IAM API. The credentials must have of one the following scopes: - https://www.googleapis.com/auth/iam - https://www.googleapis.com/auth/cloud-platform service_account_email (str): The service account email identifying which service account to use to sign bytes. Often, this can be the same as the service account email in the given credentials. N)_request _credentials_service_account_email)selfrequestrservice_account_emails&&&&r/Users/tonyclaw/.openclaw/workspace/scripts/youtube-playlists/venv/lib/python3.14/site-packages/google/auth/iam.py__init__Signer.__init__Ss  '&;#c t\P!V4pRp\P\P VP P4PVP4pRR/p\P!R\P!V4PR4/4PR4p\ P"!4pVFpVP P%VP&W#V4VP'W2WTR7pVP(\*9dKTVP(\,P.8wd0\0P2!RPVP444h\P6!VP4PR44u# \0P2!R4h) z(Makes a request to the API signBlob API.POSTz Content-Typezapplication/jsonpayloadzutf-8)urlmethodbodyheadersz&Error calling the IAM signBlob API: {}z#exhausted signBlob endpoint retries)rto_bytes_IAM_SIGN_ENDPOINTreplacerDEFAULT_UNIVERSE_DOMAINruniverse_domainformatrjsondumpsbase64 b64encodedecodeencoderExponentialBackoffbefore_requestrstatusIAM_RETRY_CODES http_clientOKrTransportErrordataloads) rmessagerrrrretries_responses && r_make_signing_requestSigner._make_signing_requestgsV##G, ((  / /1B1B1R1R &,, - "#56zz ((188A B &/ '99;A    , ,T]]F Q}}$}XH/1+..0 //<CCHMMR::hmm227;< <''(MNNrc R#)zOptional[str]: The key ID used to identify this private key. .. warning:: This is always ``None``. The key ID used by IAM can not be reliably determined ahead of time. N)rs&rkey_id Signer.key_idsrc^VPV4p\P!VR,4#) signedBlob)r9r( b64decode)rr5r8s&& rsign Signer.signs(--g6 677r)rrrN)__name__ __module__ __qualname____firstlineno____doc__rr9propertyr=rcopy_docstringrr rB__static_attributes____classdictcell__) __classdict__s@rr r HsL<(O<U\\*8+8rr )"rHr( http.clientclientr0r&os google.authrrrrrgoogle.auth.transportrINTERNAL_SERVER_ERROR BAD_GATEWAYSERVICE_UNAVAILABLEGATEWAY_TIMEOUTr/ _IAM_SCOPEhasattrruse_client_certgetenvlowerr# _IAM_DOMAIN _IAM_BASE_URL _IAM_ENDPOINTr!_IAM_SIGNJWT_ENDPOINT_IAM_IDTOKEN_ENDPOINTr r<rrras ! , #"&%%## 4 4  4)**113O 5w?EEG6Q ()L)L(MNK#K$G$G#HIK;-'JK  66 "[0% 2%(::J8U\\J8r