lib/google/auth/extras/impersonated_credential.rb in googleauth-extras-0.3.0 vs lib/google/auth/extras/impersonated_credential.rb in googleauth-extras-0.4.0

@@ -5,10 +5,12 @@
     module Extras
       # This credential impersonates a service account.
       class ImpersonatedCredential < Signet::OAuth2::Client
         include IdentityCredentialRefreshPatch
 
+        attr_reader :quota_project_id
+
         # A credential that impersonates a service account.
         #
         # The `email_address` of the service account to impersonate may be the exact
         # same as the one represented in `base_credentials` for any desired situation
         # but a handy usage is for going from and access token to an ID token (aka
@@ -34,10 +36,14 @@
         #   Defaults to 1h, adjust as needed given a refresh is automatically performed
         #   when the token less than 60s of remaining life and refresh requires an
         #   additional API call.
         #   Only supported when not using a target_audience.
         #
+        # @param quota_project_id [String]
+        #   The project ID used for quota and billing. This project may be different from
+        #   the project used to create the credentials.
+        #
         # @param scope [String, Array<String>]
         #   The OAuth 2 scopes to request. Can either be formatted as a comma seperated string or array.
         #   Only supported when not using a target_audience.
         #
         # @param target_audience [String]
@@ -52,10 +58,11 @@
           email_address:,
           base_credentials: nil,
           delegate_email_addresses: nil,
           include_email: nil,
           lifetime: nil,
+          quota_project_id: nil,
           scope: nil,
           target_audience: nil
         )
           super(client_id: target_audience, scope: scope, target_audience: target_audience)
 
@@ -88,10 +95,12 @@
           elsif !lifetime.nil?
             raise ArgumentError, 'Cannot provide lifetime when using target_audience'
           end
 
           @impersonate_name = transform_email_to_name(email_address)
+
+          @quota_project_id = quota_project_id
         end
 
         def fetch_access_token(*)
           token_request = if token_type == :id_token
                             Google::Apis::IamcredentialsV1::GenerateIdTokenRequest.new(
@@ -133,18 +142,20 @@
               " @expires_at=#{expires_at.inspect}" \
               " @id_token=#{@id_token ? '[REDACTED]' : 'nil'}" \
               " @impersonate_delegates=#{@impersonate_delegates.inspect}" \
               " @impersonate_include_email=#{@impersonate_include_email.inspect}" \
               " @impersonate_name=#{@impersonate_name.inspect}" \
+              " @quota_project_id=#{@quota_project_id.inspect}" \
               " @target_audience=#{@target_audience.inspect}" \
               '>'
           else
             "#<#{self.class.name}" \
               " @access_token=#{@access_token ? '[REDACTED]' : 'nil'}" \
               " @expires_at=#{expires_at.inspect}" \
               " @impersonate_delegates=#{@impersonate_delegates.inspect}" \
               " @impersonate_lifetime=#{@impersonate_lifetime.inspect}" \
               " @impersonate_name=#{@impersonate_name.inspect}" \
+              " @quota_project_id=#{@quota_project_id.inspect}" \
               '>'
           end
         end
 
         private