import type * as gax from 'google-gax';
import type { Callback, CallOptions, Descriptors, ClientOptions } from 'google-gax';
import * as protos from '../../protos/protos';
/**
 *  A service account is a special type of Google account that belongs to your
 *  application or a virtual machine (VM), instead of to an individual end user.
 *  Your application assumes the identity of the service account to call Google
 *  APIs, so that the users aren't directly involved.
 *
 *  Service account credentials are used to temporarily assume the identity
 *  of the service account. Supported credential types include OAuth 2.0 access
 *  tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
 *  more.
 * @class
 * @memberof v1
 */
export declare class IAMCredentialsClient {
    private _terminated;
    private _opts;
    private _providedCustomServicePath;
    private _gaxModule;
    private _gaxGrpc;
    private _protos;
    private _defaults;
    private _universeDomain;
    private _servicePath;
    private _log;
    auth: gax.GoogleAuth;
    descriptors: Descriptors;
    warn: (code: string, message: string, warnType?: string) => void;
    innerApiCalls: {
        [name: string]: Function;
    };
    iAMCredentialsStub?: Promise<{
        [name: string]: Function;
    }>;
    /**
     * Construct an instance of IAMCredentialsClient.
     *
     * @param {object} [options] - The configuration object.
     * The options accepted by the constructor are described in detail
     * in [this document](https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#creating-the-client-instance).
     * The common options are:
     * @param {object} [options.credentials] - Credentials object.
     * @param {string} [options.credentials.client_email]
     * @param {string} [options.credentials.private_key]
     * @param {string} [options.email] - Account email address. Required when
     *     using a .pem or .p12 keyFilename.
     * @param {string} [options.keyFilename] - Full path to the a .json, .pem, or
     *     .p12 key downloaded from the Google Developers Console. If you provide
     *     a path to a JSON file, the projectId option below is not necessary.
     *     NOTE: .pem and .p12 require you to specify options.email as well.
     * @param {number} [options.port] - The port on which to connect to
     *     the remote host.
     * @param {string} [options.projectId] - The project ID from the Google
     *     Developer's Console, e.g. 'grape-spaceship-123'. We will also check
     *     the environment variable GCLOUD_PROJECT for your project ID. If your
     *     app is running in an environment which supports
     *     {@link https://cloud.google.com/docs/authentication/application-default-credentials Application Default Credentials},
     *     your project ID will be detected automatically.
     * @param {string} [options.apiEndpoint] - The domain name of the
     *     API remote host.
     * @param {gax.ClientConfig} [options.clientConfig] - Client configuration override.
     *     Follows the structure of {@link gapicConfig}.
     * @param {boolean} [options.fallback] - Use HTTP/1.1 REST mode.
     *     For more information, please check the
     *     {@link https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#http11-rest-api-mode documentation}.
     * @param {gax} [gaxInstance]: loaded instance of `google-gax`. Useful if you
     *     need to avoid loading the default gRPC version and want to use the fallback
     *     HTTP implementation. Load only fallback version and pass it to the constructor:
     *     ```
     *     const gax = require('google-gax/build/src/fallback'); // avoids loading google-gax with gRPC
     *     const client = new IAMCredentialsClient({fallback: true}, gax);
     *     ```
     */
    constructor(opts?: ClientOptions, gaxInstance?: typeof gax | typeof gax.fallback);
    /**
     * Initialize the client.
     * Performs asynchronous operations (such as authentication) and prepares the client.
     * This function will be called automatically when any class method is called for the
     * first time, but if you need to initialize it before calling an actual method,
     * feel free to call initialize() directly.
     *
     * You can await on this method if you want to make sure the client is initialized.
     *
     * @returns {Promise} A promise that resolves to an authenticated service stub.
     */
    initialize(): Promise<{
        [name: string]: Function;
    }>;
    /**
     * The DNS address for this API service.
     * @deprecated Use the apiEndpoint method of the client instance.
     * @returns {string} The DNS address for this service.
     */
    static get servicePath(): string;
    /**
     * The DNS address for this API service - same as servicePath.
     * @deprecated Use the apiEndpoint method of the client instance.
     * @returns {string} The DNS address for this service.
     */
    static get apiEndpoint(): string;
    /**
     * The DNS address for this API service.
     * @returns {string} The DNS address for this service.
     */
    get apiEndpoint(): string;
    get universeDomain(): string;
    /**
     * The port for this API service.
     * @returns {number} The default port for this service.
     */
    static get port(): number;
    /**
     * The scopes needed to make gRPC calls for every method defined
     * in this service.
     * @returns {string[]} List of default scopes.
     */
    static get scopes(): string[];
    getProjectId(): Promise<string>;
    getProjectId(callback: Callback<string, undefined, undefined>): void;
    /**
     * Generates an OAuth 2.0 access token for a service account.
     *
     * @param {Object} request
     *   The request object that will be sent.
     * @param {string} request.name
     *   Required. The resource name of the service account for which the credentials
     *   are requested, in the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string[]} request.delegates
     *   The sequence of service accounts in a delegation chain. Each service
     *   account must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on its next service account in the chain. The last service account in the
     *   chain must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on the service account that is specified in the `name` field of the
     *   request.
     *
     *   The delegates must have the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string[]} request.scope
     *   Required. Code to identify the scopes to be included in the OAuth 2.0 access token.
     *   See https://developers.google.com/identity/protocols/googlescopes for more
     *   information.
     *   At least one value required.
     * @param {google.protobuf.Duration} request.lifetime
     *   The desired lifetime duration of the access token in seconds.
     *   Must be set to a value less than or equal to 3600 (1 hour). If a value is
     *   not specified, the token's lifetime will be set to a default value of one
     *   hour.
     * @param {object} [options]
     *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
     * @returns {Promise} - The promise which resolves to an array.
     *   The first element of the array is an object representing {@link protos.google.iam.credentials.v1.GenerateAccessTokenResponse|GenerateAccessTokenResponse}.
     *   Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation }
     *   for more details and examples.
     * @example <caption>include:samples/generated/v1/i_a_m_credentials.generate_access_token.js</caption>
     * region_tag:iamcredentials_v1_generated_IAMCredentials_GenerateAccessToken_async
     */
    generateAccessToken(request?: protos.google.iam.credentials.v1.IGenerateAccessTokenRequest, options?: CallOptions): Promise<[
        protos.google.iam.credentials.v1.IGenerateAccessTokenResponse,
        protos.google.iam.credentials.v1.IGenerateAccessTokenRequest | undefined,
        {} | undefined
    ]>;
    generateAccessToken(request: protos.google.iam.credentials.v1.IGenerateAccessTokenRequest, options: CallOptions, callback: Callback<protos.google.iam.credentials.v1.IGenerateAccessTokenResponse, protos.google.iam.credentials.v1.IGenerateAccessTokenRequest | null | undefined, {} | null | undefined>): void;
    generateAccessToken(request: protos.google.iam.credentials.v1.IGenerateAccessTokenRequest, callback: Callback<protos.google.iam.credentials.v1.IGenerateAccessTokenResponse, protos.google.iam.credentials.v1.IGenerateAccessTokenRequest | null | undefined, {} | null | undefined>): void;
    /**
     * Generates an OpenID Connect ID token for a service account.
     *
     * @param {Object} request
     *   The request object that will be sent.
     * @param {string} request.name
     *   Required. The resource name of the service account for which the credentials
     *   are requested, in the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string[]} request.delegates
     *   The sequence of service accounts in a delegation chain. Each service
     *   account must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on its next service account in the chain. The last service account in the
     *   chain must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on the service account that is specified in the `name` field of the
     *   request.
     *
     *   The delegates must have the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string} request.audience
     *   Required. The audience for the token, such as the API or account that this token
     *   grants access to.
     * @param {boolean} request.includeEmail
     *   Include the service account email in the token. If set to `true`, the
     *   token will contain `email` and `email_verified` claims.
     * @param {object} [options]
     *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
     * @returns {Promise} - The promise which resolves to an array.
     *   The first element of the array is an object representing {@link protos.google.iam.credentials.v1.GenerateIdTokenResponse|GenerateIdTokenResponse}.
     *   Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation }
     *   for more details and examples.
     * @example <caption>include:samples/generated/v1/i_a_m_credentials.generate_id_token.js</caption>
     * region_tag:iamcredentials_v1_generated_IAMCredentials_GenerateIdToken_async
     */
    generateIdToken(request?: protos.google.iam.credentials.v1.IGenerateIdTokenRequest, options?: CallOptions): Promise<[
        protos.google.iam.credentials.v1.IGenerateIdTokenResponse,
        protos.google.iam.credentials.v1.IGenerateIdTokenRequest | undefined,
        {} | undefined
    ]>;
    generateIdToken(request: protos.google.iam.credentials.v1.IGenerateIdTokenRequest, options: CallOptions, callback: Callback<protos.google.iam.credentials.v1.IGenerateIdTokenResponse, protos.google.iam.credentials.v1.IGenerateIdTokenRequest | null | undefined, {} | null | undefined>): void;
    generateIdToken(request: protos.google.iam.credentials.v1.IGenerateIdTokenRequest, callback: Callback<protos.google.iam.credentials.v1.IGenerateIdTokenResponse, protos.google.iam.credentials.v1.IGenerateIdTokenRequest | null | undefined, {} | null | undefined>): void;
    /**
     * Signs a blob using a service account's system-managed private key.
     *
     * @param {Object} request
     *   The request object that will be sent.
     * @param {string} request.name
     *   Required. The resource name of the service account for which the credentials
     *   are requested, in the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string[]} request.delegates
     *   The sequence of service accounts in a delegation chain. Each service
     *   account must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on its next service account in the chain. The last service account in the
     *   chain must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on the service account that is specified in the `name` field of the
     *   request.
     *
     *   The delegates must have the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {Buffer} request.payload
     *   Required. The bytes to sign.
     * @param {object} [options]
     *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
     * @returns {Promise} - The promise which resolves to an array.
     *   The first element of the array is an object representing {@link protos.google.iam.credentials.v1.SignBlobResponse|SignBlobResponse}.
     *   Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation }
     *   for more details and examples.
     * @example <caption>include:samples/generated/v1/i_a_m_credentials.sign_blob.js</caption>
     * region_tag:iamcredentials_v1_generated_IAMCredentials_SignBlob_async
     */
    signBlob(request?: protos.google.iam.credentials.v1.ISignBlobRequest, options?: CallOptions): Promise<[
        protos.google.iam.credentials.v1.ISignBlobResponse,
        protos.google.iam.credentials.v1.ISignBlobRequest | undefined,
        {} | undefined
    ]>;
    signBlob(request: protos.google.iam.credentials.v1.ISignBlobRequest, options: CallOptions, callback: Callback<protos.google.iam.credentials.v1.ISignBlobResponse, protos.google.iam.credentials.v1.ISignBlobRequest | null | undefined, {} | null | undefined>): void;
    signBlob(request: protos.google.iam.credentials.v1.ISignBlobRequest, callback: Callback<protos.google.iam.credentials.v1.ISignBlobResponse, protos.google.iam.credentials.v1.ISignBlobRequest | null | undefined, {} | null | undefined>): void;
    /**
     * Signs a JWT using a service account's system-managed private key.
     *
     * @param {Object} request
     *   The request object that will be sent.
     * @param {string} request.name
     *   Required. The resource name of the service account for which the credentials
     *   are requested, in the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string[]} request.delegates
     *   The sequence of service accounts in a delegation chain. Each service
     *   account must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on its next service account in the chain. The last service account in the
     *   chain must be granted the `roles/iam.serviceAccountTokenCreator` role
     *   on the service account that is specified in the `name` field of the
     *   request.
     *
     *   The delegates must have the following format:
     *   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard
     *   character is required; replacing it with a project ID is invalid.
     * @param {string} request.payload
     *   Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
     * @param {object} [options]
     *   Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details.
     * @returns {Promise} - The promise which resolves to an array.
     *   The first element of the array is an object representing {@link protos.google.iam.credentials.v1.SignJwtResponse|SignJwtResponse}.
     *   Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation }
     *   for more details and examples.
     * @example <caption>include:samples/generated/v1/i_a_m_credentials.sign_jwt.js</caption>
     * region_tag:iamcredentials_v1_generated_IAMCredentials_SignJwt_async
     */
    signJwt(request?: protos.google.iam.credentials.v1.ISignJwtRequest, options?: CallOptions): Promise<[
        protos.google.iam.credentials.v1.ISignJwtResponse,
        protos.google.iam.credentials.v1.ISignJwtRequest | undefined,
        {} | undefined
    ]>;
    signJwt(request: protos.google.iam.credentials.v1.ISignJwtRequest, options: CallOptions, callback: Callback<protos.google.iam.credentials.v1.ISignJwtResponse, protos.google.iam.credentials.v1.ISignJwtRequest | null | undefined, {} | null | undefined>): void;
    signJwt(request: protos.google.iam.credentials.v1.ISignJwtRequest, callback: Callback<protos.google.iam.credentials.v1.ISignJwtResponse, protos.google.iam.credentials.v1.ISignJwtRequest | null | undefined, {} | null | undefined>): void;
    /**
     * Terminate the gRPC channel and close the client.
     *
     * The client will no longer be usable and all future behavior is undefined.
     * @returns {Promise} A promise that resolves when the client is closed.
     */
    close(): Promise<void>;
}
