Merge branch 'main' into renovate/org.apache.maven.plugins-maven-sure…

…fire-plugin-3.x

.github/.OwlBot.lock.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,5 +13,5 @@
 # limitations under the License.
 docker:
   image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
-  digest: sha256:6f431774e11cc46619cf093fd1481193c4024031073697fa18f0099b943aab88
-# created: 2023-12-01T19:50:20.444857406Z
+  digest: sha256:a6aa751984f1e905c3ae5a3aac78fc7b68210626ce91487dc7ff4f0a06f010cc
+# created: 2024-01-22T14:14:20.913785597Z

.github/CODEOWNERS

@@ -18,32 +18,37 @@ samples/**/*.java       @googleapis/java-samples-reviewers
 samples/snippets/generated/       @googleapis/yoshi-java
 
 # 3PI-related files and related base classes - joint ownership between googleapis-auth and aion-sdk
-oauth2_http/java/com/google/auth/oauth2/ActingParty.java                      @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java                   @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/AwsDates.java                         @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/AwsRequestSignature.java              @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/AwsRequestSigner.java                 @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/AwsSecurityCredentials.java           @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/CredentialAccessBoundary.java         @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java       @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/DownscopedCredentials.java            @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/EnvironmentProvider.java              @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/ExecutableHandler.java                @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/ExecutableResponse.java               @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java       @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java                @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java          @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java          @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/OAuth2Credentials.java                @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/OAuth2CredentialsWithRefresh.java     @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/OAuthException.java                   @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/PluggableAuthCredentials.java         @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/PluggableAuthException.java           @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/PluggableAuthHandler.java             @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/StsRequestHandler.java                @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/StsTokenExchangeRequest.java          @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/StsTokenExchangeResponse.java         @googleapis/googleapis-auth @googleapis/aion-sdk
-oauth2_http/java/com/google/auth/oauth2/SystemEnvironmentProvider.java        @googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/ActingParty.java                      		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java                   		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/AwsSecurityCredentialsSupplier.java   		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/AwsDates.java                         		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/AwsRequestSignature.java              		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/AwsRequestSigner.java                 		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/AwsSecurityCredentials.java           		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/CredentialAccessBoundary.java         		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java       		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/DownscopedCredentials.java            		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/EnvironmentProvider.java              		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/ExecutableHandler.java                		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/ExecutableResponse.java               		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java       		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/FileIdentityPoolSubjectTokenSupplier.java 	@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java                		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java          		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/IdentityPoolSubjectTokenSupplier.java		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java          		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/InternalAwsSecurityCredentialsSupplier.java	@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/OAuth2Credentials.java                		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/OAuth2CredentialsWithRefresh.java     		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/OAuthException.java                   		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/PluggableAuthCredentials.java         		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/PluggableAuthException.java           		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/PluggableAuthHandler.java             		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/StsRequestHandler.java                		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/StsTokenExchangeRequest.java          		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/StsTokenExchangeResponse.java         		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/SystemEnvironmentProvider.java        		@googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/java/com/google/auth/oauth2/UrlIdentityPoolSubjectTokenSupplier.java	@googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/AwsCredentialsTest.java                           @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/AwsRequestSignerTest.java                         @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/CredentialAccessBoundaryTest.java                 @googleapis/googleapis-auth @googleapis/aion-sdk
@@ -55,6 +60,7 @@ oauth2_http/javatests/com/google/auth/ITDownscopingTest.java
 oauth2_http/javatests/com/google/auth/ITWorkloadIdentityFederationTest.java             @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/IdentityPoolCredentialsTest.java                  @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/ImpersonatedCredentialsTest.java                  @googleapis/googleapis-auth @googleapis/aion-sdk
+oauth2_http/javatests/com/google/auth/InternalAwsSecurityCredentialsSupplierTest.java	@googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/MockExternalAccountCredentialsTransport.java      @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/MockStsTransport.java                             @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/OAuth2CredentialsTest.java                        @googleapis/googleapis-auth @googleapis/aion-sdk
@@ -65,4 +71,4 @@ oauth2_http/javatests/com/google/auth/PluggableAuthExceptionTest.java
 oauth2_http/javatests/com/google/auth/PluggableAuthHandlerTest.java                     @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/StsRequestHandlerTest.java                        @googleapis/googleapis-auth @googleapis/aion-sdk
 oauth2_http/javatests/com/google/auth/TestEnvironmentProvider.java                      @googleapis/googleapis-auth @googleapis/aion-sdk
-README.md                                                                               @googleapis/googleapis-auth @googleapis/aion-sdk
+README.md                                                                               @googleapis/googleapis-auth @googleapis/aion-sdk

.github/release-please.yml

@@ -22,3 +22,7 @@ branches:
     handleGHRelease: true
     releaseType: java-backport
     branch: 1.6.x
+  - bumpMinorPreMajor: true
+    handleGHRelease: true
+    releaseType: java-backport
+    branch: 1.19.x

.github/sync-repo-settings.yaml

@@ -80,6 +80,19 @@ branchProtectionRules:
     requiredApprovingReviewCount: 1
     requiresCodeOwnerReviews: true
     requiresStrictStatusChecks: true
+  - pattern: 1.19.x
+    isAdminEnforced: true
+    requiredStatusCheckContexts:
+      - dependencies (8)
+      - dependencies (11)
+      - lint
+      - clirr
+      - units (8)
+      - units (11)
+      - cla/google
+    requiredApprovingReviewCount: 1
+    requiresCodeOwnerReviews: true
+    requiresStrictStatusChecks: true
 permissionRules:
   - team: Googlers
     permission: pull

.github/workflows/renovate_config_check.yaml

@@ -0,0 +1,25 @@
+name: Renovate Bot Config Validation
+
+on:
+  pull_request:
+    paths:
+      - 'renovate.json'
+
+jobs:
+  renovate_bot_config_validation:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v3
+      with:
+        node-version: '20'
+
+    - name: Install Renovate and Config Validator
+      run: |
+        npm install -g npm@latest
+        npm install --global renovate
+        renovate-config-validator

.kokoro/requirements.txt

@@ -170,30 +170,30 @@ colorlog==6.7.0 \
     --hash=sha256:0d33ca236784a1ba3ff9c532d4964126d8a2c44f1f0cb1d2b0728196f512f662 \
     --hash=sha256:bd94bd21c1e13fac7bd3153f4bc3a7dc0eb0974b8bc2fdf1a989e474f6e582e5
     # via gcp-docuploader
-cryptography==41.0.2 \
-    --hash=sha256:01f1d9e537f9a15b037d5d9ee442b8c22e3ae11ce65ea1f3316a41c78756b711 \
-    --hash=sha256:079347de771f9282fbfe0e0236c716686950c19dee1b76240ab09ce1624d76d7 \
-    --hash=sha256:182be4171f9332b6741ee818ec27daff9fb00349f706629f5cbf417bd50e66fd \
-    --hash=sha256:192255f539d7a89f2102d07d7375b1e0a81f7478925b3bc2e0549ebf739dae0e \
-    --hash=sha256:2a034bf7d9ca894720f2ec1d8b7b5832d7e363571828037f9e0c4f18c1b58a58 \
-    --hash=sha256:342f3767e25876751e14f8459ad85e77e660537ca0a066e10e75df9c9e9099f0 \
-    --hash=sha256:439c3cc4c0d42fa999b83ded80a9a1fb54d53c58d6e59234cfe97f241e6c781d \
-    --hash=sha256:49c3222bb8f8e800aead2e376cbef687bc9e3cb9b58b29a261210456a7783d83 \
-    --hash=sha256:674b669d5daa64206c38e507808aae49904c988fa0a71c935e7006a3e1e83831 \
-    --hash=sha256:7a9a3bced53b7f09da251685224d6a260c3cb291768f54954e28f03ef14e3766 \
-    --hash=sha256:7af244b012711a26196450d34f483357e42aeddb04128885d95a69bd8b14b69b \
-    --hash=sha256:7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c \
-    --hash=sha256:84609ade00a6ec59a89729e87a503c6e36af98ddcd566d5f3be52e29ba993182 \
-    --hash=sha256:9a6673c1828db6270b76b22cc696f40cde9043eb90373da5c2f8f2158957f42f \
-    --hash=sha256:9b6d717393dbae53d4e52684ef4f022444fc1cce3c48c38cb74fca29e1f08eaa \
-    --hash=sha256:9c3fe6534d59d071ee82081ca3d71eed3210f76ebd0361798c74abc2bcf347d4 \
-    --hash=sha256:a719399b99377b218dac6cf547b6ec54e6ef20207b6165126a280b0ce97e0d2a \
-    --hash=sha256:b332cba64d99a70c1e0836902720887fb4529ea49ea7f5462cf6640e095e11d2 \
-    --hash=sha256:d124682c7a23c9764e54ca9ab5b308b14b18eba02722b8659fb238546de83a76 \
-    --hash=sha256:d73f419a56d74fef257955f51b18d046f3506270a5fd2ac5febbfa259d6c0fa5 \
-    --hash=sha256:f0dc40e6f7aa37af01aba07277d3d64d5a03dc66d682097541ec4da03cc140ee \
-    --hash=sha256:f14ad275364c8b4e525d018f6716537ae7b6d369c094805cae45300847e0894f \
-    --hash=sha256:f772610fe364372de33d76edcd313636a25684edb94cee53fd790195f5989d14
+cryptography==41.0.6 \
+    --hash=sha256:068bc551698c234742c40049e46840843f3d98ad7ce265fd2bd4ec0d11306596 \
+    --hash=sha256:0f27acb55a4e77b9be8d550d762b0513ef3fc658cd3eb15110ebbcbd626db12c \
+    --hash=sha256:2132d5865eea673fe6712c2ed5fb4fa49dba10768bb4cc798345748380ee3660 \
+    --hash=sha256:3288acccef021e3c3c10d58933f44e8602cf04dba96d9796d70d537bb2f4bbc4 \
+    --hash=sha256:35f3f288e83c3f6f10752467c48919a7a94b7d88cc00b0668372a0d2ad4f8ead \
+    --hash=sha256:398ae1fc711b5eb78e977daa3cbf47cec20f2c08c5da129b7a296055fbb22aed \
+    --hash=sha256:422e3e31d63743855e43e5a6fcc8b4acab860f560f9321b0ee6269cc7ed70cc3 \
+    --hash=sha256:48783b7e2bef51224020efb61b42704207dde583d7e371ef8fc2a5fb6c0aabc7 \
+    --hash=sha256:4d03186af98b1c01a4eda396b137f29e4e3fb0173e30f885e27acec8823c1b09 \
+    --hash=sha256:5daeb18e7886a358064a68dbcaf441c036cbdb7da52ae744e7b9207b04d3908c \
+    --hash=sha256:60e746b11b937911dc70d164060d28d273e31853bb359e2b2033c9e93e6f3c43 \
+    --hash=sha256:742ae5e9a2310e9dade7932f9576606836ed174da3c7d26bc3d3ab4bd49b9f65 \
+    --hash=sha256:7e00fb556bda398b99b0da289ce7053639d33b572847181d6483ad89835115f6 \
+    --hash=sha256:85abd057699b98fce40b41737afb234fef05c67e116f6f3650782c10862c43da \
+    --hash=sha256:8efb2af8d4ba9dbc9c9dd8f04d19a7abb5b49eab1f3694e7b5a16a5fc2856f5c \
+    --hash=sha256:ae236bb8760c1e55b7a39b6d4d32d2279bc6c7c8500b7d5a13b6fb9fc97be35b \
+    --hash=sha256:afda76d84b053923c27ede5edc1ed7d53e3c9f475ebaf63c68e69f1403c405a8 \
+    --hash=sha256:b27a7fd4229abef715e064269d98a7e2909ebf92eb6912a9603c7e14c181928c \
+    --hash=sha256:b648fe2a45e426aaee684ddca2632f62ec4613ef362f4d681a9a6283d10e079d \
+    --hash=sha256:c5a550dc7a3b50b116323e3d376241829fd326ac47bc195e04eb33a8170902a9 \
+    --hash=sha256:da46e2b5df770070412c46f87bac0849b8d685c5f2679771de277a422c7d0b86 \
+    --hash=sha256:f39812f70fc5c71a15aa3c97b2bbe213c3f2a460b79bd21c40d033bb34a9bf36 \
+    --hash=sha256:ff369dd19e8fe0528b02e8df9f2aeb2479f89b1270d90f96a63500afe9af5cae
     # via
     #   gcp-releasetool
     #   secretstorage

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## [1.23.0](https://github.com/googleapis/google-auth-library-java/compare/v1.22.0...v1.23.0) (2024-02-05)
+
+
+### Features
+
+* Add context object to pass to supplier functions ([#1363](https://github.com/googleapis/google-auth-library-java/issues/1363)) ([1d9efc7](https://github.com/googleapis/google-auth-library-java/commit/1d9efc78aa6ab24fc2aab5f081240a815c394c95))
+* Adds support for user defined subject token suppliers in AWSCredentials and IdentityPoolCredentials ([#1336](https://github.com/googleapis/google-auth-library-java/issues/1336)) ([64ce8a1](https://github.com/googleapis/google-auth-library-java/commit/64ce8a1fbb82cb19e17ca0c6713c7c187078c28b))
+* Adds universe domain for DownscopedCredentials and ExternalAccountAuthorizedUserCredentials ([#1355](https://github.com/googleapis/google-auth-library-java/issues/1355)) ([17ef707](https://github.com/googleapis/google-auth-library-java/commit/17ef70748aae4820f10694ae99c82ed7ca89dbce))
+* Modify the refresh window to match go/async-token-refresh. Serverless tokens are cached until 4 minutes before expiration, so 4 minutes is the ideal refresh window. ([#1352](https://github.com/googleapis/google-auth-library-java/issues/1352)) ([a7a8d7a](https://github.com/googleapis/google-auth-library-java/commit/a7a8d7a4102b0b7c1b83791947ccb662f060eca7))
+
+
+### Bug Fixes
+
+* Add missing copyright header ([#1364](https://github.com/googleapis/google-auth-library-java/issues/1364)) ([a24e563](https://github.com/googleapis/google-auth-library-java/commit/a24e5631b8198d988a7b82deab5453e43917b0d2))
+* Issue [#1347](https://github.com/googleapis/google-auth-library-java/issues/1347): ExternalAccountCredentials serialization is broken ([#1358](https://github.com/googleapis/google-auth-library-java/issues/1358)) ([e3a2e9c](https://github.com/googleapis/google-auth-library-java/commit/e3a2e9cbdd767c4664d895f98f69d8b742d645f0))
+* Refactor compute and cloudshell credentials to pass quota project to base class ([#1284](https://github.com/googleapis/google-auth-library-java/issues/1284)) ([fb75239](https://github.com/googleapis/google-auth-library-java/commit/fb75239ead37b6677a392f38ea2ef2012b3f21e0))
+
 ## [1.22.0](https://github.com/googleapis/google-auth-library-java/compare/v1.21.0...v1.22.0) (2024-01-09)