Merge branch 'main' into renovate/org.apache.maven.plugins-maven-chec…

…kstyle-plugin-3.x
googleapis · Jul 25, 2023 · a32d2ce · a32d2ce
2 parents 6f7f6cb + d10722b
commit a32d2ce
Show file tree

Hide file tree

Showing 45 changed files with 844 additions and 296 deletions.
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,5 +13,5 @@
 # limitations under the License.
 docker:
   image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
-  digest: sha256:a57d2ea6d1a77aa96c17ad0850b779ec6295f88b6c1da3d214b2095d140a2066
-
+  digest: sha256:af2eda87a54601ae7b7b2be5055c17b43ac98a7805b586772db314de8a7d4a1d
+# created: 2023-06-16T02:10:09.149325782Z
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Disable version updates for Maven dependencies
+    # we use renovate-bot as well as shared-dependencies BOM to update maven dependencies.
+    ignore: "*"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Disable version updates for pip dependencies
+    # If a security vulnerability comes in, we will be notified about 
+    # it via template in the synthtool repository.
+    ignore: "*"
diff --git a/.github/release-trigger.yml b/.github/release-trigger.yml
@@ -1 +1,2 @@
 enabled: true
+multiScmName: google-auth-library-java
diff --git a/.kokoro/build.sh b/.kokoro/build.sh
@@ -71,12 +71,12 @@ integration)
     ;;
 graalvm)
     # Run Unit and Integration Tests with Native Image
-    mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test
+    mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative test
     RETURN_CODE=$?
     ;;
 graalvm17)
     # Run Unit and Integration Tests with Native Image
-    mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test
+    mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative test
     RETURN_CODE=$?
     ;;
 samples)

diff --git a/.kokoro/requirements.in b/.kokoro/requirements.in
@@ -1,34 +1,6 @@
-gcp-docuploader==0.6.3
-google-crc32c==1.3.0
-googleapis-common-protos==1.56.3
-gcp-releasetool==1.9.1
-cryptography==38.0.3
-cachetools==4.2.4
-cffi==1.15.1
-jeepney==0.7.1
-jinja2==3.0.3
-markupsafe==2.0.1
-keyring==23.4.1
-packaging==21.3
-protobuf==3.19.5
-pyjwt==2.4.0
-pyparsing==3.0.9
-pycparser==2.21
-pyperclip==1.8.2
-python-dateutil==2.8.2
-requests==2.27.1
-certifi==2022.9.24
-importlib-metadata==4.8.3
-zipp==3.6.0
-google_api_core==2.8.2
-google-cloud-storage==2.0.0
-google-resumable-media==2.3.3
-google-cloud-core==2.3.1
-typing-extensions==4.1.1
-urllib3==1.26.12
-zipp==3.6.0
-rsa==4.9
-six==1.16.0
-attrs==22.1.0
-google-auth==2.14.1
-idna==3.4
+gcp-docuploader
+gcp-releasetool>=1.10.5 # required for compatibility with cryptography>=39.x
+wheel
+setuptools
+typing-extensions
+click<8.1.0
diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,26 @@
 # Changelog
 
+## [1.19.0](https://github.com/googleapis/google-auth-library-java/compare/v1.18.0...v1.19.0) (2023-06-27)
+
+
+### Features
+
+* Expose test-jar and mock classes in oauth2 ([12e8db6](https://github.com/googleapis/google-auth-library-java/commit/12e8db6025e0263b801d5385844924a4f5ff7b7e))
+
+## [1.18.0](https://github.com/googleapis/google-auth-library-java/compare/v1.17.1...v1.18.0) (2023-06-16)
+
+
+### Features
+
+* Introduce a way to pass additional parameters to auhtorization url ([#1134](https://github.com/googleapis/google-auth-library-java/issues/1134)) ([3a2c5d3](https://github.com/googleapis/google-auth-library-java/commit/3a2c5d3d1abf23bce0af7f958240b5f9ee9d1bf8))
+
+## [1.17.1](https://github.com/googleapis/google-auth-library-java/compare/v1.17.0...v1.17.1) (2023-05-25)
+
+
+### Dependencies
+
+* Update doclet version to v1.9.0 ([#1211](https://github.com/googleapis/google-auth-library-java/issues/1211)) ([8b6e28e](https://github.com/googleapis/google-auth-library-java/commit/8b6e28e00aa609edefceafbb4f2c1dbc10afd6f9))
+
 ## [1.17.0](https://github.com/googleapis/google-auth-library-java/compare/v1.16.1...v1.17.0) (2023-05-20)
 
 

diff --git a/README.md b/README.md
@@ -57,7 +57,7 @@ If you are using Maven, add this to your pom.xml file (notice that you can repla
 <dependency>
   <groupId>com.google.auth</groupId>
   <artifactId>google-auth-library-oauth2-http</artifactId>
-  <version>1.3.0</version>
+  <version>1.19.0</version>
 </dependency>
 ```
 [//]: # ({x-version-update-end})
@@ -67,15 +67,15 @@ If you are using Gradle, add this to your dependencies
 
 [//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
 ```Groovy
-implementation 'com.google.auth:google-auth-library-oauth2-http:1.3.0'
+implementation 'com.google.auth:google-auth-library-oauth2-http:1.19.0'
 ```
 [//]: # ({x-version-update-end})
 
 If you are using SBT, add this to your dependencies
 
 [//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
 ```Scala
-libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.3.0"
+libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.19.0"
 ```
 [//]: # ({x-version-update-end})
 

diff --git a/appengine/pom.xml b/appengine/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.google.auth</groupId>
     <artifactId>google-auth-library-parent</artifactId>
-    <version>1.17.1-SNAPSHOT</version><!-- {x-version-update:google-auth-library-parent:current} -->
+    <version>1.19.1-SNAPSHOT</version><!-- {x-version-update:google-auth-library-parent:current} -->
     <relativePath>../pom.xml</relativePath>
   </parent>
 
@@ -75,8 +75,9 @@
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-oauth2-http</artifactId>
-      <type>test-jar</type>
       <scope>test</scope>
+      <type>test-jar</type>
+      <classifier>testlib</classifier>
     </dependency>
   </dependencies>
 </project>
diff --git a/bom/pom.xml b/bom/pom.xml
@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.auth</groupId>
   <artifactId>google-auth-library-bom</artifactId>
-  <version>1.17.1-SNAPSHOT</version><!-- {x-version-update:google-auth-library-bom:current} -->
+  <version>1.19.1-SNAPSHOT</version><!-- {x-version-update:google-auth-library-bom:current} -->
   <packaging>pom</packaging>
   <name>Google Auth Library for Java BOM</name>
   <description>
@@ -83,7 +83,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-javadoc-plugin</artifactId>
-        <version>3.4.1</version>
+        <version>3.5.0</version>
         <configuration>
           <skip>true</skip>
         </configuration>
@@ -122,7 +122,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-gpg-plugin</artifactId>
-            <version>3.0.1</version>
+            <version>3.1.0</version>
             <executions>
               <execution>
                 <id>sign-artifacts</id>

diff --git a/credentials/pom.xml b/credentials/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>com.google.auth</groupId>
     <artifactId>google-auth-library-parent</artifactId>
-    <version>1.17.1-SNAPSHOT</version><!-- {x-version-update:google-auth-library-parent:current} -->
+    <version>1.19.1-SNAPSHOT</version><!-- {x-version-update:google-auth-library-parent:current} -->
     <relativePath>../pom.xml</relativePath>
   </parent>
 

diff --git a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
@@ -197,6 +197,11 @@ public GoogleCredentials createScoped(Collection<String> newScopes) {
     return new AwsCredentials((AwsCredentials.Builder) newBuilder(this).setScopes(newScopes));
   }
 
+  @Override
+  String getCredentialSourceType() {
+    return "aws";
+  }
+
   private String retrieveResource(String url, String resourceName, Map<String, Object> headers)
       throws IOException {
     return retrieveResource(url, resourceName, HttpMethods.GET, headers, /* content= */ null);

diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
@@ -33,6 +33,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.json.GenericJson;
 import com.google.api.client.json.JsonObjectParser;
 import com.google.auth.RequestMetadataCallback;
@@ -90,6 +91,7 @@ abstract static class CredentialSource implements java.io.Serializable {
   private final CredentialSource credentialSource;
   private final Collection<String> scopes;
   private final ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
+  private ExternalAccountMetricsHandler metricsHandler;
 
   @Nullable private final String tokenInfoUrl;
   @Nullable private final String serviceAccountImpersonationUrl;
@@ -224,6 +226,8 @@ protected ExternalAccountCredentials(
       validateServiceAccountImpersonationInfoUrl(serviceAccountImpersonationUrl);
     }
 
+    this.metricsHandler = new ExternalAccountMetricsHandler(this);
+
     this.impersonatedCredentials = buildImpersonatedCredentials();
   }
 
@@ -274,6 +278,11 @@ protected ExternalAccountCredentials(ExternalAccountCredentials.Builder builder)
       validateServiceAccountImpersonationInfoUrl(serviceAccountImpersonationUrl);
     }
 
+    this.metricsHandler =
+        builder.metricsHandler == null
+            ? new ExternalAccountMetricsHandler(this)
+            : builder.metricsHandler;
+
     this.impersonatedCredentials = buildImpersonatedCredentials();
   }
 
@@ -505,6 +514,12 @@ protected AccessToken exchangeExternalCredentialForAccessToken(
       requestHandler.setInternalOptions(options.toString());
     }
 
+    // Set BYOID Metrics header.
+    HttpHeaders additionalHeaders = new HttpHeaders();
+    additionalHeaders.set(
+        MetricsUtils.API_CLIENT_HEADER, this.metricsHandler.getExternalAccountMetricsHeader());
+    requestHandler.setHeaders(additionalHeaders);
+
     if (stsTokenExchangeRequest.getInternalOptions() != null) {
       // Overwrite internal options. Let subclass handle setting options.
       requestHandler.setInternalOptions(stsTokenExchangeRequest.getInternalOptions());
@@ -589,6 +604,10 @@ public ServiceAccountImpersonationOptions getServiceAccountImpersonationOptions(
     return serviceAccountImpersonationOptions;
   }
 
+  String getCredentialSourceType() {
+    return "unknown";
+  }
+
   EnvironmentProvider getEnvironmentProvider() {
     return environmentProvider;
   }
@@ -663,8 +682,11 @@ static final class ServiceAccountImpersonationOptions implements java.io.Seriali
 
     private final int lifetime;
 
+    final boolean customTokenLifetimeRequested;
+
     ServiceAccountImpersonationOptions(Map<String, Object> optionsMap) {
-      if (!optionsMap.containsKey(TOKEN_LIFETIME_SECONDS_KEY)) {
+      customTokenLifetimeRequested = optionsMap.containsKey(TOKEN_LIFETIME_SECONDS_KEY);
+      if (!customTokenLifetimeRequested) {
         lifetime = DEFAULT_TOKEN_LIFETIME_SECONDS;
         return;
       }
@@ -714,6 +736,7 @@ public abstract static class Builder extends GoogleCredentials.Builder {
     @Nullable protected String workforcePoolUserProject;
     @Nullable protected ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
     @Nullable protected String universeDomain;
+    @Nullable protected ExternalAccountMetricsHandler metricsHandler;
 
     protected Builder() {}
 
@@ -733,6 +756,7 @@ protected Builder(ExternalAccountCredentials credentials) {
       this.workforcePoolUserProject = credentials.workforcePoolUserProject;
       this.serviceAccountImpersonationOptions = credentials.serviceAccountImpersonationOptions;
       this.universeDomain = credentials.universeDomain;
+      this.metricsHandler = credentials.metricsHandler;
     }
 
     /**

diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountMetricsHandler.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountMetricsHandler.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *    * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *    * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ *    * Neither the name of Google LLC nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.google.auth.oauth2;
+
+/**
+ * A handler for generating the x-goog-api-client header value for BYOID external account
+ * credentials.
+ */
+class ExternalAccountMetricsHandler implements java.io.Serializable {
+  private static final String SOURCE_KEY = "source";
+  private static final String IMPERSONATION_KEY = "sa-impersonation";
+  private static final String CONFIG_LIFETIME_KEY = "config-lifetime";
+  private static final String BYOID_METRICS_SECTION = "google-byoid-sdk";
+
+  private final boolean configLifetime;
+  private final boolean saImpersonation;
+  private String credentialSourceType;
+
+  /**
+   * Constructor for the external account metrics handler.
+   *
+   * @param creds the {@code ExternalAccountCredentials} object to set the external account metrics
+   *     options from.
+   */
+  ExternalAccountMetricsHandler(ExternalAccountCredentials creds) {
+    this.saImpersonation = creds.getServiceAccountImpersonationUrl() != null;
+    this.configLifetime =
+        creds.getServiceAccountImpersonationOptions().customTokenLifetimeRequested;
+    this.credentialSourceType = creds.getCredentialSourceType();
+  }
+
+  /**
+   * Gets the external account metrics header value for the x-goog-api-client header.
+   *
+   * @return the header value.
+   */
+  String getExternalAccountMetricsHeader() {
+    return String.format(
+        "%s %s %s/%s %s/%s %s/%s",
+        MetricsUtils.getLanguageAndAuthLibraryVersions(),
+        BYOID_METRICS_SECTION,
+        SOURCE_KEY,
+        this.credentialSourceType,
+        IMPERSONATION_KEY,
+        this.saImpersonation,
+        CONFIG_LIFETIME_KEY,
+        this.configLifetime);
+  }
+}
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		enabled: true
		multiScmName: google-auth-library-java