Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-google-auth for
openSUSE:Factory checked in at 2023-08-16 14:16:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-google-auth (Old)
and /work/SRC/openSUSE:Factory/.python-google-auth.new.11712 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-google-auth"
Wed Aug 16 14:16:29 2023 rev:33 rq:1103816 version:2.22.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-google-auth/python-google-auth.changes
2023-06-29 17:28:05.630176887 +0200
+++
/work/SRC/openSUSE:Factory/.python-google-auth.new.11712/python-google-auth.changes
2023-08-16 14:16:36.954782186 +0200
@@ -1,0 +2,26 @@
+Mon Aug 14 09:05:07 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- unpin urllib3 to resolve conflict with python-kubernetes
+
+-------------------------------------------------------------------
+Tue Jul 25 13:44:24 UTC 2023 - ecsos <ec...@opensuse.org>
+
+- Fix not installable error
+
+-------------------------------------------------------------------
+Tue Jul 18 10:56:40 UTC 2023 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to 2.22.0
+ * Adding meta header for trust boundary (#1334)
+ * Introduce compatibility with native namespace packages (#1205)
+ * Deprecate UserAccessTokenCredentials (#1344)
+- Update file list in %files section
+
+-------------------------------------------------------------------
+Mon Jul 10 08:18:34 UTC 2023 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Require python-urllib3 < 2.0 if python-urllib3: urllib3 seems not
+ strictly required, but when it's there, we need it to be older
+ than version 2.0.
+
+-------------------------------------------------------------------
Old:
----
google-auth-2.21.0.tar.gz
New:
----
google-auth-2.22.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-google-auth.spec ++++++
--- /var/tmp/diff_new_pack.cYCUVL/_old 2023-08-16 14:16:38.430791531 +0200
+++ /var/tmp/diff_new_pack.cYCUVL/_new 2023-08-16 14:16:38.434791556 +0200
@@ -19,7 +19,7 @@
%define skip_python2 1
%{?sle15_python_module_pythons}
Name: python-google-auth
-Version: 2.21.0
+Version: 2.22.0
Release: 0
Summary: Google Authentication Library
License: Apache-2.0
@@ -42,7 +42,6 @@
BuildRequires: %{python_module rsa >= 3.1.4}
BuildRequires: %{python_module setuptools >= 40.3.0}
BuildRequires: %{python_module six >= 1.9.0}
-BuildRequires: %{python_module urllib3 < 2.0}
# END TESTING SECTION
BuildRequires: fdupes
BuildRequires: python-rpm-macros
@@ -56,6 +55,7 @@
Recommends: python-pyOpenSSL >= 20.0.0
Recommends: python-pyu2f >= 0.1.5
Recommends: python-requests >= 2.20.0
+Recommends: python-urllib3
BuildArch: noarch
%python_subpackages
@@ -83,6 +83,5 @@
%{python_sitelib}/google/auth
%{python_sitelib}/google/oauth2
%{python_sitelib}/google_auth-%{version}*-info
-%{python_sitelib}/google_auth-%{version}*-nspkg.pth
%changelog
++++++ google-auth-2.21.0.tar.gz -> google-auth-2.22.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/PKG-INFO
new/google-auth-2.22.0/PKG-INFO
--- old/google-auth-2.21.0/PKG-INFO 2023-06-26 19:50:02.127231000 +0200
+++ new/google-auth-2.22.0/PKG-INFO 2023-07-11 19:24:45.563413000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: google-auth
-Version: 2.21.0
+Version: 2.22.0
Summary: Google Authentication Library
Home-page: https://github.com/googleapis/google-auth-library-python
Author: Google Cloud Platform
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google/__init__.py
new/google-auth-2.22.0/google/__init__.py
--- old/google-auth-2.21.0/google/__init__.py 2023-06-26 19:47:12.000000000
+0200
+++ new/google-auth-2.22.0/google/__init__.py 1970-01-01 01:00:00.000000000
+0100
@@ -1,24 +0,0 @@
-# Copyright 2016 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""Google namespace package."""
-
-try:
- import pkg_resources
-
- pkg_resources.declare_namespace(__name__)
-except ImportError:
- import pkgutil
-
- __path__ = pkgutil.extend_path(__path__, __name__) # type: ignore
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google/auth/credentials.py
new/google-auth-2.22.0/google/auth/credentials.py
--- old/google-auth-2.21.0/google/auth/credentials.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/google/auth/credentials.py 2023-07-11
19:22:01.000000000 +0200
@@ -54,6 +54,9 @@
If this is None, the token is assumed to never expire."""
self._quota_project_id = None
"""Optional[str]: Project to use for quota and billing purposes."""
+ self._trust_boundary = None
+ """Optional[str]: Encoded string representation of credentials trust
+ boundary."""
@property
def expired(self):
@@ -127,6 +130,8 @@
headers["authorization"] = "Bearer {}".format(
_helpers.from_bytes(token or self.token)
)
+ if self._trust_boundary is not None:
+ headers["x-identity-trust-boundary"] = self._trust_boundary
if self.quota_project_id:
headers["x-goog-user-project"] = self.quota_project_id
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google/auth/external_account.py
new/google-auth-2.22.0/google/auth/external_account.py
--- old/google-auth-2.21.0/google/auth/external_account.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/google/auth/external_account.py 2023-07-11
19:22:01.000000000 +0200
@@ -86,6 +86,7 @@
default_scopes=None,
workforce_pool_user_project=None,
universe_domain=_DEFAULT_UNIVERSE_DOMAIN,
+ trust_boundary=None,
):
"""Instantiates an external account credentials object.
@@ -111,6 +112,7 @@
billing/quota.
universe_domain (str): The universe domain. The default universe
domain is googleapis.com.
+ trust_boundary (str): String representation of trust boundary meta.
Raises:
google.auth.exceptions.RefreshError: If the generateAccessToken
endpoint returned an error.
@@ -132,6 +134,7 @@
self._default_scopes = default_scopes
self._workforce_pool_user_project = workforce_pool_user_project
self._universe_domain = universe_domain or _DEFAULT_UNIVERSE_DOMAIN
+ self._trust_boundary = "0" # expose a placeholder trust boundary
value.
if self._client_id:
self._client_auth = utils.ClientAuthentication(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google/auth/version.py
new/google-auth-2.22.0/google/auth/version.py
--- old/google-auth-2.21.0/google/auth/version.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/google/auth/version.py 2023-07-11
19:22:01.000000000 +0200
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-__version__ = "2.21.0"
+__version__ = "2.22.0"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google/oauth2/credentials.py
new/google-auth-2.22.0/google/oauth2/credentials.py
--- old/google-auth-2.21.0/google/oauth2/credentials.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/google/oauth2/credentials.py 2023-07-11
19:22:01.000000000 +0200
@@ -35,6 +35,7 @@
import io
import json
import logging
+import warnings
import six
@@ -84,6 +85,7 @@
refresh_handler=None,
enable_reauth_refresh=False,
granted_scopes=None,
+ trust_boundary=None,
):
"""
Args:
@@ -141,6 +143,7 @@
self._rapt_token = rapt_token
self.refresh_handler = refresh_handler
self._enable_reauth_refresh = enable_reauth_refresh
+ self._trust_boundary = trust_boundary
def __getstate__(self):
"""A __getstate__ method must exist for the __setstate__ to be called
@@ -171,6 +174,7 @@
self._quota_project_id = d.get("_quota_project_id")
self._rapt_token = d.get("_rapt_token")
self._enable_reauth_refresh = d.get("_enable_reauth_refresh")
+ self._trust_boundary = d.get("_trust_boundary")
# The refresh_handler setter should be used to repopulate this.
self._refresh_handler = None
@@ -268,6 +272,7 @@
quota_project_id=quota_project_id,
rapt_token=self.rapt_token,
enable_reauth_refresh=self._enable_reauth_refresh,
+ trust_boundary=self._trust_boundary,
)
@_helpers.copy_docstring(credentials.CredentialsWithTokenUri)
@@ -286,6 +291,7 @@
quota_project_id=self.quota_project_id,
rapt_token=self.rapt_token,
enable_reauth_refresh=self._enable_reauth_refresh,
+ trust_boundary=self._trust_boundary,
)
def _metric_header_for_usage(self):
@@ -421,6 +427,7 @@
quota_project_id=info.get("quota_project_id"), # may not exist
expiry=expiry,
rapt_token=info.get("rapt_token"), # may not exist
+ trust_boundary=info.get("trust_boundary"), # may not exist
)
@classmethod
@@ -492,6 +499,13 @@
"""
def __init__(self, account=None, quota_project_id=None):
+ warnings.warn(
+ "UserAccessTokenCredentials is deprecated, please use "
+ "google.oauth2.credentials.Credentials instead. To use "
+ "that credential type, simply run "
+ "`gcloud auth application-default login` and let the "
+ "client libraries pick up the application default credentials."
+ )
super(UserAccessTokenCredentials, self).__init__()
self._account = account
self._quota_project_id = quota_project_id
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google/oauth2/service_account.py
new/google-auth-2.22.0/google/oauth2/service_account.py
--- old/google-auth-2.21.0/google/oauth2/service_account.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/google/oauth2/service_account.py 2023-07-11
19:22:01.000000000 +0200
@@ -140,6 +140,7 @@
additional_claims=None,
always_use_jwt_access=False,
universe_domain=_DEFAULT_UNIVERSE_DOMAIN,
+ trust_boundary=None,
):
"""
Args:
@@ -163,6 +164,7 @@
universe_domain (str): The universe domain. The default
universe domain is googleapis.com. For default value self
signed jwt is used for token refresh.
+ trust_boundary (str): String representation of trust boundary meta.
.. note:: Typically one of the helper constructors
:meth:`from_service_account_file` or
@@ -194,6 +196,7 @@
self._additional_claims = additional_claims
else:
self._additional_claims = {}
+ self._trust_boundary = "0"
@classmethod
def _from_signer_and_info(cls, signer, info, **kwargs):
@@ -217,6 +220,7 @@
token_uri=info["token_uri"],
project_id=info.get("project_id"),
universe_domain=info.get("universe_domain",
_DEFAULT_UNIVERSE_DOMAIN),
+ trust_boundary=info.get("trust_boundary"),
**kwargs
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google_auth.egg-info/PKG-INFO
new/google-auth-2.22.0/google_auth.egg-info/PKG-INFO
--- old/google-auth-2.21.0/google_auth.egg-info/PKG-INFO 2023-06-26
19:50:02.000000000 +0200
+++ new/google-auth-2.22.0/google_auth.egg-info/PKG-INFO 2023-07-11
19:24:45.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: google-auth
-Version: 2.21.0
+Version: 2.22.0
Summary: Google Authentication Library
Home-page: https://github.com/googleapis/google-auth-library-python
Author: Google Cloud Platform
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/google_auth.egg-info/SOURCES.txt
new/google-auth-2.22.0/google_auth.egg-info/SOURCES.txt
--- old/google-auth-2.21.0/google_auth.egg-info/SOURCES.txt 2023-06-26
19:50:02.000000000 +0200
+++ new/google-auth-2.22.0/google_auth.egg-info/SOURCES.txt 2023-07-11
19:24:45.000000000 +0200
@@ -3,7 +3,6 @@
README.rst
setup.cfg
setup.py
-google/__init__.py
google/auth/__init__.py
google/auth/_cloud_sdk.py
google/auth/_credentials_async.py
@@ -67,7 +66,6 @@
google_auth.egg-info/PKG-INFO
google_auth.egg-info/SOURCES.txt
google_auth.egg-info/dependency_links.txt
-google_auth.egg-info/namespace_packages.txt
google_auth.egg-info/requires.txt
google_auth.egg-info/top_level.txt
tests/__init__.py
@@ -91,6 +89,7 @@
tests/test_impersonated_credentials.py
tests/test_jwt.py
tests/test_metrics.py
+tests/test_packaging.py
tests/test_pluggable.py
tests/compute_engine/__init__.py
tests/compute_engine/test__metadata.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/google-auth-2.21.0/google_auth.egg-info/namespace_packages.txt
new/google-auth-2.22.0/google_auth.egg-info/namespace_packages.txt
--- old/google-auth-2.21.0/google_auth.egg-info/namespace_packages.txt
2023-06-26 19:50:02.000000000 +0200
+++ new/google-auth-2.22.0/google_auth.egg-info/namespace_packages.txt
1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-google
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/google-auth-2.21.0/google_auth.egg-info/top_level.txt
new/google-auth-2.22.0/google_auth.egg-info/top_level.txt
--- old/google-auth-2.21.0/google_auth.egg-info/top_level.txt 2023-06-26
19:50:02.000000000 +0200
+++ new/google-auth-2.22.0/google_auth.egg-info/top_level.txt 2023-07-11
19:24:45.000000000 +0200
@@ -1 +1,3 @@
google
+scripts
+testing
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/setup.py
new/google-auth-2.22.0/setup.py
--- old/google-auth-2.21.0/setup.py 2023-06-26 19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/setup.py 2023-07-11 19:22:01.000000000 +0200
@@ -15,7 +15,7 @@
import io
import os
-from setuptools import find_packages
+from setuptools import find_namespace_packages
from setuptools import setup
@@ -58,8 +58,9 @@
description="Google Authentication Library",
long_description=long_description,
url="https://github.com/googleapis/google-auth-library-python";,
- packages=find_packages(exclude=("tests*", "system_tests*")),
- namespace_packages=("google",),
+ packages=find_namespace_packages(
+ exclude=("tests*", "system_tests*", "docs*", "samples*")
+ ),
install_requires=DEPENDENCIES,
extras_require=extras,
python_requires=">=3.6",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/tests/oauth2/test_credentials.py
new/google-auth-2.22.0/tests/oauth2/test_credentials.py
--- old/google-auth-2.21.0/tests/oauth2/test_credentials.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/tests/oauth2/test_credentials.py 2023-07-11
19:22:01.000000000 +0200
@@ -951,25 +951,34 @@
class TestUserAccessTokenCredentials(object):
def test_instance(self):
- cred = credentials.UserAccessTokenCredentials()
- assert cred._account is None
+ with pytest.warns(
+ UserWarning, match="UserAccessTokenCredentials is deprecated"
+ ):
+ cred = credentials.UserAccessTokenCredentials()
+ assert cred._account is None
- cred = cred.with_account("account")
- assert cred._account == "account"
+ cred = cred.with_account("account")
+ assert cred._account == "account"
@mock.patch("google.auth._cloud_sdk.get_auth_access_token", autospec=True)
def test_refresh(self, get_auth_access_token):
- get_auth_access_token.return_value = "access_token"
- cred = credentials.UserAccessTokenCredentials()
- cred.refresh(None)
- assert cred.token == "access_token"
+ with pytest.warns(
+ UserWarning, match="UserAccessTokenCredentials is deprecated"
+ ):
+ get_auth_access_token.return_value = "access_token"
+ cred = credentials.UserAccessTokenCredentials()
+ cred.refresh(None)
+ assert cred.token == "access_token"
def test_with_quota_project(self):
- cred = credentials.UserAccessTokenCredentials()
- quota_project_cred = cred.with_quota_project("project-foo")
+ with pytest.warns(
+ UserWarning, match="UserAccessTokenCredentials is deprecated"
+ ):
+ cred = credentials.UserAccessTokenCredentials()
+ quota_project_cred = cred.with_quota_project("project-foo")
- assert quota_project_cred._quota_project_id == "project-foo"
- assert quota_project_cred._account == cred._account
+ assert quota_project_cred._quota_project_id == "project-foo"
+ assert quota_project_cred._account == cred._account
@mock.patch(
"google.oauth2.credentials.UserAccessTokenCredentials.apply",
autospec=True
@@ -978,7 +987,10 @@
"google.oauth2.credentials.UserAccessTokenCredentials.refresh",
autospec=True
)
def test_before_request(self, refresh, apply):
- cred = credentials.UserAccessTokenCredentials()
- cred.before_request(mock.Mock(), "GET", "https://example.com";, {})
- refresh.assert_called()
- apply.assert_called()
+ with pytest.warns(
+ UserWarning, match="UserAccessTokenCredentials is deprecated"
+ ):
+ cred = credentials.UserAccessTokenCredentials()
+ cred.before_request(mock.Mock(), "GET", "https://example.com";, {})
+ refresh.assert_called()
+ apply.assert_called()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/tests/test_aws.py
new/google-auth-2.22.0/tests/test_aws.py
--- old/google-auth-2.21.0/tests/test_aws.py 2023-06-26 19:47:12.000000000
+0200
+++ new/google-auth-2.22.0/tests/test_aws.py 2023-07-11 19:22:01.000000000
+0200
@@ -1969,6 +1969,7 @@
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
"x-goog-user-project": QUOTA_PROJECT_ID,
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
@@ -2065,6 +2066,7 @@
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
"x-goog-user-project": QUOTA_PROJECT_ID,
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/tests/test_credentials.py
new/google-auth-2.22.0/tests/test_credentials.py
--- old/google-auth-2.21.0/tests/test_credentials.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/tests/test_credentials.py 2023-07-11
19:22:01.000000000 +0200
@@ -80,6 +80,7 @@
assert credentials.valid
assert credentials.token == "token"
assert headers["authorization"] == "Bearer token"
+ assert "x-identity-trust-boundary" not in headers
request = "token2"
headers = {}
@@ -89,6 +90,32 @@
assert credentials.valid
assert credentials.token == "token"
assert headers["authorization"] == "Bearer token"
+ assert "x-identity-trust-boundary" not in headers
+
+
+def test_before_request_with_trust_boundary():
+ DUMMY_BOUNDARY = "00110101"
+ credentials = CredentialsImpl()
+ credentials._trust_boundary = DUMMY_BOUNDARY
+ request = "token"
+ headers = {}
+
+ # First call should call refresh, setting the token.
+ credentials.before_request(request, "http://example.com";, "GET", headers)
+ assert credentials.valid
+ assert credentials.token == "token"
+ assert headers["authorization"] == "Bearer token"
+ assert headers["x-identity-trust-boundary"] == DUMMY_BOUNDARY
+
+ request = "token2"
+ headers = {}
+
+ # Second call shouldn't call refresh.
+ credentials.before_request(request, "http://example.com";, "GET", headers)
+ assert credentials.valid
+ assert credentials.token == "token"
+ assert headers["authorization"] == "Bearer token"
+ assert headers["x-identity-trust-boundary"] == DUMMY_BOUNDARY
def test_before_request_metrics():
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/tests/test_external_account.py
new/google-auth-2.22.0/tests/test_external_account.py
--- old/google-auth-2.21.0/tests/test_external_account.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/tests/test_external_account.py 2023-07-11
19:22:01.000000000 +0200
@@ -825,6 +825,7 @@
"Content-Type": "application/json",
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
@@ -906,6 +907,7 @@
"Content-Type": "application/json",
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
@@ -1124,6 +1126,7 @@
"Content-Type": "application/json",
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
@@ -1207,6 +1210,7 @@
"Content-Type": "application/json",
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
@@ -1261,7 +1265,8 @@
credentials.apply(headers)
assert headers == {
- "authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"])
+ "authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
def test_apply_workforce_without_quota_project_id(self):
@@ -1277,7 +1282,8 @@
credentials.apply(headers)
assert headers == {
- "authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"])
+ "authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
def test_apply_impersonation_without_quota_project_id(self):
@@ -1308,7 +1314,8 @@
credentials.apply(headers)
assert headers == {
- "authorization": "Bearer
{}".format(impersonation_response["accessToken"])
+ "authorization": "Bearer
{}".format(impersonation_response["accessToken"]),
+ "x-identity-trust-boundary": "0",
}
def test_apply_with_quota_project_id(self):
@@ -1325,6 +1332,7 @@
"other": "header-value",
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
"x-goog-user-project": self.QUOTA_PROJECT_ID,
+ "x-identity-trust-boundary": "0",
}
def test_apply_impersonation_with_quota_project_id(self):
@@ -1359,6 +1367,7 @@
"other": "header-value",
"authorization": "Bearer
{}".format(impersonation_response["accessToken"]),
"x-goog-user-project": self.QUOTA_PROJECT_ID,
+ "x-identity-trust-boundary": "0",
}
def test_before_request(self):
@@ -1374,6 +1383,7 @@
assert headers == {
"other": "header-value",
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
# Second call shouldn't call refresh.
@@ -1382,6 +1392,7 @@
assert headers == {
"other": "header-value",
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
def test_before_request_workforce(self):
@@ -1399,6 +1410,7 @@
assert headers == {
"other": "header-value",
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
# Second call shouldn't call refresh.
@@ -1407,6 +1419,7 @@
assert headers == {
"other": "header-value",
"authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
def test_before_request_impersonation(self):
@@ -1437,6 +1450,7 @@
assert headers == {
"other": "header-value",
"authorization": "Bearer
{}".format(impersonation_response["accessToken"]),
+ "x-identity-trust-boundary": "0",
}
# Second call shouldn't call refresh.
@@ -1445,6 +1459,7 @@
assert headers == {
"other": "header-value",
"authorization": "Bearer
{}".format(impersonation_response["accessToken"]),
+ "x-identity-trust-boundary": "0",
}
@mock.patch("google.auth._helpers.utcnow")
@@ -1470,7 +1485,10 @@
credentials.before_request(request, "POST", "https://example.com/api";,
headers)
# Cached token should be used.
- assert headers == {"authorization": "Bearer token"}
+ assert headers == {
+ "authorization": "Bearer token",
+ "x-identity-trust-boundary": "0",
+ }
# Next call should simulate 1 second passed.
utcnow.return_value = datetime.datetime.min +
datetime.timedelta(seconds=1)
@@ -1482,7 +1500,8 @@
# New token should be retrieved.
assert headers == {
- "authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"])
+ "authorization": "Bearer
{}".format(self.SUCCESS_RESPONSE["access_token"]),
+ "x-identity-trust-boundary": "0",
}
@mock.patch("google.auth._helpers.utcnow")
@@ -1523,7 +1542,10 @@
credentials.before_request(request, "POST", "https://example.com/api";,
headers)
# Cached token should be used.
- assert headers == {"authorization": "Bearer token"}
+ assert headers == {
+ "authorization": "Bearer token",
+ "x-identity-trust-boundary": "0",
+ }
# Next call should simulate 1 second passed. This will trigger the
expiration
# threshold.
@@ -1536,7 +1558,8 @@
# New token should be retrieved.
assert headers == {
- "authorization": "Bearer
{}".format(impersonation_response["accessToken"])
+ "authorization": "Bearer
{}".format(impersonation_response["accessToken"]),
+ "x-identity-trust-boundary": "0",
}
@pytest.mark.parametrize(
@@ -1635,6 +1658,7 @@
"x-goog-user-project": self.QUOTA_PROJECT_ID,
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
@@ -1688,6 +1712,7 @@
"authorization": "Bearer {}".format(
impersonation_response["accessToken"]
),
+ "x-identity-trust-boundary": "0",
},
)
@@ -1759,6 +1784,7 @@
"authorization": "Bearer {}".format(
self.SUCCESS_RESPONSE["access_token"]
),
+ "x-identity-trust-boundary": "0",
},
)
@@ -1808,6 +1834,7 @@
"Content-Type": "application/json",
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client":
IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUE,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/tests/test_identity_pool.py
new/google-auth-2.22.0/tests/test_identity_pool.py
--- old/google-auth-2.21.0/tests/test_identity_pool.py 2023-06-26
19:47:12.000000000 +0200
+++ new/google-auth-2.22.0/tests/test_identity_pool.py 2023-07-11
19:22:01.000000000 +0200
@@ -319,6 +319,7 @@
"Content-Type": "application/json",
"authorization": "Bearer
{}".format(token_response["access_token"]),
"x-goog-api-client": metrics_header_value,
+ "x-identity-trust-boundary": "0",
}
impersonation_request_data = {
"delegates": None,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/google-auth-2.21.0/tests/test_packaging.py
new/google-auth-2.22.0/tests/test_packaging.py
--- old/google-auth-2.21.0/tests/test_packaging.py 1970-01-01
01:00:00.000000000 +0100
+++ new/google-auth-2.22.0/tests/test_packaging.py 2023-07-11
19:22:01.000000000 +0200
@@ -0,0 +1,30 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import subprocess
+import sys
+
+
+def test_namespace_package_compat(tmp_path):
+ """
+ The ``google`` namespace package should not be masked
+ by the presence of ``google-auth``.
+ """
+ google = tmp_path / "google"
+ google.mkdir()
+ google.joinpath("othermod.py").write_text("")
+ env = dict(os.environ, PYTHONPATH=str(tmp_path))
+ cmd = [sys.executable, "-m", "google.othermod"]
+ subprocess.check_call(cmd, env=env)
