From a7b536e44ffdd0a0f54ed486160b33aad54eb658 Mon Sep 17 00:00:00 2001
From: "release-please[bot]"
<55107282+release-please[bot]@users.noreply.github.com>
Date: Thu, 21 Oct 2021 17:50:21 +0000
Subject: [PATCH 01/15] chore: release 1.2.3-SNAPSHOT (#776)
:robot: I have created a release \*beep\* \*boop\*
---
### Updating meta-information for bleeding-edge SNAPSHOT release.
---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
---
appengine/pom.xml | 2 +-
bom/pom.xml | 2 +-
credentials/pom.xml | 2 +-
oauth2_http/pom.xml | 2 +-
pom.xml | 2 +-
versions.txt | 12 ++++++------
6 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/appengine/pom.xml b/appengine/pom.xml
index ac06cbe5a..fc9d9ac24 100644
--- a/appengine/pom.xml
+++ b/appengine/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 1.2.2
+ 1.2.3-SNAPSHOT
../pom.xml
diff --git a/bom/pom.xml b/bom/pom.xml
index 43e880985..7871195cc 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-bom
- 1.2.2
+ 1.2.3-SNAPSHOT
pom
Google Auth Library for Java BOM
diff --git a/credentials/pom.xml b/credentials/pom.xml
index 00b0c5b01..efc1b547e 100644
--- a/credentials/pom.xml
+++ b/credentials/pom.xml
@@ -4,7 +4,7 @@
com.google.auth
google-auth-library-parent
- 1.2.2
+ 1.2.3-SNAPSHOT
../pom.xml
diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml
index 147f7dae3..d1c723650 100644
--- a/oauth2_http/pom.xml
+++ b/oauth2_http/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 1.2.2
+ 1.2.3-SNAPSHOT
../pom.xml
diff --git a/pom.xml b/pom.xml
index 0f85fd36b..973bc73fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-parent
- 1.2.2
+ 1.2.3-SNAPSHOT
pom
Google Auth Library for Java
Client libraries providing authentication and
diff --git a/versions.txt b/versions.txt
index 5c93c58c8..ed801c68e 100644
--- a/versions.txt
+++ b/versions.txt
@@ -1,9 +1,9 @@
# Format:
# module:released-version:current-version
-google-auth-library:1.2.2:1.2.2
-google-auth-library-bom:1.2.2:1.2.2
-google-auth-library-parent:1.2.2:1.2.2
-google-auth-library-appengine:1.2.2:1.2.2
-google-auth-library-credentials:1.2.2:1.2.2
-google-auth-library-oauth2-http:1.2.2:1.2.2
+google-auth-library:1.2.2:1.2.3-SNAPSHOT
+google-auth-library-bom:1.2.2:1.2.3-SNAPSHOT
+google-auth-library-parent:1.2.2:1.2.3-SNAPSHOT
+google-auth-library-appengine:1.2.2:1.2.3-SNAPSHOT
+google-auth-library-credentials:1.2.2:1.2.3-SNAPSHOT
+google-auth-library-oauth2-http:1.2.2:1.2.3-SNAPSHOT
From ff399e7a1ae6235548a9da90943988139a7b1686 Mon Sep 17 00:00:00 2001
From: Chanseok Oh
Date: Thu, 21 Oct 2021 14:22:50 -0400
Subject: [PATCH 02/15] build: fix integration test (#775)
Co-authored-by: Leo <39062083+lsirac@users.noreply.github.com>
---
oauth2_http/pom.xml | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml
index d1c723650..90edb307e 100644
--- a/oauth2_http/pom.xml
+++ b/oauth2_http/pom.xml
@@ -61,7 +61,7 @@
org.apache.maven.plugins
maven-failsafe-plugin
- 3.0.0-M4
+ 3.0.0-M5
1200
sponge_log
@@ -70,13 +70,6 @@
**/functional/*.java
-
-
- org.apache.maven.surefire
- surefire-junit47
- 3.0.0-M4
-
-
org.apache.maven.plugins
From 6449ef0922053121a6732933ab9e246965fde3b7 Mon Sep 17 00:00:00 2001
From: Leo <39062083+lsirac@users.noreply.github.com>
Date: Thu, 21 Oct 2021 11:29:39 -0700
Subject: [PATCH 03/15] fix: service account impersonation with workforce
credentials (#770)
* fix: service account impersonation with workforce credentials
* fix: add old constructors
* fix: add one test for service account impersonation with a workforce IdentityPoolCredential
* fix: code review
* fix: remove workforce methods from IdentityPoolCredentials
* fix: can't remove setWorkforcePoolUserProject in Builder
---
.../google/auth/oauth2/AwsCredentials.java | 67 +----
.../oauth2/ExternalAccountCredentials.java | 173 +++++++++--
.../auth/oauth2/IdentityPoolCredentials.java | 55 +---
.../ExternalAccountCredentialsTest.java | 282 ++++++++++++------
.../oauth2/IdentityPoolCredentialsTest.java | 75 +++--
...ckExternalAccountCredentialsTransport.java | 9 +
6 files changed, 404 insertions(+), 257 deletions(-)
diff --git a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
index 25d67660d..54c7a13e9 100644
--- a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
@@ -37,7 +37,6 @@
import com.google.api.client.http.HttpResponse;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonParser;
-import com.google.auth.http.HttpTransportFactory;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@@ -49,7 +48,6 @@
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import javax.annotation.Nullable;
/**
* AWS credentials representing a third-party identity for calling Google APIs.
@@ -114,39 +112,10 @@ static class AwsCredentialSource extends CredentialSource {
private final AwsCredentialSource awsCredentialSource;
- /**
- * Internal constructor. See {@link
- * ExternalAccountCredentials#ExternalAccountCredentials(HttpTransportFactory, String, String,
- * String, CredentialSource, String, String, String, String, String, Collection,
- * EnvironmentProvider)}
- */
- AwsCredentials(
- HttpTransportFactory transportFactory,
- String audience,
- String subjectTokenType,
- String tokenUrl,
- AwsCredentialSource credentialSource,
- @Nullable String tokenInfoUrl,
- @Nullable String serviceAccountImpersonationUrl,
- @Nullable String quotaProjectId,
- @Nullable String clientId,
- @Nullable String clientSecret,
- @Nullable Collection scopes,
- @Nullable EnvironmentProvider environmentProvider) {
- super(
- transportFactory,
- audience,
- subjectTokenType,
- tokenUrl,
- credentialSource,
- tokenInfoUrl,
- serviceAccountImpersonationUrl,
- quotaProjectId,
- clientId,
- clientSecret,
- scopes,
- environmentProvider);
- this.awsCredentialSource = credentialSource;
+ /** Internal constructor. See {@link AwsCredentials.Builder}. */
+ AwsCredentials(Builder builder) {
+ super(builder);
+ this.awsCredentialSource = (AwsCredentialSource) builder.credentialSource;
}
@Override
@@ -192,19 +161,7 @@ public String retrieveSubjectToken() throws IOException {
/** Clones the AwsCredentials with the specified scopes. */
@Override
public GoogleCredentials createScoped(Collection newScopes) {
- return new AwsCredentials(
- transportFactory,
- getAudience(),
- getSubjectTokenType(),
- getTokenUrl(),
- awsCredentialSource,
- getTokenInfoUrl(),
- getServiceAccountImpersonationUrl(),
- getQuotaProjectId(),
- getClientId(),
- getClientSecret(),
- newScopes,
- getEnvironmentProvider());
+ return new AwsCredentials((AwsCredentials.Builder) newBuilder(this).setScopes(newScopes));
}
private String retrieveResource(String url, String resourceName) throws IOException {
@@ -342,19 +299,7 @@ public static class Builder extends ExternalAccountCredentials.Builder {
@Override
public AwsCredentials build() {
- return new AwsCredentials(
- transportFactory,
- audience,
- subjectTokenType,
- tokenUrl,
- (AwsCredentialSource) credentialSource,
- tokenInfoUrl,
- serviceAccountImpersonationUrl,
- quotaProjectId,
- clientId,
- clientSecret,
- scopes,
- environmentProvider);
+ return new AwsCredentials(this);
}
}
}
diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
index 38b4d37ff..547a04261 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
@@ -89,6 +89,10 @@ abstract static class CredentialSource {
@Nullable private final String clientId;
@Nullable private final String clientSecret;
+ // This is used for Workforce Pools. It is passed to STS during token exchange in the
+ // `options` param and will be embedded in the token by STS.
+ @Nullable private final String workforcePoolUserProject;
+
protected transient HttpTransportFactory transportFactory;
@Nullable protected final ImpersonatedCredentials impersonatedCredentials;
@@ -96,7 +100,8 @@ abstract static class CredentialSource {
private EnvironmentProvider environmentProvider;
/**
- * Constructor with minimum identifying information and custom HTTP transport.
+ * Constructor with minimum identifying information and custom HTTP transport. Does not support
+ * workforce credentials.
*
* @param transportFactory HTTP transport factory, creates the transport used to get access tokens
* @param audience the STS audience which is usually the fully specified resource name of the
@@ -181,6 +186,49 @@ protected ExternalAccountCredentials(
(scopes == null || scopes.isEmpty()) ? Arrays.asList(CLOUD_PLATFORM_SCOPE) : scopes;
this.environmentProvider =
environmentProvider == null ? SystemEnvironmentProvider.getInstance() : environmentProvider;
+ this.workforcePoolUserProject = null;
+
+ validateTokenUrl(tokenUrl);
+ if (serviceAccountImpersonationUrl != null) {
+ validateServiceAccountImpersonationInfoUrl(serviceAccountImpersonationUrl);
+ }
+
+ this.impersonatedCredentials = initializeImpersonatedCredentials();
+ }
+
+ /**
+ * Internal constructor with minimum identifying information and custom HTTP transport. See {@link
+ * ExternalAccountCredentials.Builder}.
+ */
+ protected ExternalAccountCredentials(ExternalAccountCredentials.Builder builder) {
+ this.transportFactory =
+ MoreObjects.firstNonNull(
+ builder.transportFactory,
+ getFromServiceLoader(HttpTransportFactory.class, OAuth2Utils.HTTP_TRANSPORT_FACTORY));
+ this.transportFactoryClassName = checkNotNull(this.transportFactory.getClass().getName());
+ this.audience = checkNotNull(builder.audience);
+ this.subjectTokenType = checkNotNull(builder.subjectTokenType);
+ this.tokenUrl = checkNotNull(builder.tokenUrl);
+ this.credentialSource = checkNotNull(builder.credentialSource);
+ this.tokenInfoUrl = builder.tokenInfoUrl;
+ this.serviceAccountImpersonationUrl = builder.serviceAccountImpersonationUrl;
+ this.quotaProjectId = builder.quotaProjectId;
+ this.clientId = builder.clientId;
+ this.clientSecret = builder.clientSecret;
+ this.scopes =
+ (builder.scopes == null || builder.scopes.isEmpty())
+ ? Arrays.asList(CLOUD_PLATFORM_SCOPE)
+ : builder.scopes;
+ this.environmentProvider =
+ builder.environmentProvider == null
+ ? SystemEnvironmentProvider.getInstance()
+ : builder.environmentProvider;
+
+ this.workforcePoolUserProject = builder.workforcePoolUserProject;
+ if (workforcePoolUserProject != null && !isWorkforcePoolConfiguration()) {
+ throw new IllegalArgumentException(
+ "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
+ }
validateTokenUrl(tokenUrl);
if (serviceAccountImpersonationUrl != null) {
@@ -312,23 +360,21 @@ static ExternalAccountCredentials fromJson(
String userProject = (String) json.get("workforce_pool_user_project");
if (isAwsCredential(credentialSourceMap)) {
- return new AwsCredentials(
- transportFactory,
- audience,
- subjectTokenType,
- tokenUrl,
- new AwsCredentialSource(credentialSourceMap),
- tokenInfoUrl,
- serviceAccountImpersonationUrl,
- quotaProjectId,
- clientId,
- clientSecret,
- /* scopes= */ null,
- /* environmentProvider= */ null);
+ return AwsCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience(audience)
+ .setSubjectTokenType(subjectTokenType)
+ .setTokenUrl(tokenUrl)
+ .setTokenInfoUrl(tokenInfoUrl)
+ .setCredentialSource(new AwsCredentialSource(credentialSourceMap))
+ .setServiceAccountImpersonationUrl(serviceAccountImpersonationUrl)
+ .setQuotaProjectId(quotaProjectId)
+ .setClientId(clientId)
+ .setClientSecret(clientSecret)
+ .build();
}
return IdentityPoolCredentials.newBuilder()
- .setWorkforcePoolUserProject(userProject)
.setHttpTransportFactory(transportFactory)
.setAudience(audience)
.setSubjectTokenType(subjectTokenType)
@@ -339,6 +385,7 @@ static ExternalAccountCredentials fromJson(
.setQuotaProjectId(quotaProjectId)
.setClientId(clientId)
.setClientSecret(clientSecret)
+ .setWorkforcePoolUserProject(userProject)
.build();
}
@@ -361,13 +408,25 @@ protected AccessToken exchangeExternalCredentialForAccessToken(
return impersonatedCredentials.refreshAccessToken();
}
- StsRequestHandler requestHandler =
+ StsRequestHandler.Builder requestHandler =
StsRequestHandler.newBuilder(
- tokenUrl, stsTokenExchangeRequest, transportFactory.create().createRequestFactory())
- .setInternalOptions(stsTokenExchangeRequest.getInternalOptions())
- .build();
+ tokenUrl, stsTokenExchangeRequest, transportFactory.create().createRequestFactory());
+
+ // If this credential was initialized with a Workforce configuration then the
+ // workforcePoolUserProject must passed to STS via the the internal options param.
+ if (isWorkforcePoolConfiguration()) {
+ GenericJson options = new GenericJson();
+ options.setFactory(OAuth2Utils.JSON_FACTORY);
+ options.put("userProject", workforcePoolUserProject);
+ requestHandler.setInternalOptions(options.toString());
+ }
+
+ if (stsTokenExchangeRequest.getInternalOptions() != null) {
+ // Overwrite internal options. Let subclass handle setting options.
+ requestHandler.setInternalOptions(stsTokenExchangeRequest.getInternalOptions());
+ }
- StsTokenExchangeResponse response = requestHandler.exchangeToken();
+ StsTokenExchangeResponse response = requestHandler.build().exchangeToken();
return response.getAccessToken();
}
@@ -427,10 +486,26 @@ public Collection getScopes() {
return scopes;
}
+ @Nullable
+ public String getWorkforcePoolUserProject() {
+ return workforcePoolUserProject;
+ }
+
EnvironmentProvider getEnvironmentProvider() {
return environmentProvider;
}
+ /**
+ * Returns whether or not the current configuration is for Workforce Pools (which enable 3p user
+ * identities, rather than workloads).
+ */
+ public boolean isWorkforcePoolConfiguration() {
+ Pattern workforceAudiencePattern =
+ Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$");
+ return workforcePoolUserProject != null
+ && workforceAudiencePattern.matcher(getAudience()).matches();
+ }
+
static void validateTokenUrl(String tokenUrl) {
List patterns = new ArrayList<>();
patterns.add(Pattern.compile("^[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com$"));
@@ -501,6 +576,7 @@ public abstract static class Builder extends GoogleCredentials.Builder {
@Nullable protected String clientId;
@Nullable protected String clientSecret;
@Nullable protected Collection scopes;
+ @Nullable protected String workforcePoolUserProject;
protected Builder() {}
@@ -517,60 +593,95 @@ protected Builder(ExternalAccountCredentials credentials) {
this.clientSecret = credentials.clientSecret;
this.scopes = credentials.scopes;
this.environmentProvider = credentials.environmentProvider;
+ this.workforcePoolUserProject = credentials.workforcePoolUserProject;
}
+ /** Sets the HTTP transport factory, creates the transport used to get access tokens. */
+ public Builder setHttpTransportFactory(HttpTransportFactory transportFactory) {
+ this.transportFactory = transportFactory;
+ return this;
+ }
+
+ /**
+ * Sets the STS audience which is usually the fully specified resource name of the
+ * workload/workforce pool provider.
+ */
public Builder setAudience(String audience) {
this.audience = audience;
return this;
}
+ /**
+ * Sets the STS subject token type based on the OAuth 2.0 token exchange spec. Indicates the
+ * type of the security token in the credential file.
+ */
public Builder setSubjectTokenType(String subjectTokenType) {
this.subjectTokenType = subjectTokenType;
return this;
}
+ /** Sets the STS token exchange endpoint. */
public Builder setTokenUrl(String tokenUrl) {
this.tokenUrl = tokenUrl;
return this;
}
- public Builder setTokenInfoUrl(String tokenInfoUrl) {
- this.tokenInfoUrl = tokenInfoUrl;
+ /** Sets the external credential source. */
+ public Builder setCredentialSource(CredentialSource credentialSource) {
+ this.credentialSource = credentialSource;
return this;
}
+ /**
+ * Sets the optional URL used for service account impersonation. This is only required when APIs
+ * to be accessed have not integrated with UberMint. If this is not available, the STS returned
+ * GCP access token is directly used.
+ */
public Builder setServiceAccountImpersonationUrl(String serviceAccountImpersonationUrl) {
this.serviceAccountImpersonationUrl = serviceAccountImpersonationUrl;
return this;
}
- public Builder setCredentialSource(CredentialSource credentialSource) {
- this.credentialSource = credentialSource;
- return this;
- }
-
- public Builder setScopes(Collection scopes) {
- this.scopes = scopes;
+ /**
+ * Sets the optional endpoint used to retrieve account related information. Required for gCloud
+ * session account identification.
+ */
+ public Builder setTokenInfoUrl(String tokenInfoUrl) {
+ this.tokenInfoUrl = tokenInfoUrl;
return this;
}
+ /** Sets the optional project used for quota and billing purposes. */
public Builder setQuotaProjectId(String quotaProjectId) {
this.quotaProjectId = quotaProjectId;
return this;
}
+ /** Sets the optional client ID of the service account from the console. */
public Builder setClientId(String clientId) {
this.clientId = clientId;
return this;
}
+ /** Sets the optional client secret of the service account from the console. */
public Builder setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
return this;
}
- public Builder setHttpTransportFactory(HttpTransportFactory transportFactory) {
- this.transportFactory = transportFactory;
+ /** Sets the optional scopes to request during the authorization grant. */
+ public Builder setScopes(Collection scopes) {
+ this.scopes = scopes;
+ return this;
+ }
+
+ /**
+ * Sets the optional workforce pool user project number when the credential corresponds to a
+ * workforce pool and not a workload identity pool. The underlying principal must still have
+ * serviceusage.services.use IAM permission to use the project for billing/quota.
+ */
+ public Builder setWorkforcePoolUserProject(String workforcePoolUserProject) {
+ this.workforcePoolUserProject = workforcePoolUserProject;
return this;
}
diff --git a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java
index d13cd8545..44e9c0e93 100644
--- a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java
@@ -53,7 +53,6 @@
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
-import java.util.regex.Pattern;
import javax.annotation.Nullable;
/**
@@ -155,37 +154,10 @@ private boolean hasHeaders() {
private final IdentityPoolCredentialSource identityPoolCredentialSource;
- // This is used for Workforce Pools. It is passed to STS during token exchange in the
- // `options` param and will be embedded in the token by STS.
- @Nullable private String workforcePoolUserProject;
-
/** Internal constructor. See {@link Builder}. */
IdentityPoolCredentials(Builder builder) {
- super(
- builder.transportFactory,
- builder.audience,
- builder.subjectTokenType,
- builder.tokenUrl,
- builder.credentialSource,
- builder.tokenInfoUrl,
- builder.serviceAccountImpersonationUrl,
- builder.quotaProjectId,
- builder.clientId,
- builder.clientSecret,
- builder.scopes,
- builder.environmentProvider);
+ super(builder);
this.identityPoolCredentialSource = (IdentityPoolCredentialSource) builder.credentialSource;
- this.workforcePoolUserProject = builder.workforcePoolUserProject;
-
- if (workforcePoolUserProject != null && !isWorkforcePoolConfiguration()) {
- throw new IllegalArgumentException(
- "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
- }
- }
-
- @Nullable
- public String getWorkforcePoolUserProject() {
- return workforcePoolUserProject;
}
@Override
@@ -200,15 +172,6 @@ public AccessToken refreshAccessToken() throws IOException {
stsTokenExchangeRequest.setScopes(new ArrayList<>(scopes));
}
- // If this credential was initialized with a Workforce configuration then the
- // workforcePoolUserProject must passed to STS via the the internal options param.
- if (isWorkforcePoolConfiguration()) {
- GenericJson options = new GenericJson();
- options.setFactory(OAuth2Utils.JSON_FACTORY);
- options.put("userProject", workforcePoolUserProject);
- stsTokenExchangeRequest.setInternalOptions(options.toString());
- }
-
return exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest.build());
}
@@ -276,17 +239,6 @@ private String getSubjectTokenFromMetadataServer() throws IOException {
}
}
- /**
- * Returns whether or not the current configuration is for Workforce Pools (which enable 3p user
- * identities, rather than workloads).
- */
- public boolean isWorkforcePoolConfiguration() {
- Pattern workforceAudiencePattern =
- Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$");
- return workforcePoolUserProject != null
- && workforceAudiencePattern.matcher(getAudience()).matches();
- }
-
/** Clones the IdentityPoolCredentials with the specified scopes. */
@Override
public IdentityPoolCredentials createScoped(Collection newScopes) {
@@ -304,17 +256,14 @@ public static Builder newBuilder(IdentityPoolCredentials identityPoolCredentials
public static class Builder extends ExternalAccountCredentials.Builder {
- @Nullable private String workforcePoolUserProject;
-
Builder() {}
Builder(IdentityPoolCredentials credentials) {
super(credentials);
- setWorkforcePoolUserProject(credentials.getWorkforcePoolUserProject());
}
public Builder setWorkforcePoolUserProject(String workforcePoolUserProject) {
- this.workforcePoolUserProject = workforcePoolUserProject;
+ super.setWorkforcePoolUserProject(workforcePoolUserProject);
return this;
}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
index 0ba3efa52..c59560f56 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
@@ -31,6 +31,7 @@
package com.google.auth.oauth2;
+import static com.google.auth.oauth2.MockExternalAccountCredentialsTransport.SERVICE_ACCOUNT_IMPERSONATION_URL;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
@@ -46,13 +47,11 @@
import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
-import javax.annotation.Nullable;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -61,6 +60,13 @@ public class ExternalAccountCredentialsTest {
private static final String STS_URL = "https://sts.googleapis.com";
+ private static final Map FILE_CREDENTIAL_SOURCE_MAP =
+ new HashMap() {
+ {
+ put("file", "file");
+ }
+ };
+
static class MockExternalAccountCredentialsTransportFactory implements HttpTransportFactory {
MockExternalAccountCredentialsTransport transport =
@@ -262,51 +268,134 @@ void fromJson_invalidWorkforceAudiences_throws() {
}
@Test
- void constructor_invalidTokenUrl() {
+ void constructor_builder() {
+ HashMap credentialSource = new HashMap<>();
+ credentialSource.put("file", "file");
+
+ ExternalAccountCredentials credentials =
+ IdentityPoolCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience(
+ "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl(STS_URL)
+ .setTokenInfoUrl("https://tokeninfo.com")
+ .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL)
+ .setCredentialSource(new TestCredentialSource(credentialSource))
+ .setScopes(Arrays.asList("scope1", "scope2"))
+ .setQuotaProjectId("projectId")
+ .setClientId("clientId")
+ .setClientSecret("clientSecret")
+ .setWorkforcePoolUserProject("workforcePoolUserProject")
+ .build();
+
+ assertEquals(
+ "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider",
+ credentials.getAudience());
+ assertEquals("subjectTokenType", credentials.getSubjectTokenType());
+ assertEquals(STS_URL, credentials.getTokenUrl());
+ assertEquals("https://tokeninfo.com", credentials.getTokenInfoUrl());
+ assertEquals(
+ SERVICE_ACCOUNT_IMPERSONATION_URL, credentials.getServiceAccountImpersonationUrl());
+ assertEquals(Arrays.asList("scope1", "scope2"), credentials.getScopes());
+ assertEquals("projectId", credentials.getQuotaProjectId());
+ assertEquals("clientId", credentials.getClientId());
+ assertEquals("clientSecret", credentials.getClientSecret());
+ assertEquals("workforcePoolUserProject", credentials.getWorkforcePoolUserProject());
+ assertNotNull(credentials.getCredentialSource());
+ }
+
+ @Test
+ void constructor_builder_invalidTokenUrl() {
IllegalArgumentException exception =
assertThrows(
IllegalArgumentException.class,
() -> {
- new TestExternalAccountCredentials(
- transportFactory,
- "audience",
- "subjectTokenType",
- "tokenUrl",
- new TestCredentialSource(new HashMap()),
- STS_URL,
- /* serviceAccountImpersonationUrl= */ null,
- "quotaProjectId",
- /* clientId= */ null,
- /* clientSecret= */ null,
- /* scopes= */ null);
+ ExternalAccountCredentials.Builder builder =
+ TestExternalAccountCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience("audience")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl("tokenUrl")
+ .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP));
+ new TestExternalAccountCredentials(builder);
},
"Should have failed since an invalid token URL was passed.");
assertEquals("The provided token URL is invalid.", exception.getMessage());
}
@Test
- void constructor_invalidServiceAccountImpersonationUrl() {
+ void constructor_builder_invalidServiceAccountImpersonationUrl() {
IllegalArgumentException exception =
assertThrows(
IllegalArgumentException.class,
() -> {
- new TestExternalAccountCredentials(
- transportFactory,
- "audience",
- "subjectTokenType",
- "tokenUrl",
- new TestCredentialSource(new HashMap<>()),
- /* tokenInfoUrl= */ null,
- "serviceAccountImpersonationUrl",
- "quotaProjectId",
- /* clientId= */ null,
- /* clientSecret= */ null,
- /* scopes= */ null);
+ ExternalAccountCredentials.Builder builder =
+ TestExternalAccountCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience("audience")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl("tokenUrl")
+ .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP))
+ .setServiceAccountImpersonationUrl("serviceAccountImpersonationUrl");
+ new TestExternalAccountCredentials(builder);
},
"Should have failed since an invalid token URL was passed.");
assertEquals("The provided token URL is invalid.", exception.getMessage());
}
+ @Test
+ void constructor_builderWithInvalidWorkforceAudiences_throws() {
+ List invalidAudiences =
+ Arrays.asList(
+ "",
+ "//iam.googleapis.com/projects/x23/locations/global/workloadIdentityPools/pool/providers/provider",
+ "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider",
+ "//iam.googleapis.com/locations/global/workforcePools/providers/provider",
+ "//iam.googleapis.com/locations/global/workforcePools/providers",
+ "//iam.googleapis.com/locations/global/workforcePools/",
+ "//iam.googleapis.com/locations//workforcePools/providers",
+ "//iam.googleapis.com/notlocations/global/workforcePools/providers",
+ "//iam.googleapis.com/locations/global/workforce/providers");
+
+ HashMap credentialSource = new HashMap<>();
+ credentialSource.put("file", "file");
+ for (String audience : invalidAudiences) {
+ IllegalArgumentException exception =
+ assertThrows(
+ IllegalArgumentException.class,
+ () -> {
+ TestExternalAccountCredentials.newBuilder()
+ .setWorkforcePoolUserProject("workforcePoolUserProject")
+ .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY)
+ .setAudience(audience)
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl(STS_URL)
+ .setCredentialSource(new TestCredentialSource(credentialSource))
+ .build();
+ },
+ "Exception should be thrown.");
+ assertEquals(
+ "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.",
+ exception.getMessage());
+ }
+ }
+
+ @Test
+ void constructor_builderWithEmptyWorkforceUserProjectAndWorkforceAudience() {
+ HashMap credentialSource = new HashMap<>();
+ credentialSource.put("file", "file");
+ // No exception should be thrown.
+ TestExternalAccountCredentials.newBuilder()
+ .setWorkforcePoolUserProject("")
+ .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY)
+ .setAudience("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl(STS_URL)
+ .setCredentialSource(new TestCredentialSource(credentialSource))
+ .build();
+ }
+
@Test
void exchangeExternalCredentialForAccessToken() throws IOException {
ExternalAccountCredentials credential =
@@ -331,6 +420,57 @@ void exchangeExternalCredentialForAccessToken_withInternalOptions() throws IOExc
ExternalAccountCredentials credential =
ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), transportFactory);
+ GenericJson internalOptions = new GenericJson();
+ internalOptions.setFactory(OAuth2Utils.JSON_FACTORY);
+ internalOptions.put("key", "value");
+ StsTokenExchangeRequest stsTokenExchangeRequest =
+ StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType")
+ .setInternalOptions(internalOptions.toString())
+ .build();
+
+ AccessToken accessToken =
+ credential.exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest);
+
+ assertEquals(transportFactory.transport.getAccessToken(), accessToken.getTokenValue());
+
+ // Validate internal options set.
+ Map query =
+ TestUtils.parseQuery(transportFactory.transport.getRequest().getContentAsString());
+ assertNotNull(query.get("options"));
+ assertEquals(internalOptions.toString(), query.get("options"));
+ }
+
+ @Test
+ void exchangeExternalCredentialForAccessToken_workforceCred_expectUserProjectPassedToSts()
+ throws IOException {
+ ExternalAccountCredentials credential =
+ ExternalAccountCredentials.fromJson(
+ buildJsonIdentityPoolWorkforceCredential(), transportFactory);
+
+ StsTokenExchangeRequest stsTokenExchangeRequest =
+ StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build();
+
+ AccessToken accessToken =
+ credential.exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest);
+
+ assertEquals(transportFactory.transport.getAccessToken(), accessToken.getTokenValue());
+
+ // Validate internal options set.
+ Map query =
+ TestUtils.parseQuery(transportFactory.transport.getRequest().getContentAsString());
+ GenericJson internalOptions = new GenericJson();
+ internalOptions.setFactory(OAuth2Utils.JSON_FACTORY);
+ internalOptions.put("userProject", "userProject");
+ assertEquals(internalOptions.toString(), query.get("options"));
+ }
+
+ @Test
+ void exchangeExternalCredentialForAccessToken_workforceCredWithInternalOptions_expectOverridden()
+ throws IOException {
+ ExternalAccountCredentials credential =
+ ExternalAccountCredentials.fromJson(
+ buildJsonIdentityPoolWorkforceCredential(), transportFactory);
+
GenericJson internalOptions = new GenericJson();
internalOptions.put("key", "value");
StsTokenExchangeRequest stsTokenExchangeRequest =
@@ -400,18 +540,15 @@ void exchangeExternalCredentialForAccessToken_throws() throws IOException {
@Test
void getRequestMetadata_withQuotaProjectId() throws IOException {
TestExternalAccountCredentials testCredentials =
- new TestExternalAccountCredentials(
- transportFactory,
- "audience",
- "subjectTokenType",
- STS_URL,
- new TestCredentialSource(new HashMap()),
- "tokenInfoUrl",
- /* serviceAccountImpersonationUrl= */ null,
- "quotaProjectId",
- /* clientId= */ null,
- /* clientSecret= */ null,
- /* scopes= */ null);
+ (TestExternalAccountCredentials)
+ TestExternalAccountCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience("audience")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl(STS_URL)
+ .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP))
+ .setQuotaProjectId("quotaProjectId")
+ .build();
Map> requestMetadata =
testCredentials.getRequestMetadata(URI.create("http://googleapis.com/foo/bar"));
@@ -568,64 +705,27 @@ private GenericJson buildJsonAwsCredential() {
}
static class TestExternalAccountCredentials extends ExternalAccountCredentials {
- static class TestCredentialSource extends ExternalAccountCredentials.CredentialSource {
+ static class TestCredentialSource extends IdentityPoolCredentials.IdentityPoolCredentialSource {
protected TestCredentialSource(Map credentialSourceMap) {
super(credentialSourceMap);
}
}
- protected TestExternalAccountCredentials(
- HttpTransportFactory transportFactory,
- String audience,
- String subjectTokenType,
- String tokenUrl,
- CredentialSource credentialSource,
- @Nullable String tokenInfoUrl,
- @Nullable String serviceAccountImpersonationUrl,
- @Nullable String quotaProjectId,
- @Nullable String clientId,
- @Nullable String clientSecret,
- @Nullable Collection scopes) {
- super(
- transportFactory,
- audience,
- subjectTokenType,
- tokenUrl,
- credentialSource,
- tokenInfoUrl,
- serviceAccountImpersonationUrl,
- quotaProjectId,
- clientId,
- clientSecret,
- scopes);
+ public static Builder newBuilder() {
+ return new Builder();
+ }
+
+ static class Builder extends ExternalAccountCredentials.Builder {
+ Builder() {}
+
+ @Override
+ public TestExternalAccountCredentials build() {
+ return new TestExternalAccountCredentials(this);
+ }
}
- protected TestExternalAccountCredentials(
- HttpTransportFactory transportFactory,
- String audience,
- String subjectTokenType,
- String tokenUrl,
- CredentialSource credentialSource,
- @Nullable String tokenInfoUrl,
- @Nullable String serviceAccountImpersonationUrl,
- @Nullable String quotaProjectId,
- @Nullable String clientId,
- @Nullable String clientSecret,
- @Nullable Collection scopes,
- @Nullable EnvironmentProvider environmentProvider) {
- super(
- transportFactory,
- audience,
- subjectTokenType,
- tokenUrl,
- credentialSource,
- tokenInfoUrl,
- serviceAccountImpersonationUrl,
- quotaProjectId,
- clientId,
- clientSecret,
- scopes,
- environmentProvider);
+ protected TestExternalAccountCredentials(ExternalAccountCredentials.Builder builder) {
+ super(builder);
}
@Override
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
index bde045bff..33f55dfc6 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
@@ -36,6 +36,7 @@
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.GenericJson;
@@ -378,6 +379,42 @@ void refreshAccessToken_withServiceAccountImpersonation() throws IOException {
transportFactory.transport.getServiceAccountAccessToken(), accessToken.getTokenValue());
}
+ @Test
+ void refreshAccessToken_workforceWithServiceAccountImpersonation() throws IOException {
+ MockExternalAccountCredentialsTransportFactory transportFactory =
+ new MockExternalAccountCredentialsTransportFactory();
+
+ transportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
+ IdentityPoolCredentials credential =
+ (IdentityPoolCredentials)
+ IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL)
+ .setAudience(
+ "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider")
+ .setTokenUrl(transportFactory.transport.getStsUrl())
+ .setServiceAccountImpersonationUrl(
+ transportFactory.transport.getServiceAccountImpersonationUrl())
+ .setHttpTransportFactory(transportFactory)
+ .setCredentialSource(
+ buildUrlBasedCredentialSource(transportFactory.transport.getMetadataUrl()))
+ .setWorkforcePoolUserProject("userProject")
+ .build();
+
+ AccessToken accessToken = credential.refreshAccessToken();
+
+ assertEquals(
+ transportFactory.transport.getServiceAccountAccessToken(), accessToken.getTokenValue());
+
+ // Validate internal options set.
+ Map query = TestUtils.parseQuery(transportFactory.transport.getStsContent());
+
+ GenericJson expectedInternalOptions = new GenericJson();
+ expectedInternalOptions.setFactory(OAuth2Utils.JSON_FACTORY);
+ expectedInternalOptions.put("userProject", "userProject");
+
+ assertNotNull(query.get("options"));
+ assertEquals(expectedInternalOptions.toString(), query.get("options"));
+ }
+
@Test
void identityPoolCredentialSource_invalidSourceType() {
IllegalArgumentException exception =
@@ -515,27 +552,23 @@ void builder_invalidWorkforceAudiences_throws() {
}
@Test
- void builder_emptyWorkforceUserProjectWithWorkforceAudience_throws() {
- IllegalArgumentException exception =
- assertThrows(
- IllegalArgumentException.class,
- () -> {
- IdentityPoolCredentials.newBuilder()
- .setWorkforcePoolUserProject("")
- .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY)
- .setAudience(
- "//iam.googleapis.com/locations/global/workforcePools/providers/provider")
- .setSubjectTokenType("subjectTokenType")
- .setTokenUrl(STS_URL)
- .setTokenInfoUrl("tokenInfoUrl")
- .setCredentialSource(FILE_CREDENTIAL_SOURCE)
- .setQuotaProjectId("quotaProjectId")
- .build();
- },
- "Exception should be thrown.");
- assertEquals(
- "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.",
- exception.getMessage());
+ void builder_emptyWorkforceUserProjectWithWorkforceAudience() {
+ // No exception should be thrown.
+ IdentityPoolCredentials credentials =
+ (IdentityPoolCredentials)
+ IdentityPoolCredentials.newBuilder()
+ .setWorkforcePoolUserProject("")
+ .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY)
+ .setAudience(
+ "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenUrl(STS_URL)
+ .setTokenInfoUrl("tokenInfoUrl")
+ .setCredentialSource(FILE_CREDENTIAL_SOURCE)
+ .setQuotaProjectId("quotaProjectId")
+ .build();
+
+ assertTrue(credentials.isWorkforcePoolConfiguration());
}
static InputStream writeIdentityPoolCredentialsStream(
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java
index 7e07146cc..43a8dea44 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java
@@ -89,6 +89,7 @@ public class MockExternalAccountCredentialsTransport extends MockHttpTransport {
private MockLowLevelHttpRequest request;
private String expireTime;
private String metadataServerContentType;
+ private String stsContent;
public void addResponseErrorSequence(IOException... errors) {
Collections.addAll(responseErrorSequence, errors);
@@ -160,6 +161,10 @@ public LowLevelHttpResponse execute() throws IOException {
}
if (STS_URL.equals(url)) {
Map query = TestUtils.parseQuery(getContentAsString());
+
+ // Store STS content as multiple calls are made using this transport.
+ stsContent = getContentAsString();
+
assertEquals(EXPECTED_GRANT_TYPE, query.get("grant_type"));
assertNotNull(query.get("subject_token_type"));
assertNotNull(query.get("subject_token"));
@@ -206,6 +211,10 @@ public LowLevelHttpResponse execute() throws IOException {
return this.request;
}
+ public String getStsContent() {
+ return stsContent;
+ }
+
public MockLowLevelHttpRequest getRequest() {
return request;
}
From 15939c13db1362d2e0b655ae6f8223e1b6e57482 Mon Sep 17 00:00:00 2001
From: Neenu Shaji
Date: Thu, 21 Oct 2021 20:14:33 -0400
Subject: [PATCH 04/15] chore: update owlbot project (#778)
---
.github/.OwlBot.lock.yaml | 2 +-
.github/.OwlBot.yaml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index a600ac229..dc53bbb57 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
- image: gcr.io/repo-automation-bots/owlbot-java:latest
+ image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
digest: sha256:d4b2141d65566523dfd523f63c6e6899ab1281463bce182a9f600e74b0511875
diff --git a/.github/.OwlBot.yaml b/.github/.OwlBot.yaml
index 8c5f03b4d..5d9a9d8b5 100644
--- a/.github/.OwlBot.yaml
+++ b/.github/.OwlBot.yaml
@@ -13,4 +13,4 @@
# limitations under the License.
docker:
- image: "gcr.io/repo-automation-bots/owlbot-java:latest"
+ image: "gcr.io/cloud-devrel-public-resources/owlbot-java:latest"
From 9160a53e6507c1c938795e181c65ad80db1bcf11 Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Mon, 25 Oct 2021 16:11:29 +0000
Subject: [PATCH 05/15] fix(java): java 17 dependency arguments (#1266) (#779)
---
.github/.OwlBot.lock.yaml | 2 +-
.kokoro/dependencies.sh | 10 ++++------
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index dc53bbb57..0df65ebe9 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:d4b2141d65566523dfd523f63c6e6899ab1281463bce182a9f600e74b0511875
+ digest: sha256:a3ac08d167454718ff057b97a1950d3cb5e16fc39fb3f355d90276285a6cac75
diff --git a/.kokoro/dependencies.sh b/.kokoro/dependencies.sh
index 9a5105d7e..d7476cfe9 100755
--- a/.kokoro/dependencies.sh
+++ b/.kokoro/dependencies.sh
@@ -38,15 +38,13 @@ function determineMavenOpts() {
| sed -E 's/^(1\.[0-9]\.0).*$/\1/g'
)
- case $javaVersion in
- "17")
+ if [[ $javaVersion == 17* ]]
+ then
# MaxPermSize is no longer supported as of jdk 17
echo -n "-Xmx1024m"
- ;;
- *)
+ else
echo -n "-Xmx1024m -XX:MaxPermSize=128m"
- ;;
- esac
+ fi
}
export MAVEN_OPTS=$(determineMavenOpts)
From 0b26226b2a0a44a9b869b383c5fbcbdc3f6e1044 Mon Sep 17 00:00:00 2001
From: WhiteSource Renovate
Date: Wed, 3 Nov 2021 02:50:20 +0100
Subject: [PATCH 06/15] chore(deps): update dependency
com.google.appengine:appengine-api-1.0-sdk to v1.9.92 (#784)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [com.google.appengine:appengine-api-1.0-sdk](https://cloud.google.com/appengine/docs/standard/java/javadoc/) ([source](http://svn.sonatype.org/spice/tags/oss-parent-4)) | `1.9.91` -> `1.9.92` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Configuration
📅 **Schedule**: At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] If you want to rebase/retry this PR, click this checkbox.
---
This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/google-auth-library-java).
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 973bc73fe..2c02633ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,7 +62,7 @@
1.40.1
5.8.1
31.0.1-android
- 1.9.91
+ 1.9.92
3.0.2
false
1.8.2
From 5f4315bef249cdd75499d7573e42fbb83827e16b Mon Sep 17 00:00:00 2001
From: WhiteSource Renovate
Date: Wed, 3 Nov 2021 02:50:27 +0100
Subject: [PATCH 07/15] chore(deps): update dependency
com.google.appengine:appengine to v1.9.92 (#783)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [com.google.appengine:appengine](https://cloud.google.com/appengine/docs/standard/java/javadoc/) ([source](http://svn.sonatype.org/spice/tags/oss-parent-4)) | `1.9.91` -> `1.9.92` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Configuration
📅 **Schedule**: At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] If you want to rebase/retry this PR, click this checkbox.
---
This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/google-auth-library-java).
From 1f142cfea1d4795d1084d31b725b6d9ed6deccd1 Mon Sep 17 00:00:00 2001
From: WhiteSource Renovate
Date: Wed, 3 Nov 2021 22:44:21 +0100
Subject: [PATCH 08/15] chore(deps): update dependency
com.google.auto.service:auto-service-annotations to v1.0.1 (#785)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [com.google.auto.service:auto-service-annotations](https://togithub.com/google/auto) | `1.0` -> `1.0.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Configuration
📅 **Schedule**: At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] If you want to rebase/retry this PR, click this checkbox.
---
This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/google-auth-library-java).
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2c02633ce..68e407d25 100644
--- a/pom.xml
+++ b/pom.xml
@@ -461,7 +461,7 @@
com.google.auto.service
auto-service-annotations
- 1.0
+ 1.0.1
From fe3d48b240ae8350d3554e058fc555dffb5db8dd Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Thu, 4 Nov 2021 21:10:22 +0000
Subject: [PATCH 09/15] chore(java): remove pin on Apache Maven 3.8.1 from
github actions (#1268) (#786)
---
.github/.OwlBot.lock.yaml | 2 +-
.github/workflows/ci.yaml | 17 +----------------
2 files changed, 2 insertions(+), 17 deletions(-)
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 0df65ebe9..5a79fcd57 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:a3ac08d167454718ff057b97a1950d3cb5e16fc39fb3f355d90276285a6cac75
+ digest: sha256:ed012741acaae5d03e011244585a1f0625a596d31568967d77772aa5a0a51d5e
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 2425d7234..d95a11a26 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -12,9 +12,6 @@ jobs:
java: [8, 11, 17]
steps:
- uses: actions/checkout@v2
- - uses: stCarolas/setup-maven@v4
- with:
- maven-version: 3.8.1
- uses: actions/setup-java@v2
with:
distribution: zulu
@@ -27,9 +24,6 @@ jobs:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- - uses: stCarolas/setup-maven@v4
- with:
- maven-version: 3.8.1
- uses: actions/setup-java@v2
with:
distribution: zulu
@@ -45,9 +39,6 @@ jobs:
java: [8, 11, 17]
steps:
- uses: actions/checkout@v2
- - uses: stCarolas/setup-maven@v4
- with:
- maven-version: 3.8.1
- uses: actions/setup-java@v2
with:
distribution: zulu
@@ -58,9 +49,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- - uses: stCarolas/setup-maven@v4
- with:
- maven-version: 3.8.1
- uses: actions/setup-java@v2
with:
distribution: zulu
@@ -73,9 +61,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- - uses: stCarolas/setup-maven@v4
- with:
- maven-version: 3.8.1
- uses: actions/setup-java@v2
with:
distribution: zulu
@@ -83,4 +68,4 @@ jobs:
- run: java -version
- run: .kokoro/build.sh
env:
- JOB_TYPE: clirr
+ JOB_TYPE: clirr
\ No newline at end of file
From 1149581e63267e3553c74ba2114d849c5b24f27b Mon Sep 17 00:00:00 2001
From: Neenu Shaji
Date: Fri, 5 Nov 2021 15:04:11 -0400
Subject: [PATCH 10/15] feat: next release from main branch is 1.3.0 (#780)
---
.github/release-please.yml | 4 ++++
.github/sync-repo-settings.yaml | 13 +++++++++++++
2 files changed, 17 insertions(+)
diff --git a/.github/release-please.yml b/.github/release-please.yml
index a2f4b464a..ad8215e93 100644
--- a/.github/release-please.yml
+++ b/.github/release-please.yml
@@ -10,3 +10,7 @@ branches:
handleGHRelease: true
releaseType: java-yoshi
branch: java7
+ - bumpMinorPreMajor: true
+ handleGHRelease: true
+ releaseType: java-backport
+ branch: 1.2.x
diff --git a/.github/sync-repo-settings.yaml b/.github/sync-repo-settings.yaml
index 1dea670f9..555659fb5 100644
--- a/.github/sync-repo-settings.yaml
+++ b/.github/sync-repo-settings.yaml
@@ -42,6 +42,19 @@ branchProtectionRules:
requiredApprovingReviewCount: 1
requiresCodeOwnerReviews: true
requiresStrictStatusChecks: true
+ - pattern: 1.2.x
+ isAdminEnforced: true
+ requiredStatusCheckContexts:
+ - dependencies (8)
+ - dependencies (11)
+ - lint
+ - clirr
+ - units (8)
+ - units (11)
+ - cla/google
+ requiredApprovingReviewCount: 1
+ requiresCodeOwnerReviews: true
+ requiresStrictStatusChecks: true
permissionRules:
- team: Googlers
permission: pull
From 8330e1c4fb65b0d09cd03ab98b8ff2a80e2819cf Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Sat, 6 Nov 2021 00:36:16 +0000
Subject: [PATCH 11/15] Update ci.yaml (#1275) (#787)
---
.github/.OwlBot.lock.yaml | 2 +-
.github/workflows/ci.yaml | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 5a79fcd57..994dd04bf 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:ed012741acaae5d03e011244585a1f0625a596d31568967d77772aa5a0a51d5e
+ digest: sha256:fecf6bd85f19eb046d913982ea36f6d434f9a49ab0545d25e31186aa64367c0c
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index d95a11a26..93b337c62 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -8,6 +8,7 @@ jobs:
units:
runs-on: ubuntu-latest
strategy:
+ fail-fast: false
matrix:
java: [8, 11, 17]
steps:
@@ -68,4 +69,4 @@ jobs:
- run: java -version
- run: .kokoro/build.sh
env:
- JOB_TYPE: clirr
\ No newline at end of file
+ JOB_TYPE: clirr
From d2ce3b7aa644e465a76869f24994390f96a29821 Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Mon, 8 Nov 2021 21:46:11 +0000
Subject: [PATCH 12/15] chore: cleanup cloud RAD generation (#1269) (#790)
---
.github/.OwlBot.lock.yaml | 2 +-
.kokoro/release/publish_javadoc11.sh | 10 +++-------
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 994dd04bf..325daaa4b 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:fecf6bd85f19eb046d913982ea36f6d434f9a49ab0545d25e31186aa64367c0c
+ digest: sha256:204b7af96e6d481f19b0ff377aa379d46bc56dd06e1cc7c523f361dd9cbfeeaa
diff --git a/.kokoro/release/publish_javadoc11.sh b/.kokoro/release/publish_javadoc11.sh
index f4619ef9f..315cf4fba 100755
--- a/.kokoro/release/publish_javadoc11.sh
+++ b/.kokoro/release/publish_javadoc11.sh
@@ -36,13 +36,9 @@ mvn clean install -B -q -DskipTests=true
export NAME=google-auth-library
export VERSION=$(grep ${NAME}: versions.txt | cut -d: -f3)
-# V3 generates docfx yml from javadoc
-# generate yml
-mvn clean site -B -q -P docFX
-
-# copy README to docfx-yml dir and rename index.md
-cp README.md target/docfx-yml/index.md
-# copy CHANGELOG to docfx-yml dir and rename history.md
+# cloud RAD generation
+mvn clean javadoc:aggregate -B -q -P docFX
+# include CHANGELOG
cp CHANGELOG.md target/docfx-yml/history.md
pushd target/docfx-yml
From d7d8b749e310aa602fe1b88bf865466008b92a66 Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Tue, 9 Nov 2021 14:46:21 +0000
Subject: [PATCH 13/15] chore: update jre to 11 for linter (#1278) (#792)
---
.github/.OwlBot.lock.yaml | 2 +-
.github/workflows/ci.yaml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 325daaa4b..886d09496 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:204b7af96e6d481f19b0ff377aa379d46bc56dd06e1cc7c523f361dd9cbfeeaa
+ digest: sha256:14ecf64ec36f67c7bf04e3dc0f68eafcc01df3955121c38862b695e2ae7515d8
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 93b337c62..05de1f60d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -53,7 +53,7 @@ jobs:
- uses: actions/setup-java@v2
with:
distribution: zulu
- java-version: 8
+ java-version: 11
- run: java -version
- run: .kokoro/build.sh
env:
From bce0b2d17b09f141e59cf1d5adccce2ba5e2bea9 Mon Sep 17 00:00:00 2001
From: Emily Ball
Date: Wed, 10 Nov 2021 09:40:24 -0800
Subject: [PATCH 14/15] chore: cleanup cloud RAD generation (#791)
Same as https://github.com/googleapis/java-shared-config/pull/344
---
pom.xml | 59 ++++++++++++++++++++++++---------------------------------
1 file changed, 25 insertions(+), 34 deletions(-)
diff --git a/pom.xml b/pom.xml
index 68e407d25..6873ac997 100644
--- a/pom.xml
+++ b/pom.xml
@@ -478,53 +478,44 @@
docFX
-
+
+
+ java-docfx-doclet-1.3.0
+ ${project.build.directory}/docfx-yml
+ ${project.artifactId}
+
+
+ 7
+
+
+
org.apache.maven.plugins
maven-javadoc-plugin
3.3.1
-
-
- docFX
-
- javadoc
- aggregate
- aggregate-jar
-
-
-
com.microsoft.doclet.DocFxDoclet
false
- ${env.KOKORO_GFILE_DIR}/java-docfx-doclet-1.3.0.jar
- -outputpath ${project.build.directory}/docfx-yml -projectname ${artifactId}
+
+ ${env.KOKORO_GFILE_DIR}/${docletName}.jar
+
+ -outputpath ${outputpath}
+ -projectname ${projectname}
+ -excludeclasses ${excludeclasses}:
+ -excludepackages ${excludePackages}:
+
none
protected
true
- 7
-
-
- Codestin Search App
- com.google.auth*
-
-
- Codestin Search App
- com.google.auth.http*:com.google.auth.oauth2*
-
-
- Codestin Search App
- com.google.auth.appengine*
-
-
-
- http://download.oracle.com/javase/7/docs/api/
- http://cloud.google.com/appengine/docs/java/javadoc
-
+ ${source}
+
+ ${sourceFileExclude}
+
-
+
-
+
From 714efebdf535d4fa051c063ed227aa175fda5786 Mon Sep 17 00:00:00 2001
From: "release-please[bot]"
<55107282+release-please[bot]@users.noreply.github.com>
Date: Wed, 10 Nov 2021 19:34:20 +0000
Subject: [PATCH 15/15] chore: release 1.3.0 (#777)
:robot: I have created a release \*beep\* \*boop\*
---
## [1.3.0](https://www.github.com/googleapis/google-auth-library-java/compare/v1.2.2...v1.3.0) (2021-11-10)
### Features
* next release from main branch is 1.3.0 ([#780](https://www.github.com/googleapis/google-auth-library-java/issues/780)) ([1149581](https://www.github.com/googleapis/google-auth-library-java/commit/1149581e63267e3553c74ba2114d849c5b24f27b))
### Bug Fixes
* **java:** java 17 dependency arguments ([#1266](https://www.github.com/googleapis/google-auth-library-java/issues/1266)) ([#779](https://www.github.com/googleapis/google-auth-library-java/issues/779)) ([9160a53](https://www.github.com/googleapis/google-auth-library-java/commit/9160a53e6507c1c938795e181c65ad80db1bcf11))
* service account impersonation with workforce credentials ([#770](https://www.github.com/googleapis/google-auth-library-java/issues/770)) ([6449ef0](https://www.github.com/googleapis/google-auth-library-java/commit/6449ef0922053121a6732933ab9e246965fde3b7))
---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
---
CHANGELOG.md | 13 +++++++++++++
README.md | 6 +++---
appengine/pom.xml | 2 +-
bom/pom.xml | 2 +-
credentials/pom.xml | 2 +-
oauth2_http/pom.xml | 2 +-
pom.xml | 2 +-
versions.txt | 12 ++++++------
8 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e7e31c7a9..6f0113b12 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,18 @@
# Changelog
+## [1.3.0](https://www.github.com/googleapis/google-auth-library-java/compare/v1.2.2...v1.3.0) (2021-11-10)
+
+
+### Features
+
+* next release from main branch is 1.3.0 ([#780](https://www.github.com/googleapis/google-auth-library-java/issues/780)) ([1149581](https://www.github.com/googleapis/google-auth-library-java/commit/1149581e63267e3553c74ba2114d849c5b24f27b))
+
+
+### Bug Fixes
+
+* **java:** java 17 dependency arguments ([#1266](https://www.github.com/googleapis/google-auth-library-java/issues/1266)) ([#779](https://www.github.com/googleapis/google-auth-library-java/issues/779)) ([9160a53](https://www.github.com/googleapis/google-auth-library-java/commit/9160a53e6507c1c938795e181c65ad80db1bcf11))
+* service account impersonation with workforce credentials ([#770](https://www.github.com/googleapis/google-auth-library-java/issues/770)) ([6449ef0](https://www.github.com/googleapis/google-auth-library-java/commit/6449ef0922053121a6732933ab9e246965fde3b7))
+
### [1.2.2](https://www.github.com/googleapis/google-auth-library-java/compare/v1.2.1...v1.2.2) (2021-10-20)
diff --git a/README.md b/README.md
index 7d629f110..ca4e686e9 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ If you are using Maven, add this to your pom.xml file (notice that you can repla
com.google.auth
google-auth-library-oauth2-http
- 1.2.2
+ 1.3.0
```
[//]: # ({x-version-update-end})
@@ -41,7 +41,7 @@ If you are using Gradle, add this to your dependencies
[//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
```Groovy
-compile 'com.google.auth:google-auth-library-oauth2-http:1.2.2'
+compile 'com.google.auth:google-auth-library-oauth2-http:1.3.0'
```
[//]: # ({x-version-update-end})
@@ -49,7 +49,7 @@ If you are using SBT, add this to your dependencies
[//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
```Scala
-libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.2.2"
+libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.3.0"
```
[//]: # ({x-version-update-end})
diff --git a/appengine/pom.xml b/appengine/pom.xml
index fc9d9ac24..a769c95fb 100644
--- a/appengine/pom.xml
+++ b/appengine/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 1.2.3-SNAPSHOT
+ 1.3.0
../pom.xml
diff --git a/bom/pom.xml b/bom/pom.xml
index 7871195cc..879b89fe0 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-bom
- 1.2.3-SNAPSHOT
+ 1.3.0
pom
Google Auth Library for Java BOM
diff --git a/credentials/pom.xml b/credentials/pom.xml
index efc1b547e..86cab3d92 100644
--- a/credentials/pom.xml
+++ b/credentials/pom.xml
@@ -4,7 +4,7 @@
com.google.auth
google-auth-library-parent
- 1.2.3-SNAPSHOT
+ 1.3.0
../pom.xml
diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml
index 90edb307e..0c7a505a8 100644
--- a/oauth2_http/pom.xml
+++ b/oauth2_http/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 1.2.3-SNAPSHOT
+ 1.3.0
../pom.xml
diff --git a/pom.xml b/pom.xml
index 6873ac997..1246251e8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-parent
- 1.2.3-SNAPSHOT
+ 1.3.0
pom
Google Auth Library for Java
Client libraries providing authentication and
diff --git a/versions.txt b/versions.txt
index ed801c68e..9b3211db0 100644
--- a/versions.txt
+++ b/versions.txt
@@ -1,9 +1,9 @@
# Format:
# module:released-version:current-version
-google-auth-library:1.2.2:1.2.3-SNAPSHOT
-google-auth-library-bom:1.2.2:1.2.3-SNAPSHOT
-google-auth-library-parent:1.2.2:1.2.3-SNAPSHOT
-google-auth-library-appengine:1.2.2:1.2.3-SNAPSHOT
-google-auth-library-credentials:1.2.2:1.2.3-SNAPSHOT
-google-auth-library-oauth2-http:1.2.2:1.2.3-SNAPSHOT
+google-auth-library:1.3.0:1.3.0
+google-auth-library-bom:1.3.0:1.3.0
+google-auth-library-parent:1.3.0:1.3.0
+google-auth-library-appengine:1.3.0:1.3.0
+google-auth-library-credentials:1.3.0:1.3.0
+google-auth-library-oauth2-http:1.3.0:1.3.0