feat(mtls): Add support for X.509-based mTLS-transport in Java GAX lib #3852
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ateBasedAccess helper
…vider in channel providers.
lqiu96
reviewed
Jun 30, 2025
| @Nullable private final Boolean allowNonDefaultServiceAccount; | ||
| @VisibleForTesting final ImmutableMap<String, ?> directPathServiceConfig; | ||
| @Nullable private final MtlsProvider mtlsProvider; | ||
| @Nullable private final CertificateBasedAccess certificateBasedAccess; |
There was a problem hiding this comment.
qq, I believe below has a default value for the certificateBasedAccess. What's the reason this should be Nullable?
There was a problem hiding this comment.
So the "CertificateBasedAccess" is essentially a couple of helper functions that was moved out of the original MtlsProvider implementation, and since the previous MtlsProvider was Nullable, this was also marked Nullable to retain the same semantics - my hunch is that we should keep it Nullable for maximum compatibility/flexibility.
There was a problem hiding this comment.
I see. The old MtlsProvider was public in name, but we didn't allow users to set it into the client. I don't think we have direct use cases of users using it and I don't think we need to maintain compatibility for it.
If possible, I would rather have this be non-null so we don't need the null checks. I think this could also be the same with the new MtlsProvider above since there is a default one created below.
There was a problem hiding this comment.
Oh wait, I think the MtlsProvider must remain Nullable given the possibility of CertificateSourceUnavailableException.
There was a problem hiding this comment.
So yes, I think MtlsProvider should remain Nullable. Would you like to keep CertificateBasedAccess Nullable as well or change it to non-nullable? I don't have a strong preference either way. LMK Thanks!
There was a problem hiding this comment.
I think MtlsProvider must remain Nullable and CertificateBasedAccess can be non-Nullable. Preference for CertificateBasedAccess to be non-nullable so that we don't need so many null checks in the logic below and in other files.
There was a problem hiding this comment.
I updated the latest revision to mark MtlsProvider Nullable and CertificateBasedAccess NonNullable in the HTTP/gRPC channel providers for consistency. However, CertificateBasedAccess is left as @nullable in EndpointContext, since removing it broke compilation for a ton of tests... (will revisit if needed.)
lqiu96
reviewed
Jun 30, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jun 30, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jun 30, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jun 30, 2025
...ava/gax-grpc/src/test/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProviderTest.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jun 30, 2025
gax-java/gax/src/main/java/com/google/api/gax/rpc/mtls/CertificateBasedAccess.java
Show resolved
Hide resolved
lqiu96
reviewed
Jul 11, 2025
gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jul 11, 2025
gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jul 11, 2025
Comment on lines
+1288
to
+1305
| if (certificateBasedAccess == null) { | ||
| certificateBasedAccess = CertificateBasedAccess.createWithSystemEnv(); | ||
| } | ||
| if (certificateBasedAccess.useMtlsClientCertificate()) { | ||
| if (mtlsProvider == null) { | ||
| // Attempt to create default MtlsProvider from environment. | ||
| try { | ||
| mtlsProvider = DefaultMtlsProviderFactory.create(); | ||
| } catch (CertificateSourceUnavailableException e) { | ||
| // This is okay. Leave mtlsProvider as null so that we will not auto-upgrade | ||
| // to mTLS endpoints. See https://google.aip.dev/auth/4114. | ||
| } catch (IOException e) { | ||
| LOG.log( | ||
| Level.WARNING, | ||
| "DefaultMtlsProviderFactory encountered unexpected IOException: " + e.getMessage()); | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
qq, I noticed that this rough logic also exists here and in the EndpointContext. What's the reason that it needs to exist in the gRPC Channel Provider as well as EndpointContext?
There was a problem hiding this comment.
Yes good question. The issue is that EndpointContext is responsible for "endpoint resolution", which takes a dependency on the availability of mTLS (i.e. use mTLS endpoint only if mTLS support is available) - see the complicated "determineEndpoint" function. In the other 2 locations (gRPC/HTTP channel provider), they are used for configuring the TLS settings of the Channel themselves.
There was a problem hiding this comment.
In the other 2 locations (gRPC/HTTP channel provider), they are used for configuring the TLS settings of the Channel themselves.
Sorry, can you elaborate on this point? I wasn't aware there was settings that MtlsProvider itself was configuring anything. Can you link me to how it's configure TLS settings on the channel?
My assumption was that it was only using the MtlsProvider logic (i.e. checking for env var) to see if Mtls was to be enabled and not touching anything on the channel.
There was a problem hiding this comment.
Let me clarify, for gRPC/HTTP channel provider, the "mtlsKeyStore" is used for creating the mTLS-enabled transport as seen in the code snippet below:
HttpTransport createHttpTransport() throws IOException, GeneralSecurityException {
if (certificateBasedAccess == null || mtlsProvider == null) {
return null;
}
if (certificateBasedAccess.useMtlsClientCertificate()) {
KeyStore mtlsKeyStore = mtlsProvider.getKeyStore();
if (mtlsKeyStore != null) {
return new NetHttpTransport.Builder().trustCertificates(null, mtlsKeyStore, "").build();
}
}
return null;
}
The channel providers have no reference to the EndpointContext, so need to independently calculate and bootstrap the mTLS provider.
There was a problem hiding this comment.
I see, thanks for the explanation.
In this case, I think what we have previously configured is probably a mistake (i.e. configuring multiple separate MtlsProviders). I think realistically the flow should be
- EndpointContext creates the MtlsProvider and CertificateBasedAccess class that is used to compute the endpoint
- gRPC and HttpJson channel providers get the MtlsProvider and CertificateBasedAccess classes that were created in the endpointcontext
However, I think in order for that to be done, we'll need to create public methods inside TransportChannelProvider to allow access to them. It is possible with adding InternalApi and we have done previously to access mtlsEndpoint.
Let me think about the options a bit more. I think what you have is based on the existing code and should work, but I think it previously wasn't configured the best/ correctly and would love to try and fix it if possible.
There was a problem hiding this comment.
Thanks @andyrzhao, taking a look at this and I don't think there is a clear best way to do this.
Since it looks like these implementations (EndpointContext, GrpcChannelProvider, HttpJsonChannelProvider) are private implementations and not accessible to customers, I think I'm fine with keep it as-is. Adding public methods to clean this up can be done in a future time and perhaps a better implementation can also be found. The new implementation follows the old one and I don't think this would be a regression.
Would you mind creating an issue in our repo to track that future enhancement?
There was a problem hiding this comment.
Thanks Lawerence! Created #3872
lqiu96
reviewed
Jul 16, 2025
gax-java/gax/src/test/java/com/google/api/gax/rpc/testing/FakeMtlsProvider.java
Show resolved
Hide resolved
|
/gcbrun |
lqiu96
reviewed
Jul 16, 2025
gax-java/gax/src/test/java/com/google/api/gax/rpc/mtls/CertificateBasedAccessTest.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Jul 16, 2025
gax-java/gax/src/test/java/com/google/api/gax/rpc/mtls/CertificateBasedAccessTest.java
Outdated
Show resolved
Hide resolved
lqiu96
approved these changes
Jul 25, 2025
|
/gcbrun |
zhumin8
pushed a commit
that referenced
this pull request
Aug 4, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.61.0</summary> ## [2.61.0](v2.60.2...v2.61.0) (2025-08-04) ### Features * **mtls:** Add support for X.509-based mTLS-transport in Java GAX lib ([#3852](#3852)) ([2d02344](2d02344)) ### Bug Fixes * improve error messaging for LRO CancellationException ([#3873](#3873)) ([9cae675](9cae675)) * make generation config update logs verbose ([#3764](#3764)) ([9b1a34b](9b1a34b)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
lqiu96
pushed a commit
that referenced
this pull request
Aug 5, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.61.0</summary> ## [2.61.0](v2.60.2...v2.61.0) (2025-08-04) ### Features * **mtls:** Add support for X.509-based mTLS-transport in Java GAX lib ([#3852](#3852)) ([2d02344](2d02344)) ### Bug Fixes * improve error messaging for LRO CancellationException ([#3873](#3873)) ([9cae675](9cae675)) * make generation config update logs verbose ([#3764](#3764)) ([9b1a34b](9b1a34b)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
lqiu96
pushed a commit
that referenced
this pull request
Aug 12, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.61.0</summary> ## [2.61.0](v2.60.2...v2.61.0) (2025-08-04) ### Features * **mtls:** Add support for X.509-based mTLS-transport in Java GAX lib ([#3852](#3852)) ([2d02344](2d02344)) ### Bug Fixes * improve error messaging for LRO CancellationException ([#3873](#3873)) ([9cae675](9cae675)) * make generation config update logs verbose ([#3764](#3764)) ([9b1a34b](9b1a34b)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
Aug 20, 2025
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.60.0` -> `2.61.0` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.59.0` -> `2.60.0` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.59.0` -> `2.60.0` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.69.0` -> `2.70.0` | | [org.jetbrains.kotlin.jvm](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin.plugin.jpa](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin.plugin.allopen](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-test](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-stdlib-jdk8](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-reflect](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-noarg](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-gradle-plugins-bom](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-compiler-embeddable](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [org.jetbrains.kotlin:kotlin-bom](https://kotlinlang.org/) ([source](https://github.com/JetBrains/kotlin)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.1.20` -> `2.1.21` | | [com.github.docker-java:docker-java-transport-httpclient5](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.5.3` -> `3.6.0` | | [com.github.docker-java:docker-java-transport](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.5.3` -> `3.6.0` | | [com.github.docker-java:docker-java-core](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.5.3` -> `3.6.0` | | [com.github.docker-java:docker-java-api](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.5.3` -> `3.6.0` | | [com.github.docker-java:docker-java](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.5.3` -> `3.6.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:regions](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.25` -> `2.32.26` | --- ### Release Notes <details> <summary>googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)</summary> ### [`v2.61.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2610-2025-08-04) ##### Features - **mtls:** Add support for X.509-based mTLS-transport in Java GAX lib ([#​3852](googleapis/sdk-platform-java#3852)) ([2d02344](googleapis/sdk-platform-java@2d02344)) ##### Bug Fixes - improve error messaging for LRO CancellationException ([#​3873](googleapis/sdk-platform-java#3873)) ([9cae675](googleapis/sdk-platform-java@9cae675)) - make generation config update logs verbose ([#​3764](googleapis/sdk-platform-java#3764)) ([9b1a34b](googleapis/sdk-platform-java@9b1a34b)) </details> <details> <summary>JetBrains/kotlin (org.jetbrains.kotlin.jvm)</summary> ### [`v2.1.21`](https://github.com/JetBrains/kotlin/releases/tag/v2.1.21): Kotlin 2.1.21 ##### Changelog ##### Backend. Native. Debug - [`KT-75991`](https://youtrack.jetbrains.com/issue/KT-75991) Xcode 16.3: Fix lldb stepping test over an inline function ##### Compiler - [`KT-75992`](https://youtrack.jetbrains.com/issue/KT-75992) Xcode 16.3: stacktraces on simulators are not symbolicated - [`KT-76663`](https://youtrack.jetbrains.com/issue/KT-76663) KJS: KotlinNothingValueException caused by expression return since 2.1.20 - [`KT-75756`](https://youtrack.jetbrains.com/issue/KT-75756) Backend Internal error: Exception during IR lowering when trying to access variable from providedProperties in class within kotlin custom script - [`KT-76209`](https://youtrack.jetbrains.com/issue/KT-76209) CONFLICTING\_UPPER\_BOUNDS on `Nothing` bound - [`KT-70352`](https://youtrack.jetbrains.com/issue/KT-70352) K2: False-negative CONFLICTING\_UPPER\_BOUNDS on `Nothing` bound - [`KT-74739`](https://youtrack.jetbrains.com/issue/KT-74739) Native: "IllegalArgumentException: All constructors should've been lowered: FUNCTION\_REFERENCE" - [`KT-75483`](https://youtrack.jetbrains.com/issue/KT-75483) Native: redundant unboxing generated with smart cast - [`KT-71425`](https://youtrack.jetbrains.com/issue/KT-71425) IR Inliner: investigate return type of an inlined block ##### Native - [`KT-76252`](https://youtrack.jetbrains.com/issue/KT-76252) Native: executable crash with generic value classes with 2.1.20 ##### Native. C and ObjC Import - [`KT-75781`](https://youtrack.jetbrains.com/issue/KT-75781) Xcode 16.3: Fix cinterop tests failing with fatal error: could not build module '\_stdint' ##### Native. Runtime. Memory - [`KT-74280`](https://youtrack.jetbrains.com/issue/KT-74280) Native: GC.collect crashes with -Xallocator=std ##### Tools. CLI - [`KT-75588`](https://youtrack.jetbrains.com/issue/KT-75588) \[2.1.20-RC] "was compiled by a pre-release version of Kotlin and cannot be loaded by this version of the compiler" warnings despite using the same compiler version - [`KT-74663`](https://youtrack.jetbrains.com/issue/KT-74663) kotlinc-js CLI: not providing -ir-output-dir results in NullPointerException ##### Tools. Compiler Plugins - [`KT-76162`](https://youtrack.jetbrains.com/issue/KT-76162) "IllegalStateException: No mapping for symbol: VALUE\_PARAMETER INSTANCE\_RECEIVER" after updating to 2.1.20 ##### Tools. Gradle - [`KT-73682`](https://youtrack.jetbrains.com/issue/KT-73682) Compatibility with Gradle 8.12 release - [`KT-73142`](https://youtrack.jetbrains.com/issue/KT-73142) Kotlin Gradle plugin: Remove usage of Gradle's internal ExecHandleBuilder - [`KT-36004`](https://youtrack.jetbrains.com/issue/KT-36004) Update 'org.gradle.usage' attribute rules to support the 'JAVA\_API' and 'JAVA\_RUNTIME' value - [`KT-73968`](https://youtrack.jetbrains.com/issue/KT-73968) KotlinDependencyManagement tries to mutate configuration after it was resolved - [`KT-73684`](https://youtrack.jetbrains.com/issue/KT-73684) Run integration tests against Gradle 8.12 - [`KT-72694`](https://youtrack.jetbrains.com/issue/KT-72694) Accessing Task.project during execution is being deprecated in Gradle 8.12 - [`KT-73683`](https://youtrack.jetbrains.com/issue/KT-73683) Compile against Gradle API 8.12 ##### Tools. Gradle. JS - [`KT-77119`](https://youtrack.jetbrains.com/issue/KT-77119) KJS: Gradle: Setting custom environment variables in KotlinJsTest tasks no longer works - [`KT-74735`](https://youtrack.jetbrains.com/issue/KT-74735) KGP uses Gradle internal `CompositeProjectComponentArtifactMetadata` - [`KT-71879`](https://youtrack.jetbrains.com/issue/KT-71879) Notice of upcoming deprecation for Boolean 'is-' properties in Gradle Groovy scripts ##### Tools. Gradle. Multiplatform - [`KT-75808`](https://youtrack.jetbrains.com/issue/KT-75808) KGP: MPP with jvm target and Gradle java-test-fixtures is broken - [`KT-75605`](https://youtrack.jetbrains.com/issue/KT-75605) Dependency resolution fails in commonTest/nativeTest source sets for KMP module when depending on another project due to missing PSM - [`KT-75512`](https://youtrack.jetbrains.com/issue/KT-75512) Maven-publish: ArtifactId is not correct in`pom` file with customized `withXml` ##### Tools. Incremental Compile - [`KT-62555`](https://youtrack.jetbrains.com/issue/KT-62555) Wrong ABI fingerprint for inline function containing a lambda - [`KT-75883`](https://youtrack.jetbrains.com/issue/KT-75883) Follow-up: switch from INSTANCE heuristic to outerClass chain ##### Tools. Kapt - [`KT-75936`](https://youtrack.jetbrains.com/issue/KT-75936) K2 KAPT: unsupported FIR element kinds in constant evaluation - [`KT-75942`](https://youtrack.jetbrains.com/issue/KT-75942) K2 KAPT: underscore not allowed here ##### Tools. Scripts - [`KT-76424`](https://youtrack.jetbrains.com/issue/KT-76424) Dependencies in main.kts not working with 2.1.20 - [`KT-76296`](https://youtrack.jetbrains.com/issue/KT-76296) Kotlin script compiler crashes when secondary constructor calls a function - [`KT-75589`](https://youtrack.jetbrains.com/issue/KT-75589) Scripts: "IndexOutOfBoundsException in jdk.internal.util.Preconditions.outOfBounds" when trying to extend a class which uses global variable ##### Tools. Wasm - [`KT-76161`](https://youtrack.jetbrains.com/issue/KT-76161) Wasm: "export startUnitTests was not found" after updating to Kotlin 2.1.20 </details> <details> <summary>docker-java/docker-java (com.github.docker-java:docker-java-transport-httpclient5)</summary> ### [`v3.6.0`](https://github.com/docker-java/docker-java/releases/tag/3.6.0) [Compare Source](docker-java/docker-java@3.5.3...3.6.0) ##### Changes - Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 [@​dependabot](https://github.com/dependabot) ([#​2486](docker-java/docker-java#2486)) - Bump jersey.version from 2.30.1 to 2.47 [@​dependabot](https://github.com/dependabot) ([#​2496](docker-java/docker-java#2496)) - Bump netty.version from 4.2.3.Final to 4.2.4.Final [@​dependabot](https://github.com/dependabot) ([#​2494](docker-java/docker-java#2494)) - Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 [@​dependabot](https://github.com/dependabot) ([#​2489](docker-java/docker-java#2489)) - Bump jackson.version from 2.18.4 to 2.19.2 [@​dependabot](https://github.com/dependabot) ([#​2485](docker-java/docker-java#2485)) - Bump commons-io:commons-io from 2.19.0 to 2.20.0 [@​dependabot](https://github.com/dependabot) ([#​2480](docker-java/docker-java#2480)) - Bump org.junit.jupiter:junit-jupiter from 5.13.3 to 5.13.4 [@​dependabot](https://github.com/dependabot) ([#​2482](docker-java/docker-java#2482)) - Bump org.junit.jupiter:junit-jupiter from 5.13.2 to 5.13.3 [@​dependabot](https://github.com/dependabot) ([#​2469](docker-java/docker-java#2469)) - Bump netty.version from 4.2.2.Final to 4.2.3.Final [@​dependabot](https://github.com/dependabot) ([#​2477](docker-java/docker-java#2477)) - Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 [@​dependabot](https://github.com/dependabot) ([#​2478](docker-java/docker-java#2478)) - Fix typo 'deamon' to 'daemon' [@​sehyuk080101](https://github.com/sehyuk080101) ([#​2476](docker-java/docker-java#2476)) ##### 📈 Enhancements - Add support for container wait conditions [@​tejksat](https://github.com/tejksat) ([#​2487](docker-java/docker-java#2487)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 67c534111b00bc4c6a439915d184f36b5fd21ae7
lqiu96
pushed a commit
that referenced
this pull request
Aug 21, 2025
#3852) Fixes #3851 - Refactors mTLS code path to use new CertificateBasedAccess class to determine mTLS behavior based on env vars. - Refactors mTLS code path to use DefaultMtlsProviderFactory from Java auth lib for creating a default mTLS provider using either the legacy SecureConnect mtls provider or the newer X.509 mtls provider, depending on availability.
lqiu96
pushed a commit
that referenced
this pull request
Aug 21, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.61.0</summary> ## [2.61.0](v2.60.2...v2.61.0) (2025-08-04) ### Features * **mtls:** Add support for X.509-based mTLS-transport in Java GAX lib ([#3852](#3852)) ([2d02344](2d02344)) ### Bug Fixes * improve error messaging for LRO CancellationException ([#3873](#3873)) ([9cae675](9cae675)) * make generation config update logs verbose ([#3764](#3764)) ([9b1a34b](9b1a34b)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
lqiu96
pushed a commit
that referenced
this pull request
Aug 27, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.61.0</summary> ## [2.61.0](v2.60.2...v2.61.0) (2025-08-04) ### Features * **mtls:** Add support for X.509-based mTLS-transport in Java GAX lib ([#3852](#3852)) ([2d02344](2d02344)) ### Bug Fixes * improve error messaging for LRO CancellationException ([#3873](#3873)) ([9cae675](9cae675)) * make generation config update logs verbose ([#3764](#3764)) ([9b1a34b](9b1a34b)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3851