- Update to version 2.43.0
* Add public wrapper for _mtls_helper.check_use_client_cert which
enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set,
when the MWID/X.509 cert sources detected (#1859) Add public
wrapper for check_use_client_cert which enables mTLS if
GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509
cert sources detected. Also, fix check_use_client_cert to return
boolean value.
Change #1848 added the check_use_client_cert method that helps know
if client cert should be used for mTLS connection. However, that was
in a private class, thus, created a public wrapper of the same function
so that it can be used by python Client Libraries. Also, updated
check_use_client_cert to return a boolean value instead of existing
string value for better readability and future scope.
* Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if
the MWID/X.509 cert sources detected (#1848) The Python SDK will
use a hybrid approach for mTLS enablement:
* If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set
(either true or false), the SDK will respect that setting. This is
necessary for test scenarios and users who need to explicitly control
mTLS behavior.
* If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not
set, the SDK will automatically enable mTLS only if it detects Managed
Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF)
certificate sources. In other cases where the variable is not set, mTLS
will remain disabled.
** This change also adds the helper method `check_use_client_cert` and
it's unit test, which will be used for checking the criteria for setting
the mTLS to true
** This change is only for Auth-Library, other changes will be created
OBS-URL: https://build.opensuse.org/request/show/1316867
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=123
- Update to version 2.40.1
* Disable logging response body for async logs (#1756)
- from version 2.40.0
* Add request response logging to auth (#1678)
* Correct webauthn JSON parsing to be compliant with standard. (#1658)
- from version 2.39.0
* Adds GA support for X.509 workload identity federation (#1695)
* Add impersonated SA via local ADC support for fetch_id_token (#1740)
* Add missing packaging dependency for feature requiring urllib3 (#1732)
* Add request timeout for MDS requests (#1699)
* Explicitly declare support for Python 3.13 ([#1741)
- Refresh python-google-auth-no-mock.patch
OBS-URL: https://build.opensuse.org/request/show/1278404
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=112
- Update to version 2.34.0
* **auth:** Update get_client_ssl_credentials to support X.509 workload certs (#1558)
* Retry token request on retryable status code (#1563)
- from version 2.33.0
* Implement async `StaticCredentials` using access tokens (#1559)
* Implement base classes for credentials and request sessions (#1551)
* **metadata:** Enhance retry logic for metadata server access in _metadata.py (#1545)
* Update argument for Credentials initialization (#1557)
- Refresh patches for new version
* python-google-auth-no-mock.patch
OBS-URL: https://build.opensuse.org/request/show/1201529
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=100
- Update to version 2.29.0
* Adds support for custom suppliers in AWS and Identity Pool credentials (#1496)
* Refactor tech debt in aws and identity pool credentials (#1501)
- from version 2.28.2
* Remove gce log for expected 404 (#1491)
- from version 2.28.1
* Typo when setting the state for the pickle deserializer. (#1479)
- from version 2.28.0
* Adding universe domain support for downscroped credentials (#1463)
* Change log level to debug for return_none_for_not_found_error (#1473)
* Make requests import conditional for gce universe domain (#1476)
- Refresh patches for new version
* python-google-auth-no-mock.patch
OBS-URL: https://build.opensuse.org/request/show/1174827
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=92
* Add optional account association for Authorized User
credentials.
* Allow custom universe domain for gce creds
* Conditionally import requests only if no request was passed
by the caller.
- update to 2.26.2:
* Read universe_domain for external account authorized user
- update to 2.26.1:
* Ensure that refresh worker is pickle-able.
- update to 2.26.0:
* Add optional non blocking refresh for sync auth code
* Add optional non blocking refresh for sync auth code
* External account user cred universe domain support
* Guard delete statements. Add default fallback for
_use_non_blocking_refresh.
- update to 2.25.2:
* Fix user cred universe domain issue
- update to 2.25.1:
* Fix vm universe_domain bug
- update to 2.25.0:
* Add custom tls signer for ECP Provider.
* Add custom tls signer for ECP Provider.
* Add with_universe_domain
* Fixes issue where Python37DeprecationWarning cannot be
filtered
- update to 2.24.0:
* Add support for Python 3.12
* Add universe domain support for VM cred
* Modify the token refresh window
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=84
- Update to 2.21.0
* Add framework for BYOID metrics headers (#1332)
* Pypy unit test build (#1335)
- from version 2.20.0
* Add public API load_credentials_from_dict (#1326)
* Expiry in compute_engine.IDTokenCredentials (#1327), closes (#1323)
* Expiry in impersonated_credentials.IDTokenCredentials (#1330)
* Invalid `dev` version identifiers in `setup.py` (#1322), closes (#1321)
- from version 2.19.1
* Check id token error response (#1315)
* Fix "AttributeError: 'str' object has no attribute 'get'" (dac7cc3)
* Replacing abc.com with example.com (dac7cc3)
- from version 2.19.0
* Add metrics (part 1) (#1298)
* Add metrics (part 2) (#1303)
* Add metrics (part 3) (#1305)
* Expose `universe_domain` for external account creds (#1296)
* Remove python 2.7 from setup.py and nox tests (#1301)
- from version 2.18.1
* Self signed jwt token should be string type (#1294)
- from version 2.18.0
* Add smbios check to detect GCE residency (#1276)
* Universe domain support for service account (#1286)
- Refresh patches for new version
* python-google-auth-no-mock.patch
OBS-URL: https://build.opensuse.org/request/show/1095583
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=64
- Remove no-python3.patch
- Update to 2.17.3:
* Add useEmailAzp claim for id token iam flow (#1270) (7a9c6f2)
- 2.17.2:
* Do not create new JWT credentials if they make the same claims as
the existing. (#1267) (eebb7b6)
- 2.17.1:
* Print out reauth plugin error and raise if challenge output is
None (#1265) (08d22fe)
- 2.17.0:
* Experimental service account iam endpoint flow for id token
(#1258) (8ff0de5)
* Python: Remove aws url validation (#1254) (20a966b)
- 2.16.3:
* Read both applicationId and relyingPartyId. (#1246) (e125dfe)
- 2.16.2:
* Call gcloud config get project to get project for user cred
(#1243) (c078a13)
* Do not use hardcoded string 'python', when you mean
sys.executable. (#1233) (91ac8e6)
* Don't retry if error or error_description is not string (#1241)
(e2d263a)
* Improve ADC related errors and warnings (#1237) (2dfa213)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=60
- Update to 2.16.1
* Add support for python 3.11 (#1212)
* Remove 3PI config url validation (#1220)
* Update the docs generator interpreter to unblock documentation build (#1218)
- from version 2.16.0
* AwsCredentials should not call metadata server if security creds and region
are retrievable through the environment variables (#1195)
* Wrap all python built-in exceptions into library excpetions (#1191)
* Allow get_project_id to take a request (#1203)
* Make OAUTH2.0 client resistant to string type 'expires_in' responses from
non-compliant services (#1208)
- Drop obsolete patches
* ga_python-executable-name.patch
- Refresh patches for new version
* no-python3.patch
OBS-URL: https://build.opensuse.org/request/show/1068671
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=54
- Update to 2.14.0
* Add token_info_url to external account credentials (#1168)
* Read Quota Project from Environment Variable (#1163)
* Adding more properties to external_account_authorized_user (#1169)
- from version 2.13.0
* Adds new external account authorized user credentials (#1160)
* Implement pluggable auth interactive mode (#1131)
* Introduce the functionality to override token_uri in credentials (#1159)
* Adding one more pattern to relax the regex check for sts and
impersonation url endpoints (#1158)
- Refresh patches for new version
* python-google-auth-no-mock.patch
OBS-URL: https://build.opensuse.org/request/show/1034209
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=45
- Update to 2.11.0
* add integration tests for configurable token lifespan (#1103)
* Async certificate retrieving (#1101)
- from version 2.10.0
* add integration tests for pluggable auth (#1073)
* support for configurable token lifetime (0dc6a9a)
* support for configurable token lifetime (#1079)
* async certificate decoding (#1085)
* Async system tests were not unwrapping async_generators (#1086)
* Fix IDTokenCredentials update bug [#1072)
* make expiration_time optional in response schema (#1091)
* refactor credential subclass parameters (#1095)
- from version 2.9.1
* there was a raise missing for throwing exceptions (#1077)
- from version 2.9.0
* pluggable auth support (#1045)
- from version 2.8.0
* add experimental GDCH support (#1044)
- Refresh patches for new version
* python-google-auth-no-mock.patch
* add experimental enterprise cert support
* add experimental GDCH support
* Pluggable auth support
* validate urls for external accounts
* revert experimental GDCH support
* fix changelog header to consistent size
* silence TypeError during tear down stage
* add additional missing import in _default.py
* fix missing import in _default.py
OBS-URL: https://build.opensuse.org/request/show/1001906
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=41
- Update to 2.6.3
Bug Fixes
* change requests lib import place (#1010)
* clean up HTTP session and pool during tear down phase (#1007)
* pin click version and update sys test creds (#1008)
- from version 2.6.2
Bug Fixes
* Rename aws imdsv2 url field and update token lifetime (#982)
Miscellaneous Chores
* let release-please finish the release (#991)
- from version 2.6.1
Bug Fixes
* Add AWS session token to metadata requests (#958)
- from version 2.6.0
Features
* ADC can load an impersonated service account credentials. (#962)
Bug Fixes
* revert "feat: add api key support (#826)
OBS-URL: https://build.opensuse.org/request/show/967831
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=32
