python/python-google-auth
SHA256
15
0
Fork 0
forked from pool/python-google-auth
Code Pull Requests Activity

- Update to version 2.47.0

Browse Source 
* drop `cachetools` dependency in favor of simple local implementation (#1590)
  * Python 3.8 support (#1918)
- from version 2.46.0
  * update urllib3 docstrings for v2 compatibility (#1903)
  * Recognize workload certificate config in has_default_client_cert_source
    for mTLS for Agentic Identities (#1907)
  * add types to default and verify_token and Request __init__ based on comments
    in the source code. (#1588)
  * fix the document of secure_authorized_session (#1536)
  * remove setup.cfg configuration for creating universal wheels (#1693)
  * use .read() instead of .content.read() in aiohttp transport (#1899)
  * raise RefreshError for missing token in impersonated credentials (#1897)
  * Fix test coverage for mtls_helper (#1886)
- Drop python-google-auth-no-mock.patch, fixed upstream
- Update BuildRequires and Requires from setup.py

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=129
This commit is contained in:
Markéta Machová
2026-01-12 12:29:47 +00:00
committed by Git OBS Bridge
commit f300879b70
12 changed files with 1099 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.osc

3
google_auth-2.40.3.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:500c3a29adedeb36ea9cf24b8d10858e152f2412e3ca37829b3fa18e33d63b77
size 281029

3
google_auth-2.41.1.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b76b7b1f9e61f0cb7e88870d14f6a94aeef248959ef6992670efee37709cbfd2
size 292284

3
google_auth-2.42.1.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:30178b7a21aa50bffbdc1ffcb34ff770a2f65c712170ecd5446c4bef4dc2b94e
size 295541

3
google_auth-2.43.0.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:88228eee5fc21b62a1b5fe773ca15e67778cb07dc8363adcb4a8827b52d81483
size 296359

3
google_auth-2.45.0.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:90d3f41b6b72ea72dd9811e765699ee491ab24139f34ebf1ca2b9cc0c38708f3
size 320708

3
google_auth-2.47.0.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:833229070a9dfee1a353ae9877dcd2dec069a8281a4e72e72f77d4a70ff945da
size 323719

50
pytest9.patch Normal file
View File

@@ -0,0 +1,50 @@
From 5c372a92bf5086f1b63eaa8979fc13c5c0ce9dc9 Mon Sep 17 00:00:00 2001
From: Lingqing Gan <lingqing.gan@gmail.com>
Date: Mon, 10 Nov 2025 15:58:56 -0800
Subject: [PATCH] chore: update secret and fix pytest issue (#1868)
---
system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes
tests/transport/aio/test_sessions.py | 22 ++++++++++++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/tests/transport/aio/test_sessions.py b/tests/transport/aio/test_sessions.py
index c91a7c40a..742f863d0 100644
--- a/tests/transport/aio/test_sessions.py
+++ b/tests/transport/aio/test_sessions.py
@@ -32,8 +32,13 @@
@pytest.fixture
-async def simple_async_task():
- return True
+def simple_async_task():
+ # Wrap async fixture within a synchronous fixture to suppress pytest.PytestRemovedIn9Warning
+ # See https://docs.pytest.org/en/stable/deprecations.html#sync-test-depending-on-async-fixture
+ async def inner_fixture():
+ return True
+
+ return inner_fixture()
class MockRequest(Request):
@@ -151,10 +156,15 @@ class TestAsyncAuthorizedSession(object):
credentials = AnonymousCredentials()
@pytest.fixture
- async def mocked_content(self):
- content = [b"Cavefish ", b"have ", b"no ", b"sight."]
- for chunk in content:
- yield chunk
+ def mocked_content(self):
+ # Wrap async fixture within a synchronous fixture to suppress pytest.PytestRemovedIn9Warning
+ # See https://docs.pytest.org/en/stable/deprecations.html#sync-test-depending-on-async-fixture
+ async def inner_fixture():
+ content = [b"Cavefish ", b"have ", b"no ", b"sight."]
+ for chunk in content:
+ yield chunk
+
+ return inner_fixture()
@pytest.mark.asyncio
async def test_constructor_with_default_auth_request(self):

0
python-google-auth-no-mock.patch Normal file
View File

921
python-google-auth.changes Normal file
View File

@@ -0,0 +1,921 @@
-------------------------------------------------------------------
Mon Jan 12 11:00:50 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.47.0
* drop `cachetools` dependency in favor of simple local implementation (#1590)
* Python 3.8 support (#1918)
- from version 2.46.0
* update urllib3 docstrings for v2 compatibility (#1903)
* Recognize workload certificate config in has_default_client_cert_source
for mTLS for Agentic Identities (#1907)
* add types to default and verify_token and Request __init__ based on comments
in the source code. (#1588)
* fix the document of secure_authorized_session (#1536)
* remove setup.cfg configuration for creating universal wheels (#1693)
* use .read() instead of .content.read() in aiohttp transport (#1899)
* raise RefreshError for missing token in impersonated credentials (#1897)
* Fix test coverage for mtls_helper (#1886)
- Drop python-google-auth-no-mock.patch, fixed upstream
- Update BuildRequires and Requires from setup.py
-------------------------------------------------------------------
Mon Jan 5 10:54:00 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.45.0
* Adding Agent Identity bound token support and handling certificate
mismatches with retries (#1890)
- from version 2.44.0
* MDS connections use mTLS (#1856)
* support Python 3.14 (#1822)
* add ecdsa p-384 support (#1872)
* Add shlex to correctly parse executable commands with spaces (#1855)
* Implement token revocation in STS client and add revoke() method
to ExternalAccountAuthorizedUser credentials (#1849)
* Add temporary patch to workload cert logic to accomodate Cloud Run
mis-configuration (#1880)
* Delegate workload cert and key default lookup to helper function (#1877)
* Use public refresh method for source credentials in
ImpersonatedCredentials (#1884)
- Drop pytest9.patch, merged upstream
- Refresh python-google-auth-no-mock.patch
-------------------------------------------------------------------
Thu Nov 27 09:54:02 UTC 2025 - Markéta Machová <mmachova@suse.com>
- Add upstream pytest9.patch to fix tests
-------------------------------------------------------------------
Mon Nov 10 09:08:33 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.43.0
* Add public wrapper for _mtls_helper.check_use_client_cert which
enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set,
when the MWID/X.509 cert sources detected (#1859) Add public
wrapper for check_use_client_cert which enables mTLS if
GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509
cert sources detected. Also, fix check_use_client_cert to return
boolean value.
Change #1848 added the check_use_client_cert method that helps know
if client cert should be used for mTLS connection. However, that was
in a private class, thus, created a public wrapper of the same function
so that it can be used by python Client Libraries. Also, updated
check_use_client_cert to return a boolean value instead of existing
string value for better readability and future scope.
* Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if
the MWID/X.509 cert sources detected (#1848) The Python SDK will
use a hybrid approach for mTLS enablement:
* If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set
(either true or false), the SDK will respect that setting. This is
necessary for test scenarios and users who need to explicitly control
mTLS behavior.
* If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not
set, the SDK will automatically enable mTLS only if it detects Managed
Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF)
certificate sources. In other cases where the variable is not set, mTLS
will remain disabled.
** This change also adds the helper method `check_use_client_cert` and
it's unit test, which will be used for checking the criteria for setting
the mTLS to true
** This change is only for Auth-Library, other changes will be created
for Client-Library use-cases.
* onboard `google-auth` to librarian (#1838) This PR onboards `google-auth`
library to the Librarian system.
-------------------------------------------------------------------
Mon Nov 3 12:35:20 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.42.1
* Catch ValueError for json.loads() (#1842)
- from version 2.42.0
* Add trust boundary support for external accounts. (#1809)
* Read scopes from ADC json for impersoanted cred (#1820)
- Refresh python-google-auth-no-mock.patch
-------------------------------------------------------------------
Thu Oct 9 14:33:25 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.41.1
* Suppress deprecation warning for ADC (#1815)
- from version 2.41.0
* Add support for cachetools 6.0 (#1773)
* Add trust boundary support for service accounts and impersonation. (#1778)
* Deprecating load_credentials_from_dict (58b66ec)
* Fix type error in credentials.py for python 3.7 and 3.8 (#1805)
* Update user guide to include x509 feature. (#1802)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Fri Jun 13 15:25:25 UTC 2025 - Markéta Machová <mmachova@suse.com>
- Convert to pip-based build
-------------------------------------------------------------------
Wed Jun 11 08:59:54 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.40.3
* Auth fetch token from default endpoint (#1779)
* Remove unnecessary call to mds service (#1769)
* Retry 504 errors (#1767)
-------------------------------------------------------------------
Fri May 30 06:54:17 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.40.2
* Remove sync response logs in AuthorizedSession
* Update test to consider new error message from cryptography (#1765)
-------------------------------------------------------------------
Mon May 19 13:09:42 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.40.1
* Disable logging response body for async logs (#1756)
- from version 2.40.0
* Add request response logging to auth (#1678)
* Correct webauthn JSON parsing to be compliant with standard. (#1658)
- from version 2.39.0
* Adds GA support for X.509 workload identity federation (#1695)
* Add impersonated SA via local ADC support for fetch_id_token (#1740)
* Add missing packaging dependency for feature requiring urllib3 (#1732)
* Add request timeout for MDS requests (#1699)
* Explicitly declare support for Python 3.13 ([#1741)
- Refresh python-google-auth-no-mock.patch
-------------------------------------------------------------------
Wed Feb 5 13:24:01 UTC 2025 - Markéta Machová <mmachova@suse.com>
- Skip test broken with new pyOpenSSL
* as pyOpenSSL should not be used anymore and continues deprecating
functionality, this library should really be migrated to cryptography,
otherwise we are facing serious problems in the future
* https://github.com/googleapis/google-auth-library-python/issues/1665
-------------------------------------------------------------------
Thu Jan 30 13:30:46 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.38.0
* Adding domain-wide delegation flow in impersonated credential (#1624) (34ee3fe)
* Add warnings regarding consuming externally sourced credentials (d049370)
-------------------------------------------------------------------
Thu Jan 9 11:34:17 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.37.0
* Allow users to use jwk keys for verifying ID token (#1641)
- from version 2.36.1
* Improve user guide for Impersonation and SA (#1627)
- Update BuildRequires and Recommends from setup.py
-------------------------------------------------------------------
Thu Dec 5 11:00:48 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.36.0
* IAM signblob retries (#1600)
* Making IAM endpoint universe-aware (#1604)
* Support External Account Authorized User as a Source
Credential for impersonated credentials in ADC (#1608)
* Adding default parameters to updated interfaces (#1622)
* Change universe_domain to universe-domain (#1613)
* Remove base class to avoid type conflict (#1619)
* Revert templates for iam endpoints (#1614)
* Update secret (#1611)
* Update secret (#1617)
* Update secret (#1621)
-------------------------------------------------------------------
Tue Oct 1 14:24:58 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.35.0
* Add cred info to ADC creds (#1587)
* Add support for asynchronous `AuthorizedSession` api (#1577)
* Remove token_info call from token refresh path (#1595)
- Refresh patches for new version
* python-google-auth-no-mock.patch
- Updates BuildRequires from setup.py
-------------------------------------------------------------------
Tue Sep 17 07:34:24 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.34.0
* **auth:** Update get_client_ssl_credentials to support X.509 workload certs (#1558)
* Retry token request on retryable status code (#1563)
- from version 2.33.0
* Implement async `StaticCredentials` using access tokens (#1559)
* Implement base classes for credentials and request sessions (#1551)
* **metadata:** Enhance retry logic for metadata server access in _metadata.py (#1545)
* Update argument for Credentials initialization (#1557)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Wed Jul 10 08:17:34 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.32.0
* Adds support for X509 workload credential type (#1541)
- Adjust upstream source name in spec file
-------------------------------------------------------------------
Fri Jul 5 10:08:50 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.31.0
* Adds X509 workload cert logic (#1527)
* Added py.typed to MANIFEST.in (#1526)
* Pass trust_env kwarg to ClientSession (#1533)
-------------------------------------------------------------------
Thu Jul 4 08:13:30 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.30.0
* Add WebAuthn plugin component to handle WebAuthn get assertion request (#1464)
* ECP Provider drop cryptography requirement (#1524)
* Enable webauthn plugin for security keys (#1528)
* Fix id_token iam endpoint for non-gdu service credentials (#1506)
* Makes default token_url universe aware (#1514)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Fri May 17 10:36:48 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 2.29.0
* Adds support for custom suppliers in AWS and Identity Pool credentials (#1496)
* Refactor tech debt in aws and identity pool credentials (#1501)
- from version 2.28.2
* Remove gce log for expected 404 (#1491)
- from version 2.28.1
* Typo when setting the state for the pickle deserializer. (#1479)
- from version 2.28.0
* Adding universe domain support for downscroped credentials (#1463)
* Change log level to debug for return_none_for_not_found_error (#1473)
* Make requests import conditional for gce universe domain (#1476)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Thu Mar 14 15:56:13 UTC 2024 - Robert Schweikert <rjschwei@suse.com>
- Do not force transition to Python 3.11 it breaks SUMa
-------------------------------------------------------------------
Tue Mar 5 20:22:30 UTC 2024 - Robert Schweikert <rjschwei@suse.com>
- Obsolete Python 3.6 build for SLE 15 SP4 and openSUSE Leap 15.4 and later
-------------------------------------------------------------------
Mon Feb 26 20:27:21 UTC 2024 - Robert Schweikert <rjschwei@suse.com>
- Version update in SLE 15 SP4 and later (jsc#PED-6697)
-------------------------------------------------------------------
Sun Feb 4 10:13:37 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 2.27.0:
* Add optional account association for Authorized User
credentials.
* Allow custom universe domain for gce creds
* Conditionally import requests only if no request was passed
by the caller.
-------------------------------------------------------------------
Thu Jan 11 14:38:48 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.26.2
* Read universe_domain for external account authorized user (#1450)
-------------------------------------------------------------------
Thu Jan 4 09:50:33 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.26.1
* Ensure that refresh worker is pickle-able. (#1447)
- from version 2.26.0
* Add optional non blocking refresh for sync auth code (a6dc2c3)
* Add optional non blocking refresh for sync auth code (#1368)
* External account user cred universe domain support (#1437)
* Guard delete statements. Add default fallback for _use_non_blocking_refresh. (#1445)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Sat Dec 16 19:27:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.25.2:
* Fix user cred universe domain issue (#1436)
-------------------------------------------------------------------
Thu Dec 7 22:38:03 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.25.1:
* Fix vm universe_domain bug (#1433) (8683520)
* Add custom tls signer for ECP Provider. (39eb287)
* Add custom tls signer for ECP Provider. (#1402) (39eb287)
* Add with_universe_domain (#1408) (505910c)
* Fixes issue where Python37DeprecationWarning cannot be
filtered (#1428) (f22f767)
* Remove broken link in Python37DeprecationWarning (#1430)
* Add support for Python 3.12 (#1421) (307916c)
* Add universe domain support for VM cred (#1409) (7ab0fce)
* Modify the token refresh window (#1419) (c6af1d6)
* Add missing before request to async oauth2 credentials.
(#1420) (8eaa878)
* Auto create self signed jwt cred (#1418) (6c610a5)
* Migrate datetime.utcnow for python 3.12 (#1413) (e4d9c27)
* Update user cred doc (#1414) (3f426bc)
-------------------------------------------------------------------
Fri Nov 24 13:58:43 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.23.4
* Export detect_gce_residency_linux function (#1403)
- from version 2.23.3
* Serialize signer keys on __getstate__ for pickling (#1394),
closes (#1383)
-------------------------------------------------------------------
Tue Oct 3 12:48:18 UTC 2023 - Markéta Machová <mmachova@suse.com>
- update to 2.23.2
* Less restrictive content-type header check for google authentication
* Trust boundary meta header renaming
* Support urllib3 2.0
-------------------------------------------------------------------
Thu Sep 21 12:09:25 UTC 2023 - Ondřej Súkup <mimi.vx@gmail.com>
- refresh python-google-auth-no-mock.patch
- update to 2.23.0
* Expose universe domain in credentials
* Make external_account resistant to string type 'expires_in' responses from non-compliant services
* Missing ssj for impersonate cred ()
* Skip checking projectid on cred if env var is set
* Add get_bq_config_path() to _cloud_sdk.py
-------------------------------------------------------------------
Mon Aug 14 09:05:07 UTC 2023 - Dirk Müller <dmueller@suse.com>
- unpin urllib3 to resolve conflict with python-kubernetes
-------------------------------------------------------------------
Tue Jul 25 13:44:24 UTC 2023 - ecsos <ecsos@opensuse.org>
- Fix not installable error
-------------------------------------------------------------------
Tue Jul 18 10:56:40 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.22.0
* Adding meta header for trust boundary (#1334)
* Introduce compatibility with native namespace packages (#1205)
* Deprecate UserAccessTokenCredentials (#1344)
- Update file list in %files section
-------------------------------------------------------------------
Mon Jul 10 08:18:34 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Require python-urllib3 < 2.0 if python-urllib3: urllib3 seems not
strictly required, but when it's there, we need it to be older
than version 2.0.
-------------------------------------------------------------------
Tue Jun 27 10:51:30 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.21.0
* Add framework for BYOID metrics headers (#1332)
* Pypy unit test build (#1335)
- from version 2.20.0
* Add public API load_credentials_from_dict (#1326)
* Expiry in compute_engine.IDTokenCredentials (#1327), closes (#1323)
* Expiry in impersonated_credentials.IDTokenCredentials (#1330)
* Invalid `dev` version identifiers in `setup.py` (#1322), closes (#1321)
- from version 2.19.1
* Check id token error response (#1315)
* Fix "AttributeError: 'str' object has no attribute 'get'" (dac7cc3)
* Replacing abc.com with example.com (dac7cc3)
- from version 2.19.0
* Add metrics (part 1) (#1298)
* Add metrics (part 2) (#1303)
* Add metrics (part 3) (#1305)
* Expose `universe_domain` for external account creds (#1296)
* Remove python 2.7 from setup.py and nox tests (#1301)
- from version 2.18.1
* Self signed jwt token should be string type (#1294)
- from version 2.18.0
* Add smbios check to detect GCE residency (#1276)
* Universe domain support for service account (#1286)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Sat May 27 07:26:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
- drop urllib3-2.patch and limit to urllib3 < 2.x as that
matches the requires and avoids coinstallability isuses
-------------------------------------------------------------------
Wed May 10 07:14:23 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add urllib3-2.patch to support newer urllib3 -- gh#googleapis/google-auth-library-python#1290
- Remove no-python3.patch
- Update to 2.17.3:
* Add useEmailAzp claim for id token iam flow (#1270) (7a9c6f2)
- 2.17.2:
* Do not create new JWT credentials if they make the same claims as
the existing. (#1267) (eebb7b6)
- 2.17.1:
* Print out reauth plugin error and raise if challenge output is
None (#1265) (08d22fe)
- 2.17.0:
* Experimental service account iam endpoint flow for id token
(#1258) (8ff0de5)
* Python: Remove aws url validation (#1254) (20a966b)
- 2.16.3:
* Read both applicationId and relyingPartyId. (#1246) (e125dfe)
- 2.16.2:
* Call gcloud config get project to get project for user cred
(#1243) (c078a13)
* Do not use hardcoded string 'python', when you mean
sys.executable. (#1233) (91ac8e6)
* Don't retry if error or error_description is not string (#1241)
(e2d263a)
* Improve ADC related errors and warnings (#1237) (2dfa213)
-------------------------------------------------------------------
Fri Apr 21 12:25:47 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add sle15_python_module_pythons (jsc#PED-68)
-------------------------------------------------------------------
Thu Apr 13 22:41:37 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Make calling of %{sle15modernpython} optional.
-------------------------------------------------------------------
Mon Mar 6 17:10:45 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Remove conflicts and clean up SPEC file.
-------------------------------------------------------------------
Thu Mar 2 11:21:16 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.16.1
* Add support for python 3.11 (#1212)
* Remove 3PI config url validation (#1220)
* Update the docs generator interpreter to unblock documentation build (#1218)
- from version 2.16.0
* AwsCredentials should not call metadata server if security creds and region
are retrievable through the environment variables (#1195)
* Wrap all python built-in exceptions into library excpetions (#1191)
* Allow get_project_id to take a request (#1203)
* Make OAUTH2.0 client resistant to string type 'expires_in' responses from
non-compliant services (#1208)
- Drop obsolete patches
* ga_python-executable-name.patch
- Refresh patches for new version
* no-python3.patch
-------------------------------------------------------------------
Wed Feb 22 20:00:34 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Add no-python3.patch replacing call of the
string literal 'python3' with sys.executable
(gh#googleapis/google-auth-library-python!1233).
-------------------------------------------------------------------
Fri Dec 2 10:25:44 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.15.0
* Add api_key credentials (#1184)
* Introduce a way to provide scopes granted by user (#1189)
* Allow mtls sts endpoint for external account token urls. (#1185)
* CI broken by removal of py.path (#1194)
* Ensure JWT segments have the right types (#1162)
* Updated the lower bound of interactive timeout and fix the kwarg… (#1182)
-------------------------------------------------------------------
Wed Nov 16 15:26:38 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.14.1
* Apply quota project for compute cred in adc (#1177)
* Update minimum required version of cryptography in pyopenssl extra (#1176)
* Validate url domain for aws metadata urls (#1174)
- Update Requires from setup.py
-------------------------------------------------------------------
Tue Nov 8 07:19:56 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Clean up SPEC file, make rpmlint happy.
-------------------------------------------------------------------
Mon Nov 7 13:59:22 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.14.0
* Add token_info_url to external account credentials (#1168)
* Read Quota Project from Environment Variable (#1163)
* Adding more properties to external_account_authorized_user (#1169)
- from version 2.13.0
* Adds new external account authorized user credentials (#1160)
* Implement pluggable auth interactive mode (#1131)
* Introduce the functionality to override token_uri in credentials (#1159)
* Adding one more pattern to relax the regex check for sts and
impersonation url endpoints (#1158)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Fri Oct 14 09:30:55 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.12.0
* Retry behavior (#1113)
* Modify RefreshError exception to use gcloud ADC command. (#1149)
* Revert "Update token refresh threshold from 20 seconds to 5 minutes". (186464b)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Thu Sep 8 12:02:06 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.11.0
* add integration tests for configurable token lifespan (#1103)
* Async certificate retrieving (#1101)
- from version 2.10.0
* add integration tests for pluggable auth (#1073)
* support for configurable token lifetime (0dc6a9a)
* support for configurable token lifetime (#1079)
* async certificate decoding (#1085)
* Async system tests were not unwrapping async_generators (#1086)
* Fix IDTokenCredentials update bug [#1072)
* make expiration_time optional in response schema (#1091)
* refactor credential subclass parameters (#1095)
- from version 2.9.1
* there was a raise missing for throwing exceptions (#1077)
- from version 2.9.0
* pluggable auth support (#1045)
- from version 2.8.0
* add experimental GDCH support (#1044)
- Refresh patches for new version
* python-google-auth-no-mock.patch
-------------------------------------------------------------------
Wed Jun 8 08:53:02 UTC 2022 - pgajdos@suse.com
- version update to 2.7.0
## [2.7.0]
* add experimental enterprise cert support
* add experimental GDCH support
* Pluggable auth support
* validate urls for external accounts
* pluggable auth support [#995]
* revert experimental GDCH support
* fix changelog header to consistent size
## [2.6.6]
* silence TypeError during tear down stage
## [2.6.5]
* add additional missing import in _default.py
## [2.6.4]
* fix missing import in _default.py
- added patches
fix https://github.com/googleapis/google-auth-library-python/issues/1055
+ python-google-auth-no-mock.patch
-------------------------------------------------------------------
Fri Jun 3 16:02:30 UTC 2022 - Markéta Machová <mmachova@suse.com>
- Update to 2.6.6
* fix missing import in _default.py
* add additional missing import in _default.py
* silence TypeError during tear down stage
-------------------------------------------------------------------
Thu Apr 14 21:10:23 UTC 2022 - Ben Greiner <code@bnavigator.de>
- Don't test the converter for the deprecated oauth2client library
-------------------------------------------------------------------
Sat Apr 9 19:20:46 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Improve %files to be more restrictive.
-------------------------------------------------------------------
Fri Apr 8 13:30:25 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.6.3
Bug Fixes
* change requests lib import place (#1010)
* clean up HTTP session and pool during tear down phase (#1007)
* pin click version and update sys test creds (#1008)
- from version 2.6.2
Bug Fixes
* Rename aws imdsv2 url field and update token lifetime (#982)
Miscellaneous Chores
* let release-please finish the release (#991)
- from version 2.6.1
Bug Fixes
* Add AWS session token to metadata requests (#958)
- from version 2.6.0
Features
* ADC can load an impersonated service account credentials. (#962)
Bug Fixes
* revert "feat: add api key support (#826)
-------------------------------------------------------------------
Thu Jan 27 06:49:59 UTC 2022 - Matthias Fehring <buschmann23@opensuse.org>
- Update to 2.5.0
* ADC can load an impersonated service account credentials. (#965)
- from version 2.4.1
* fix urrlib3 import (gh#googleapis/google-auth-library-python#953)
- from version 2.4.0
* add 'py.typed' declaration (#919)
* add api key support (#826)
* deps: allow cachetools 5.0 for python 3.7+
(gh#googleapis/google-auth-library-python#937)
* fix the message format for metadata server exception
(gh#googleapis/google-auth-library-python#916)
- from version 2.3.3
* add fetch_id_token_credentials (gh#googleapis/google-auth-library-python#866)
* fix error in sign_bytes (gh#googleapis/google-auth-library-python#905)
* use 'int.to_bytes' and 'int.from_bytes' for py3
(gh#googleapis/google-auth-library-python#904)
- from version 2.3.2
* add clock_skew_in_seconds to verify_token functions
(gh#googleapis/google-auth-library-python#894)
- from version 2.3.1
* add back python 2.7 for gcloud usage only
(gh#googleapis/google-auth-library-python#892)
- from version 2.3.0
* add support for Python 3.10 (#882)
* ADC with impersonated workforce pools
(gh#googleapis/google-auth-library-python#877)
- from version 2.2.1
* disable self signed jwt for domain wide delegation
(gh#googleapis/google-auth-library-python#873)
- from version 2.2.0
* add support for workforce pool credentials (#868)
- from version 2.1.0
* Improve handling of clock skew (#858)
* add SAML challenge to reauth
(gh#googleapis/google-auth-library-python#819)
* disable warning if quota project id provided to auth.default()
(gh#googleapis/google-auth-library-python#856)
* rename CLOCK_SKEW and separate client/server user case
(gh#googleapis/google-auth-library-python#863)
- from version 2.0.2
* use 'int.to_bytes' rather than deprecated crypto wrapper
(gh#googleapis/google-auth-library-python#848)
* use int.from_bytes (gh#googleapis/google-auth-library-python#846)
-------------------------------------------------------------------
Fri Aug 20 09:17:38 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 2.0.1
* normalize AWS paths correctly on windows (#842)
- from version 2.0.0
* drop support for Python 2.7 (#778)
* service account is able to use a private token endpoint (#835)
* downscoping documentation bugs (#830)
* Fix missing space in error message. (#821)
* update user guide/references for downscoped creds (#827)
- from version 1.34.0
* support refresh callable on google.oauth2.credentials.Credentials (#812)
* do not use the GAE APIs on gen2+ runtimes (#807)
- from version 1.33.1
* fallback to source creds expiration in downscoped tokens (#805)
* revert "feat: service account is able to use a private token endpoint (#784)
- from version 1.33.0
* define `CredentialAccessBoundary` classes (#793)
* define `google.auth.downscoped.Credentials` class (#801)
* service account is able to use a private token endpoint (#784)
* fix fetch_id_token credential lookup order to match adc (#748)
* fix code block formatting in 'user-guide.rst' (#794)
- from version 1.32.1
* avoid leaking sub-session created for '_auth_request' (#789)
- from version 1.32.0
* allow scopes for self signed jwt (#776)
- from version 1.31.0
* define useful properties on `google.auth.external_account.Credentials` (#770)
* avoid deleting items while iterating (#772)
- from version 1.30.2
* **dependencies:** add urllib3 and requests to aiohttp extra (#755)
* enforce constraints during unit tests (#760)
* session object was never used in aiohttp request (#700)
- from version 1.30.1
* allow user to customize context aware metadata path in _mtls_helper (#754)
* fix function name in signing error message (#751)
- from version 1.30.0
* add reauth support to async user credentials for gcloud (#738)
- from version 1.29.0
* add reauth feature to user credentials for gcloud (#727)
* Allow multiple audiences for id_token.verify_token (#733)
- from version 1.28.1
* support custom alg in jwt header for signing (#729)
- from version 1.28.0
* allow the AWS_DEFAULT_REGION environment variable (#721)
* expose library version at `google.auth.__version` (#683)
* fix unit tests so they can work in g3 (#714)
- from version 1.27.1
* ignore gcloud warning when getting project id (#708)
* use gcloud creds flow (#705)
- from version 1.27.0
* workload identity federation support (#698)
* add pyopenssl as extra dependency (#697)
- from version 1.26.1
* fix a typo in the user guide (avaiable -> available) (#680)
* revert workload identity federation support (#691)
- from version 1.26.0
* workload identity federation support (#686)
- from version 1.25.0
* support self-signed jwt in requests and urllib3 transports (#679)
* use self-signed jwt for service account (#665)
- Add patch to fix filename of Python executable in testsuite
+ ga_python-executable-name.patch
- Update BuildRequires from setup.py
-------------------------------------------------------------------
Wed Jan 6 13:16:24 UTC 2021 - Matthias Fehring <buschmann23@opensuse.org>
- Update to 1.24.0
* add Python 3.9 support, drop Python 3.5 support
(gh#googleapis/google-auth-library-python#654)
* avoid losing the original '_include_email' parameter in impersonated
credentials (gh#googleapis/google-auth-library-python#626)
- from version 1.23.0
* Add custom scopes for access tokens from the metadata service
(gh#googleapis/google-auth-library-python#633)
* remove checks for ancient versions of Cryptography
- from version 1.22.1
* move aiohttp to extra as it is currently internal surface
(gh#googleapis/google-auth-library-python#619)
- from version 1.22.0
* add asyncio based auth flow
(gh#googleapis/google-auth-library-python#612)
- from version 1.21.3
* fix expiry for to_json()
(gh#googleapis/google-auth-library-python#589)
- Skip build for python2 as it is not supported anymore and unit tests
can not be run because of unsatisfiable dependencies (mock >= 3.6)
- Add urllib3 to the build requirements needed for testing and remove
cryptography
-------------------------------------------------------------------
Wed Sep 23 13:05:40 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 1.21.2:
* migrate signBlob to iamcredentials.googleapis.com
-------------------------------------------------------------------
Thu Sep 10 12:12:06 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 1.21.1
* dummy commit to trigger a auto release (#597)
- from version 1.21.0
* add GOOGLE_API_USE_CLIENT_CERTIFICATE support (#592)
- from version 1.20.1
* reduce refresh clock skew to 10 seconds (#581)
* set Content-Type header in the request to signBlob API
to avoid Invalid JSON payload error (#439)
- from version 1.20.0
* Add debug logging that can help with diagnosing auth lib. path (#473)
* Show the transport exception that happened for GCE Metadata (#474)
* **packaging:** add support for Python 3.8 (#569), closes (#568)
- from version 1.19.2
* Revert "fix: migrate signBlob to iamcredentials.googleapis.com" (#563)
- from version 1.19.1
* don't add empty quota project (#560)
- from version 1.19.0
* add quota project to base credentials class (#546)
* check 'iss' in `verify_oauth2_token` (#500)
* migrate signBlob to iamcredentials.googleapis.com (#553)
* remove 3.4 from supported versions list (#549)
- from version 1.18.0
* make ``load_credentials_from_file`` a public method (#530)
* no warning if quota_project_id is given (#537)
-------------------------------------------------------------------
Mon Jun 29 16:21:32 UTC 2020 - Sean Marlow <sean.marlow@suse.com>
- Add missing pyOpenSSL test dependency which is listed upstream.
-------------------------------------------------------------------
Thu Jun 18 10:30:04 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 1.17.2
+ Bug Fixes
* narrow acceptable RSA versions to maintain Python 2 compatability (#528)
- from version 1.17.1
+ Features
* add quota_project_id to service accounts; add with_quota_project methods (#519)
- from version 1.16.1
+ Bug Fixes
* fix impersonated cred exception doc (#521)
* replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433)
- from version 1.16.0
+ Features
* add helper func to for default encrypted cert (#514)
+ Bug Fixes
* fix impersonated cred for gcloud (#516)
-------------------------------------------------------------------
Mon May 25 11:24:30 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to 1.15.0:
* encrypted mtls private key support
* signBytes for impersonated credentials
* catch exceptions.RefreshError
* support string type response.data
-------------------------------------------------------------------
Tue Apr 28 07:49:44 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.14.1:
* Many bugixes all around
- Remove no longer needed patch:
* pytest5.patch
- Update the dependencies to match up setup.py and what upstream
really requires
-------------------------------------------------------------------
Mon Jul 22 08:06:53 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Add patch to build with pytest5:
* pytest5.patch
-------------------------------------------------------------------
Fri Mar 15 10:53:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.6.3:
* follow rfc 7515 : strip padding from JWS segments #324 (#324)
* Add retry to _metadata.ping() (#323)
* Announce deprecation of Python 2.7 (#311)
* Link all the PRs in CHANGELOG (#307)
* Automatically refresh impersonated credentials (#304)
* Add google.auth.impersonated_credentials (#299)
* Enable static type checking with pytype (#298)
* Make classifiers in setup.py an array. (#280)
- Drop oauth-no-appengine.patch should not be needed
-------------------------------------------------------------------
Tue Dec 4 12:48:35 UTC 2018 - Matej Cepl <mcepl@suse.com>
- Remove superfluous devel dependency for noarch package
-------------------------------------------------------------------
Wed Sep 12 19:59:10 UTC 2018 - Thomas Bechtold <tbechtold@suse.com>
- update to 1.5.1:
- Fix check for error text on Python 3.7. (#278)
- Use new Auth URIs. (#281)
- Add code-of-conduct document. (#270)
- Fix some typos in test_urllib3.py (#268)
- Warn when using user credentials from the Cloud SDK (#266)
- Add compute engine-based IDTokenCredentials (#236)
- Corrected some typos (#265)
-------------------------------------------------------------------
Tue May 29 15:54:32 UTC 2018 - tbechtold@suse.com
- update to 1.4.2:
- Raise a helpful exception when trying to refresh credentials without
a refresh token. (#262)
- Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
- Fix a typo in credentials.py. (#256)
- Use pytest instead of py.test per upstream recommendation,
#dropthedot. (#255)
- Fix typo on exemple of jwt usage (#245)
- Drop Flask from Requires. It is only needed for testing
-------------------------------------------------------------------
Tue May 8 10:23:49 UTC 2018 - tchvatal@suse.com
- Add patch to not check for oauth appengine which we disable in
openSUSE:
* oauth-no-appengine.patch
-------------------------------------------------------------------
Mon May 7 13:56:36 UTC 2018 - tchvatal@suse.com
- Fix fdupes call and run tests
-------------------------------------------------------------------
Mon May 7 12:58:39 UTC 2018 - adrian.glaubitz@suse.com
- New upstream release (bsc#1088358)
+ Version 1.4.1
- Added a check for the cryptography version before attempting to use it.
+ From version 1.4.0
- Added `cryptography`-based RSA signer and verifier.
- Added `google.oauth2.service_account.IDTokenCredentials`.
- Improved documentation around ID Tokens
+ From version 1.3.0
- Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``.
- Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules``
specify the right version.
- ``default()`` now checks for the project ID environment var before
warning about missing project ID.
- Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``.
- Fixed example in docstring for ``ReadOnlyScoped``.
- Made ``transport.requests`` use timeouts and retries
to improve reliability.
-------------------------------------------------------------------
Sun Nov 19 15:22:10 UTC 2017 - mc@suse.com
- initial version 1.2.1

86
python-google-auth.spec Normal file
View File

@@ -0,0 +1,86 @@
#
# spec file for package python-google-auth
#
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?sle15_python_module_pythons}
Name: python-google-auth
Version: 2.47.0
Release: 0
Summary: Google Authentication Library
License: Apache-2.0
URL: https://github.com/googleapis/google-auth-library-python
Source: https://files.pythonhosted.org/packages/source/g/google_auth/google_auth-%{version}.tar.gz
BuildRequires: %{python_module Flask}
BuildRequires: %{python_module PyJWT >= 2.0}
BuildRequires: %{python_module aiohttp >= 3.6.2}
BuildRequires: %{python_module aioresponses}
BuildRequires: %{python_module cryptography}
BuildRequires: %{python_module freezegun}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module pyOpenSSL >= 22.0.0}
BuildRequires: %{python_module pyasn1-modules >= 0.2.1}
BuildRequires: %{python_module pytest-asyncio}
BuildRequires: %{python_module pytest-localserver}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module pyu2f >= 0.1.5}
BuildRequires: %{python_module requests >= 2.20.0}
BuildRequires: %{python_module responses}
BuildRequires: %{python_module rsa >= 3.1.4}
BuildRequires: %{python_module setuptools >= 40.3.0}
BuildRequires: %{python_module urllib3}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-pyasn1-modules >= 0.2.1
Requires: python-rsa >= 3.1.4
Requires: python-urllib3
Recommends: python-PyJWT >= 2.0
Recommends: python-aiohttp >= 3.6.2
Recommends: python-cryptography >= 38.0.3
Recommends: python-pyOpenSSL >= 22.0.0
Recommends: python-pyu2f >= 0.1.5
Recommends: python-requests >= 2.20.0
BuildArch: noarch
%python_subpackages
%description
This library simplifies using Googles various server-to-server authentication mechanisms to access Google APIs.
%prep
%autosetup -p1 -n google_auth-%{version}
%build
%pyproject_wheel
%install
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
# don't test deprecated oauth2client utilities if we don't have it anymore
# deprecated OpenSSL.crypto started dropping functionality: https://github.com/googleapis/google-auth-library-python/issues/1665
%pytest --ignore tests/test__oauth2client.py -k "not (TestDecryptPrivateKey and test_success)"
%files %{python_files}
%license LICENSE
%doc README.rst
%dir %{python_sitelib}/google
%{python_sitelib}/google/auth
%{python_sitelib}/google/oauth2
%{python_sitelib}/google_auth-%{version}*-info
%changelog