From f300879b70e2ddf2b4935e68ddf897ef2d66e1b22d8c1bf962bf0147b342e1b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Mon, 12 Jan 2026 12:29:47 +0000 Subject: [PATCH] - Update to version 2.47.0 * drop `cachetools` dependency in favor of simple local implementation (#1590) * Python 3.8 support (#1918) - from version 2.46.0 * update urllib3 docstrings for v2 compatibility (#1903) * Recognize workload certificate config in has_default_client_cert_source for mTLS for Agentic Identities (#1907) * add types to default and verify_token and Request __init__ based on comments in the source code. (#1588) * fix the document of secure_authorized_session (#1536) * remove setup.cfg configuration for creating universal wheels (#1693) * use .read() instead of .content.read() in aiohttp transport (#1899) * raise RefreshError for missing token in impersonated credentials (#1897) * Fix test coverage for mtls_helper (#1886) - Drop python-google-auth-no-mock.patch, fixed upstream - Update BuildRequires and Requires from setup.py OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=129 --- .gitattributes | 23 + .gitignore | 1 + google_auth-2.40.3.tar.gz | 3 + google_auth-2.41.1.tar.gz | 3 + google_auth-2.42.1.tar.gz | 3 + google_auth-2.43.0.tar.gz | 3 + google_auth-2.45.0.tar.gz | 3 + google_auth-2.47.0.tar.gz | 3 + pytest9.patch | 50 ++ python-google-auth-no-mock.patch | 0 python-google-auth.changes | 921 +++++++++++++++++++++++++++++++ python-google-auth.spec | 86 +++ 12 files changed, 1099 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 google_auth-2.40.3.tar.gz create mode 100644 google_auth-2.41.1.tar.gz create mode 100644 google_auth-2.42.1.tar.gz create mode 100644 google_auth-2.43.0.tar.gz create mode 100644 google_auth-2.45.0.tar.gz create mode 100644 google_auth-2.47.0.tar.gz create mode 100644 pytest9.patch create mode 100644 python-google-auth-no-mock.patch create mode 100644 python-google-auth.changes create mode 100644 python-google-auth.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/google_auth-2.40.3.tar.gz b/google_auth-2.40.3.tar.gz new file mode 100644 index 0000000..66de373 --- /dev/null +++ b/google_auth-2.40.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:500c3a29adedeb36ea9cf24b8d10858e152f2412e3ca37829b3fa18e33d63b77 +size 281029 diff --git a/google_auth-2.41.1.tar.gz b/google_auth-2.41.1.tar.gz new file mode 100644 index 0000000..c810579 --- /dev/null +++ b/google_auth-2.41.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b76b7b1f9e61f0cb7e88870d14f6a94aeef248959ef6992670efee37709cbfd2 +size 292284 diff --git a/google_auth-2.42.1.tar.gz b/google_auth-2.42.1.tar.gz new file mode 100644 index 0000000..5fa7f21 --- /dev/null +++ b/google_auth-2.42.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30178b7a21aa50bffbdc1ffcb34ff770a2f65c712170ecd5446c4bef4dc2b94e +size 295541 diff --git a/google_auth-2.43.0.tar.gz b/google_auth-2.43.0.tar.gz new file mode 100644 index 0000000..801fe2f --- /dev/null +++ b/google_auth-2.43.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:88228eee5fc21b62a1b5fe773ca15e67778cb07dc8363adcb4a8827b52d81483 +size 296359 diff --git a/google_auth-2.45.0.tar.gz b/google_auth-2.45.0.tar.gz new file mode 100644 index 0000000..5c3b258 --- /dev/null +++ b/google_auth-2.45.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:90d3f41b6b72ea72dd9811e765699ee491ab24139f34ebf1ca2b9cc0c38708f3 +size 320708 diff --git a/google_auth-2.47.0.tar.gz b/google_auth-2.47.0.tar.gz new file mode 100644 index 0000000..39f22b7 --- /dev/null +++ b/google_auth-2.47.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:833229070a9dfee1a353ae9877dcd2dec069a8281a4e72e72f77d4a70ff945da +size 323719 diff --git a/pytest9.patch b/pytest9.patch new file mode 100644 index 0000000..73902b8 --- /dev/null +++ b/pytest9.patch @@ -0,0 +1,50 @@ +From 5c372a92bf5086f1b63eaa8979fc13c5c0ce9dc9 Mon Sep 17 00:00:00 2001 +From: Lingqing Gan +Date: Mon, 10 Nov 2025 15:58:56 -0800 +Subject: [PATCH] chore: update secret and fix pytest issue (#1868) + +--- + system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes + tests/transport/aio/test_sessions.py | 22 ++++++++++++++++------ + 2 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/tests/transport/aio/test_sessions.py b/tests/transport/aio/test_sessions.py +index c91a7c40a..742f863d0 100644 +--- a/tests/transport/aio/test_sessions.py ++++ b/tests/transport/aio/test_sessions.py +@@ -32,8 +32,13 @@ + + + @pytest.fixture +-async def simple_async_task(): +- return True ++def simple_async_task(): ++ # Wrap async fixture within a synchronous fixture to suppress pytest.PytestRemovedIn9Warning ++ # See https://docs.pytest.org/en/stable/deprecations.html#sync-test-depending-on-async-fixture ++ async def inner_fixture(): ++ return True ++ ++ return inner_fixture() + + + class MockRequest(Request): +@@ -151,10 +156,15 @@ class TestAsyncAuthorizedSession(object): + credentials = AnonymousCredentials() + + @pytest.fixture +- async def mocked_content(self): +- content = [b"Cavefish ", b"have ", b"no ", b"sight."] +- for chunk in content: +- yield chunk ++ def mocked_content(self): ++ # Wrap async fixture within a synchronous fixture to suppress pytest.PytestRemovedIn9Warning ++ # See https://docs.pytest.org/en/stable/deprecations.html#sync-test-depending-on-async-fixture ++ async def inner_fixture(): ++ content = [b"Cavefish ", b"have ", b"no ", b"sight."] ++ for chunk in content: ++ yield chunk ++ ++ return inner_fixture() + + @pytest.mark.asyncio + async def test_constructor_with_default_auth_request(self): diff --git a/python-google-auth-no-mock.patch b/python-google-auth-no-mock.patch new file mode 100644 index 0000000..473a0f4 diff --git a/python-google-auth.changes b/python-google-auth.changes new file mode 100644 index 0000000..5cf7a68 --- /dev/null +++ b/python-google-auth.changes @@ -0,0 +1,921 @@ +------------------------------------------------------------------- +Mon Jan 12 11:00:50 UTC 2026 - John Paul Adrian Glaubitz + +- Update to version 2.47.0 + * drop `cachetools` dependency in favor of simple local implementation (#1590) + * Python 3.8 support (#1918) +- from version 2.46.0 + * update urllib3 docstrings for v2 compatibility (#1903) + * Recognize workload certificate config in has_default_client_cert_source + for mTLS for Agentic Identities (#1907) + * add types to default and verify_token and Request __init__ based on comments + in the source code. (#1588) + * fix the document of secure_authorized_session (#1536) + * remove setup.cfg configuration for creating universal wheels (#1693) + * use .read() instead of .content.read() in aiohttp transport (#1899) + * raise RefreshError for missing token in impersonated credentials (#1897) + * Fix test coverage for mtls_helper (#1886) +- Drop python-google-auth-no-mock.patch, fixed upstream +- Update BuildRequires and Requires from setup.py + +------------------------------------------------------------------- +Mon Jan 5 10:54:00 UTC 2026 - John Paul Adrian Glaubitz + +- Update to version 2.45.0 + * Adding Agent Identity bound token support and handling certificate + mismatches with retries (#1890) +- from version 2.44.0 + * MDS connections use mTLS (#1856) + * support Python 3.14 (#1822) + * add ecdsa p-384 support (#1872) + * Add shlex to correctly parse executable commands with spaces (#1855) + * Implement token revocation in STS client and add revoke() method + to ExternalAccountAuthorizedUser credentials (#1849) + * Add temporary patch to workload cert logic to accomodate Cloud Run + mis-configuration (#1880) + * Delegate workload cert and key default lookup to helper function (#1877) + * Use public refresh method for source credentials in + ImpersonatedCredentials (#1884) +- Drop pytest9.patch, merged upstream +- Refresh python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Thu Nov 27 09:54:02 UTC 2025 - Markéta Machová + +- Add upstream pytest9.patch to fix tests + +------------------------------------------------------------------- +Mon Nov 10 09:08:33 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.43.0 + * Add public wrapper for _mtls_helper.check_use_client_cert which + enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, + when the MWID/X.509 cert sources detected (#1859) Add public + wrapper for check_use_client_cert which enables mTLS if + GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 + cert sources detected. Also, fix check_use_client_cert to return + boolean value. + Change #1848 added the check_use_client_cert method that helps know + if client cert should be used for mTLS connection. However, that was + in a private class, thus, created a public wrapper of the same function + so that it can be used by python Client Libraries. Also, updated + check_use_client_cert to return a boolean value instead of existing + string value for better readability and future scope. + * Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if + the MWID/X.509 cert sources detected (#1848) The Python SDK will + use a hybrid approach for mTLS enablement: + * If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set + (either true or false), the SDK will respect that setting. This is + necessary for test scenarios and users who need to explicitly control + mTLS behavior. + * If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not + set, the SDK will automatically enable mTLS only if it detects Managed + Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) + certificate sources. In other cases where the variable is not set, mTLS + will remain disabled. + ** This change also adds the helper method `check_use_client_cert` and + it's unit test, which will be used for checking the criteria for setting + the mTLS to true + ** This change is only for Auth-Library, other changes will be created + for Client-Library use-cases. + * onboard `google-auth` to librarian (#1838) This PR onboards `google-auth` + library to the Librarian system. + +------------------------------------------------------------------- +Mon Nov 3 12:35:20 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.42.1 + * Catch ValueError for json.loads() (#1842) +- from version 2.42.0 + * Add trust boundary support for external accounts. (#1809) + * Read scopes from ADC json for impersoanted cred (#1820) +- Refresh python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Thu Oct 9 14:33:25 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.41.1 + * Suppress deprecation warning for ADC (#1815) +- from version 2.41.0 + * Add support for cachetools 6.0 (#1773) + * Add trust boundary support for service accounts and impersonation. (#1778) + * Deprecating load_credentials_from_dict (58b66ec) + * Fix type error in credentials.py for python 3.7 and 3.8 (#1805) + * Update user guide to include x509 feature. (#1802) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Fri Jun 13 15:25:25 UTC 2025 - Markéta Machová + +- Convert to pip-based build + +------------------------------------------------------------------- +Wed Jun 11 08:59:54 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.40.3 + * Auth fetch token from default endpoint (#1779) + * Remove unnecessary call to mds service (#1769) + * Retry 504 errors (#1767) + +------------------------------------------------------------------- +Fri May 30 06:54:17 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.40.2 + * Remove sync response logs in AuthorizedSession + * Update test to consider new error message from cryptography (#1765) + +------------------------------------------------------------------- +Mon May 19 13:09:42 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.40.1 + * Disable logging response body for async logs (#1756) +- from version 2.40.0 + * Add request response logging to auth (#1678) + * Correct webauthn JSON parsing to be compliant with standard. (#1658) +- from version 2.39.0 + * Adds GA support for X.509 workload identity federation (#1695) + * Add impersonated SA via local ADC support for fetch_id_token (#1740) + * Add missing packaging dependency for feature requiring urllib3 (#1732) + * Add request timeout for MDS requests (#1699) + * Explicitly declare support for Python 3.13 ([#1741) +- Refresh python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Wed Feb 5 13:24:01 UTC 2025 - Markéta Machová + +- Skip test broken with new pyOpenSSL + * as pyOpenSSL should not be used anymore and continues deprecating + functionality, this library should really be migrated to cryptography, + otherwise we are facing serious problems in the future + * https://github.com/googleapis/google-auth-library-python/issues/1665 + +------------------------------------------------------------------- +Thu Jan 30 13:30:46 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.38.0 + * Adding domain-wide delegation flow in impersonated credential (#1624) (34ee3fe) + * Add warnings regarding consuming externally sourced credentials (d049370) + +------------------------------------------------------------------- +Thu Jan 9 11:34:17 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 2.37.0 + * Allow users to use jwk keys for verifying ID token (#1641) +- from version 2.36.1 + * Improve user guide for Impersonation and SA (#1627) +- Update BuildRequires and Recommends from setup.py + +------------------------------------------------------------------- +Thu Dec 5 11:00:48 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.36.0 + * IAM signblob retries (#1600) + * Making IAM endpoint universe-aware (#1604) + * Support External Account Authorized User as a Source + Credential for impersonated credentials in ADC (#1608) + * Adding default parameters to updated interfaces (#1622) + * Change universe_domain to universe-domain (#1613) + * Remove base class to avoid type conflict (#1619) + * Revert templates for iam endpoints (#1614) + * Update secret (#1611) + * Update secret (#1617) + * Update secret (#1621) + +------------------------------------------------------------------- +Tue Oct 1 14:24:58 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.35.0 + * Add cred info to ADC creds (#1587) + * Add support for asynchronous `AuthorizedSession` api (#1577) + * Remove token_info call from token refresh path (#1595) +- Refresh patches for new version + * python-google-auth-no-mock.patch +- Updates BuildRequires from setup.py + +------------------------------------------------------------------- +Tue Sep 17 07:34:24 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.34.0 + * **auth:** Update get_client_ssl_credentials to support X.509 workload certs (#1558) + * Retry token request on retryable status code (#1563) +- from version 2.33.0 + * Implement async `StaticCredentials` using access tokens (#1559) + * Implement base classes for credentials and request sessions (#1551) + * **metadata:** Enhance retry logic for metadata server access in _metadata.py (#1545) + * Update argument for Credentials initialization (#1557) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Wed Jul 10 08:17:34 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.32.0 + * Adds support for X509 workload credential type (#1541) +- Adjust upstream source name in spec file + +------------------------------------------------------------------- +Fri Jul 5 10:08:50 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.31.0 + * Adds X509 workload cert logic (#1527) + * Added py.typed to MANIFEST.in (#1526) + * Pass trust_env kwarg to ClientSession (#1533) + +------------------------------------------------------------------- +Thu Jul 4 08:13:30 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.30.0 + * Add WebAuthn plugin component to handle WebAuthn get assertion request (#1464) + * ECP Provider drop cryptography requirement (#1524) + * Enable webauthn plugin for security keys (#1528) + * Fix id_token iam endpoint for non-gdu service credentials (#1506) + * Makes default token_url universe aware (#1514) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Fri May 17 10:36:48 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 2.29.0 + * Adds support for custom suppliers in AWS and Identity Pool credentials (#1496) + * Refactor tech debt in aws and identity pool credentials (#1501) +- from version 2.28.2 + * Remove gce log for expected 404 (#1491) +- from version 2.28.1 + * Typo when setting the state for the pickle deserializer. (#1479) +- from version 2.28.0 + * Adding universe domain support for downscroped credentials (#1463) + * Change log level to debug for return_none_for_not_found_error (#1473) + * Make requests import conditional for gce universe domain (#1476) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Thu Mar 14 15:56:13 UTC 2024 - Robert Schweikert + +- Do not force transition to Python 3.11 it breaks SUMa + +------------------------------------------------------------------- +Tue Mar 5 20:22:30 UTC 2024 - Robert Schweikert + +- Obsolete Python 3.6 build for SLE 15 SP4 and openSUSE Leap 15.4 and later + +------------------------------------------------------------------- +Mon Feb 26 20:27:21 UTC 2024 - Robert Schweikert + +- Version update in SLE 15 SP4 and later (jsc#PED-6697) + +------------------------------------------------------------------- +Sun Feb 4 10:13:37 UTC 2024 - Dirk Müller + +- update to 2.27.0: + * Add optional account association for Authorized User + credentials. + * Allow custom universe domain for gce creds + * Conditionally import requests only if no request was passed + by the caller. + +------------------------------------------------------------------- +Thu Jan 11 14:38:48 UTC 2024 - John Paul Adrian Glaubitz + +- Update to 2.26.2 + * Read universe_domain for external account authorized user (#1450) + +------------------------------------------------------------------- +Thu Jan 4 09:50:33 UTC 2024 - John Paul Adrian Glaubitz + +- Update to 2.26.1 + * Ensure that refresh worker is pickle-able. (#1447) +- from version 2.26.0 + * Add optional non blocking refresh for sync auth code (a6dc2c3) + * Add optional non blocking refresh for sync auth code (#1368) + * External account user cred universe domain support (#1437) + * Guard delete statements. Add default fallback for _use_non_blocking_refresh. (#1445) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Sat Dec 16 19:27:11 UTC 2023 - Dirk Müller + +- update to 2.25.2: + * Fix user cred universe domain issue (#1436) + +------------------------------------------------------------------- +Thu Dec 7 22:38:03 UTC 2023 - Dirk Müller + +- update to 2.25.1: + * Fix vm universe_domain bug (#1433) (8683520) + * Add custom tls signer for ECP Provider. (39eb287) + * Add custom tls signer for ECP Provider. (#1402) (39eb287) + * Add with_universe_domain (#1408) (505910c) + * Fixes issue where Python37DeprecationWarning cannot be + filtered (#1428) (f22f767) + * Remove broken link in Python37DeprecationWarning (#1430) + * Add support for Python 3.12 (#1421) (307916c) + * Add universe domain support for VM cred (#1409) (7ab0fce) + * Modify the token refresh window (#1419) (c6af1d6) + * Add missing before request to async oauth2 credentials. + (#1420) (8eaa878) + * Auto create self signed jwt cred (#1418) (6c610a5) + * Migrate datetime.utcnow for python 3.12 (#1413) (e4d9c27) + * Update user cred doc (#1414) (3f426bc) + +------------------------------------------------------------------- +Fri Nov 24 13:58:43 UTC 2023 - John Paul Adrian Glaubitz + +- Update to 2.23.4 + * Export detect_gce_residency_linux function (#1403) +- from version 2.23.3 + * Serialize signer keys on __getstate__ for pickling (#1394), + closes (#1383) + +------------------------------------------------------------------- +Tue Oct 3 12:48:18 UTC 2023 - Markéta Machová + +- update to 2.23.2 + * Less restrictive content-type header check for google authentication + * Trust boundary meta header renaming + * Support urllib3 2.0 + +------------------------------------------------------------------- +Thu Sep 21 12:09:25 UTC 2023 - Ondřej Súkup + +- refresh python-google-auth-no-mock.patch +- update to 2.23.0 + * Expose universe domain in credentials + * Make external_account resistant to string type 'expires_in' responses from non-compliant services + * Missing ssj for impersonate cred () + * Skip checking projectid on cred if env var is set + * Add get_bq_config_path() to _cloud_sdk.py + +------------------------------------------------------------------- +Mon Aug 14 09:05:07 UTC 2023 - Dirk Müller + +- unpin urllib3 to resolve conflict with python-kubernetes + +------------------------------------------------------------------- +Tue Jul 25 13:44:24 UTC 2023 - ecsos + +- Fix not installable error + +------------------------------------------------------------------- +Tue Jul 18 10:56:40 UTC 2023 - John Paul Adrian Glaubitz + +- Update to 2.22.0 + * Adding meta header for trust boundary (#1334) + * Introduce compatibility with native namespace packages (#1205) + * Deprecate UserAccessTokenCredentials (#1344) +- Update file list in %files section + +------------------------------------------------------------------- +Mon Jul 10 08:18:34 UTC 2023 - Dominique Leuenberger + +- Require python-urllib3 < 2.0 if python-urllib3: urllib3 seems not + strictly required, but when it's there, we need it to be older + than version 2.0. + +------------------------------------------------------------------- +Tue Jun 27 10:51:30 UTC 2023 - John Paul Adrian Glaubitz + +- Update to 2.21.0 + * Add framework for BYOID metrics headers (#1332) + * Pypy unit test build (#1335) +- from version 2.20.0 + * Add public API load_credentials_from_dict (#1326) + * Expiry in compute_engine.IDTokenCredentials (#1327), closes (#1323) + * Expiry in impersonated_credentials.IDTokenCredentials (#1330) + * Invalid `dev` version identifiers in `setup.py` (#1322), closes (#1321) +- from version 2.19.1 + * Check id token error response (#1315) + * Fix "AttributeError: 'str' object has no attribute 'get'" (dac7cc3) + * Replacing abc.com with example.com (dac7cc3) +- from version 2.19.0 + * Add metrics (part 1) (#1298) + * Add metrics (part 2) (#1303) + * Add metrics (part 3) (#1305) + * Expose `universe_domain` for external account creds (#1296) + * Remove python 2.7 from setup.py and nox tests (#1301) +- from version 2.18.1 + * Self signed jwt token should be string type (#1294) +- from version 2.18.0 + * Add smbios check to detect GCE residency (#1276) + * Universe domain support for service account (#1286) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Sat May 27 07:26:11 UTC 2023 - Dirk Müller + +- drop urllib3-2.patch and limit to urllib3 < 2.x as that + matches the requires and avoids coinstallability isuses + +------------------------------------------------------------------- +Wed May 10 07:14:23 UTC 2023 - Daniel Garcia + +- Add urllib3-2.patch to support newer urllib3 -- gh#googleapis/google-auth-library-python#1290 +- Remove no-python3.patch +- Update to 2.17.3: + * Add useEmailAzp claim for id token iam flow (#1270) (7a9c6f2) +- 2.17.2: + * Do not create new JWT credentials if they make the same claims as + the existing. (#1267) (eebb7b6) +- 2.17.1: + * Print out reauth plugin error and raise if challenge output is + None (#1265) (08d22fe) +- 2.17.0: + * Experimental service account iam endpoint flow for id token + (#1258) (8ff0de5) + * Python: Remove aws url validation (#1254) (20a966b) +- 2.16.3: + * Read both applicationId and relyingPartyId. (#1246) (e125dfe) +- 2.16.2: + * Call gcloud config get project to get project for user cred + (#1243) (c078a13) + * Do not use hardcoded string 'python', when you mean + sys.executable. (#1233) (91ac8e6) + * Don't retry if error or error_description is not string (#1241) + (e2d263a) + * Improve ADC related errors and warnings (#1237) (2dfa213) + +------------------------------------------------------------------- +Fri Apr 21 12:25:47 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:41:37 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Mon Mar 6 17:10:45 UTC 2023 - Matej Cepl + +- Remove conflicts and clean up SPEC file. + +------------------------------------------------------------------- +Thu Mar 2 11:21:16 UTC 2023 - John Paul Adrian Glaubitz + +- Update to 2.16.1 + * Add support for python 3.11 (#1212) + * Remove 3PI config url validation (#1220) + * Update the docs generator interpreter to unblock documentation build (#1218) +- from version 2.16.0 + * AwsCredentials should not call metadata server if security creds and region + are retrievable through the environment variables (#1195) + * Wrap all python built-in exceptions into library excpetions (#1191) + * Allow get_project_id to take a request (#1203) + * Make OAUTH2.0 client resistant to string type 'expires_in' responses from + non-compliant services (#1208) +- Drop obsolete patches + * ga_python-executable-name.patch +- Refresh patches for new version + * no-python3.patch + +------------------------------------------------------------------- +Wed Feb 22 20:00:34 UTC 2023 - Matej Cepl + +- Add no-python3.patch replacing call of the + string literal 'python3' with sys.executable + (gh#googleapis/google-auth-library-python!1233). + +------------------------------------------------------------------- +Fri Dec 2 10:25:44 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2.15.0 + * Add api_key credentials (#1184) + * Introduce a way to provide scopes granted by user (#1189) + * Allow mtls sts endpoint for external account token urls. (#1185) + * CI broken by removal of py.path (#1194) + * Ensure JWT segments have the right types (#1162) + * Updated the lower bound of interactive timeout and fix the kwarg… (#1182) + +------------------------------------------------------------------- +Wed Nov 16 15:26:38 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2.14.1 + * Apply quota project for compute cred in adc (#1177) + * Update minimum required version of cryptography in pyopenssl extra (#1176) + * Validate url domain for aws metadata urls (#1174) +- Update Requires from setup.py + +------------------------------------------------------------------- +Tue Nov 8 07:19:56 UTC 2022 - Matej Cepl + +- Clean up SPEC file, make rpmlint happy. + +------------------------------------------------------------------- +Mon Nov 7 13:59:22 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2.14.0 + * Add token_info_url to external account credentials (#1168) + * Read Quota Project from Environment Variable (#1163) + * Adding more properties to external_account_authorized_user (#1169) +- from version 2.13.0 + * Adds new external account authorized user credentials (#1160) + * Implement pluggable auth interactive mode (#1131) + * Introduce the functionality to override token_uri in credentials (#1159) + * Adding one more pattern to relax the regex check for sts and + impersonation url endpoints (#1158) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Fri Oct 14 09:30:55 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2.12.0 + * Retry behavior (#1113) + * Modify RefreshError exception to use gcloud ADC command. (#1149) + * Revert "Update token refresh threshold from 20 seconds to 5 minutes". (186464b) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Thu Sep 8 12:02:06 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2.11.0 + * add integration tests for configurable token lifespan (#1103) + * Async certificate retrieving (#1101) +- from version 2.10.0 + * add integration tests for pluggable auth (#1073) + * support for configurable token lifetime (0dc6a9a) + * support for configurable token lifetime (#1079) + * async certificate decoding (#1085) + * Async system tests were not unwrapping async_generators (#1086) + * Fix IDTokenCredentials update bug [#1072) + * make expiration_time optional in response schema (#1091) + * refactor credential subclass parameters (#1095) +- from version 2.9.1 + * there was a raise missing for throwing exceptions (#1077) +- from version 2.9.0 + * pluggable auth support (#1045) +- from version 2.8.0 + * add experimental GDCH support (#1044) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Wed Jun 8 08:53:02 UTC 2022 - pgajdos@suse.com + +- version update to 2.7.0 + ## [2.7.0] + * add experimental enterprise cert support + * add experimental GDCH support + * Pluggable auth support + * validate urls for external accounts + * pluggable auth support [#995] + * revert experimental GDCH support + * fix changelog header to consistent size + ## [2.6.6] + * silence TypeError during tear down stage + ## [2.6.5] + * add additional missing import in _default.py + ## [2.6.4] + * fix missing import in _default.py +- added patches + fix https://github.com/googleapis/google-auth-library-python/issues/1055 + + python-google-auth-no-mock.patch + +------------------------------------------------------------------- +Fri Jun 3 16:02:30 UTC 2022 - Markéta Machová + +- Update to 2.6.6 + * fix missing import in _default.py + * add additional missing import in _default.py + * silence TypeError during tear down stage + +------------------------------------------------------------------- +Thu Apr 14 21:10:23 UTC 2022 - Ben Greiner + +- Don't test the converter for the deprecated oauth2client library + +------------------------------------------------------------------- +Sat Apr 9 19:20:46 UTC 2022 - Matej Cepl + +- Improve %files to be more restrictive. + +------------------------------------------------------------------- +Fri Apr 8 13:30:25 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2.6.3 + Bug Fixes + * change requests lib import place (#1010) + * clean up HTTP session and pool during tear down phase (#1007) + * pin click version and update sys test creds (#1008) +- from version 2.6.2 + Bug Fixes + * Rename aws imdsv2 url field and update token lifetime (#982) + Miscellaneous Chores + * let release-please finish the release (#991) +- from version 2.6.1 + Bug Fixes + * Add AWS session token to metadata requests (#958) +- from version 2.6.0 + Features + * ADC can load an impersonated service account credentials. (#962) + Bug Fixes + * revert "feat: add api key support (#826) + +------------------------------------------------------------------- +Thu Jan 27 06:49:59 UTC 2022 - Matthias Fehring + +- Update to 2.5.0 + * ADC can load an impersonated service account credentials. (#965) +- from version 2.4.1 + * fix urrlib3 import (gh#googleapis/google-auth-library-python#953) +- from version 2.4.0 + * add 'py.typed' declaration (#919) + * add api key support (#826) + * deps: allow cachetools 5.0 for python 3.7+ + (gh#googleapis/google-auth-library-python#937) + * fix the message format for metadata server exception + (gh#googleapis/google-auth-library-python#916) +- from version 2.3.3 + * add fetch_id_token_credentials (gh#googleapis/google-auth-library-python#866) + * fix error in sign_bytes (gh#googleapis/google-auth-library-python#905) + * use 'int.to_bytes' and 'int.from_bytes' for py3 + (gh#googleapis/google-auth-library-python#904) +- from version 2.3.2 + * add clock_skew_in_seconds to verify_token functions + (gh#googleapis/google-auth-library-python#894) +- from version 2.3.1 + * add back python 2.7 for gcloud usage only + (gh#googleapis/google-auth-library-python#892) +- from version 2.3.0 + * add support for Python 3.10 (#882) + * ADC with impersonated workforce pools + (gh#googleapis/google-auth-library-python#877) +- from version 2.2.1 + * disable self signed jwt for domain wide delegation + (gh#googleapis/google-auth-library-python#873) +- from version 2.2.0 + * add support for workforce pool credentials (#868) +- from version 2.1.0 + * Improve handling of clock skew (#858) + * add SAML challenge to reauth + (gh#googleapis/google-auth-library-python#819) + * disable warning if quota project id provided to auth.default() + (gh#googleapis/google-auth-library-python#856) + * rename CLOCK_SKEW and separate client/server user case + (gh#googleapis/google-auth-library-python#863) +- from version 2.0.2 + * use 'int.to_bytes' rather than deprecated crypto wrapper + (gh#googleapis/google-auth-library-python#848) + * use int.from_bytes (gh#googleapis/google-auth-library-python#846) + +------------------------------------------------------------------- +Fri Aug 20 09:17:38 UTC 2021 - John Paul Adrian Glaubitz + +- Update to 2.0.1 + * normalize AWS paths correctly on windows (#842) +- from version 2.0.0 + * drop support for Python 2.7 (#778) + * service account is able to use a private token endpoint (#835) + * downscoping documentation bugs (#830) + * Fix missing space in error message. (#821) + * update user guide/references for downscoped creds (#827) +- from version 1.34.0 + * support refresh callable on google.oauth2.credentials.Credentials (#812) + * do not use the GAE APIs on gen2+ runtimes (#807) +- from version 1.33.1 + * fallback to source creds expiration in downscoped tokens (#805) + * revert "feat: service account is able to use a private token endpoint (#784) +- from version 1.33.0 + * define `CredentialAccessBoundary` classes (#793) + * define `google.auth.downscoped.Credentials` class (#801) + * service account is able to use a private token endpoint (#784) + * fix fetch_id_token credential lookup order to match adc (#748) + * fix code block formatting in 'user-guide.rst' (#794) +- from version 1.32.1 + * avoid leaking sub-session created for '_auth_request' (#789) +- from version 1.32.0 + * allow scopes for self signed jwt (#776) +- from version 1.31.0 + * define useful properties on `google.auth.external_account.Credentials` (#770) + * avoid deleting items while iterating (#772) +- from version 1.30.2 + * **dependencies:** add urllib3 and requests to aiohttp extra (#755) + * enforce constraints during unit tests (#760) + * session object was never used in aiohttp request (#700) +- from version 1.30.1 + * allow user to customize context aware metadata path in _mtls_helper (#754) + * fix function name in signing error message (#751) +- from version 1.30.0 + * add reauth support to async user credentials for gcloud (#738) +- from version 1.29.0 + * add reauth feature to user credentials for gcloud (#727) + * Allow multiple audiences for id_token.verify_token (#733) +- from version 1.28.1 + * support custom alg in jwt header for signing (#729) +- from version 1.28.0 + * allow the AWS_DEFAULT_REGION environment variable (#721) + * expose library version at `google.auth.__version` (#683) + * fix unit tests so they can work in g3 (#714) +- from version 1.27.1 + * ignore gcloud warning when getting project id (#708) + * use gcloud creds flow (#705) +- from version 1.27.0 + * workload identity federation support (#698) + * add pyopenssl as extra dependency (#697) +- from version 1.26.1 + * fix a typo in the user guide (avaiable -> available) (#680) + * revert workload identity federation support (#691) +- from version 1.26.0 + * workload identity federation support (#686) +- from version 1.25.0 + * support self-signed jwt in requests and urllib3 transports (#679) + * use self-signed jwt for service account (#665) +- Add patch to fix filename of Python executable in testsuite + + ga_python-executable-name.patch +- Update BuildRequires from setup.py + +------------------------------------------------------------------- +Wed Jan 6 13:16:24 UTC 2021 - Matthias Fehring + +- Update to 1.24.0 + * add Python 3.9 support, drop Python 3.5 support + (gh#googleapis/google-auth-library-python#654) + * avoid losing the original '_include_email' parameter in impersonated + credentials (gh#googleapis/google-auth-library-python#626) +- from version 1.23.0 + * Add custom scopes for access tokens from the metadata service + (gh#googleapis/google-auth-library-python#633) + * remove checks for ancient versions of Cryptography +- from version 1.22.1 + * move aiohttp to extra as it is currently internal surface + (gh#googleapis/google-auth-library-python#619) +- from version 1.22.0 + * add asyncio based auth flow + (gh#googleapis/google-auth-library-python#612) +- from version 1.21.3 + * fix expiry for to_json() + (gh#googleapis/google-auth-library-python#589) +- Skip build for python2 as it is not supported anymore and unit tests + can not be run because of unsatisfiable dependencies (mock >= 3.6) +- Add urllib3 to the build requirements needed for testing and remove + cryptography + +------------------------------------------------------------------- +Wed Sep 23 13:05:40 UTC 2020 - Dirk Mueller + +- update to 1.21.2: + * migrate signBlob to iamcredentials.googleapis.com + +------------------------------------------------------------------- +Thu Sep 10 12:12:06 UTC 2020 - John Paul Adrian Glaubitz + +- Update to 1.21.1 + * dummy commit to trigger a auto release (#597) +- from version 1.21.0 + * add GOOGLE_API_USE_CLIENT_CERTIFICATE support (#592) +- from version 1.20.1 + * reduce refresh clock skew to 10 seconds (#581) + * set Content-Type header in the request to signBlob API + to avoid Invalid JSON payload error (#439) +- from version 1.20.0 + * Add debug logging that can help with diagnosing auth lib. path (#473) + * Show the transport exception that happened for GCE Metadata (#474) + * **packaging:** add support for Python 3.8 (#569), closes (#568) +- from version 1.19.2 + * Revert "fix: migrate signBlob to iamcredentials.googleapis.com" (#563) +- from version 1.19.1 + * don't add empty quota project (#560) +- from version 1.19.0 + * add quota project to base credentials class (#546) + * check 'iss' in `verify_oauth2_token` (#500) + * migrate signBlob to iamcredentials.googleapis.com (#553) + * remove 3.4 from supported versions list (#549) +- from version 1.18.0 + * make ``load_credentials_from_file`` a public method (#530) + * no warning if quota_project_id is given (#537) + +------------------------------------------------------------------- +Mon Jun 29 16:21:32 UTC 2020 - Sean Marlow + +- Add missing pyOpenSSL test dependency which is listed upstream. + +------------------------------------------------------------------- +Thu Jun 18 10:30:04 UTC 2020 - John Paul Adrian Glaubitz + +- Update to 1.17.2 + + Bug Fixes + * narrow acceptable RSA versions to maintain Python 2 compatability (#528) +- from version 1.17.1 + + Features + * add quota_project_id to service accounts; add with_quota_project methods (#519) +- from version 1.16.1 + + Bug Fixes + * fix impersonated cred exception doc (#521) + * replace environment variable GCE_METADATA_ROOT with GCE_METADATA_HOST (#433) +- from version 1.16.0 + + Features + * add helper func to for default encrypted cert (#514) + + Bug Fixes + * fix impersonated cred for gcloud (#516) + +------------------------------------------------------------------- +Mon May 25 11:24:30 UTC 2020 - Paolo Stivanin + +- Update to 1.15.0: + * encrypted mtls private key support + * signBytes for impersonated credentials + * catch exceptions.RefreshError + * support string type response.data + +------------------------------------------------------------------- +Tue Apr 28 07:49:44 UTC 2020 - Tomáš Chvátal + +- Update to 1.14.1: + * Many bugixes all around +- Remove no longer needed patch: + * pytest5.patch +- Update the dependencies to match up setup.py and what upstream + really requires + +------------------------------------------------------------------- +Mon Jul 22 08:06:53 UTC 2019 - Tomáš Chvátal + +- Add patch to build with pytest5: + * pytest5.patch + +------------------------------------------------------------------- +Fri Mar 15 10:53:23 UTC 2019 - Tomáš Chvátal + +- Update to 1.6.3: + * follow rfc 7515 : strip padding from JWS segments #324 (#324) + * Add retry to _metadata.ping() (#323) + * Announce deprecation of Python 2.7 (#311) + * Link all the PRs in CHANGELOG (#307) + * Automatically refresh impersonated credentials (#304) + * Add google.auth.impersonated_credentials (#299) + * Enable static type checking with pytype (#298) + * Make classifiers in setup.py an array. (#280) +- Drop oauth-no-appengine.patch should not be needed + +------------------------------------------------------------------- +Tue Dec 4 12:48:35 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Wed Sep 12 19:59:10 UTC 2018 - Thomas Bechtold + +- update to 1.5.1: + - Fix check for error text on Python 3.7. (#278) + - Use new Auth URIs. (#281) + - Add code-of-conduct document. (#270) + - Fix some typos in test_urllib3.py (#268) + - Warn when using user credentials from the Cloud SDK (#266) + - Add compute engine-based IDTokenCredentials (#236) + - Corrected some typos (#265) + +------------------------------------------------------------------- +Tue May 29 15:54:32 UTC 2018 - tbechtold@suse.com + +- update to 1.4.2: + - Raise a helpful exception when trying to refresh credentials without + a refresh token. (#262) + - Fix links to README and CONTRIBUTING in docs/index.rst. (#260) + - Fix a typo in credentials.py. (#256) + - Use pytest instead of py.test per upstream recommendation, + #dropthedot. (#255) + - Fix typo on exemple of jwt usage (#245) +- Drop Flask from Requires. It is only needed for testing + +------------------------------------------------------------------- +Tue May 8 10:23:49 UTC 2018 - tchvatal@suse.com + +- Add patch to not check for oauth appengine which we disable in + openSUSE: + * oauth-no-appengine.patch + +------------------------------------------------------------------- +Mon May 7 13:56:36 UTC 2018 - tchvatal@suse.com + +- Fix fdupes call and run tests + +------------------------------------------------------------------- +Mon May 7 12:58:39 UTC 2018 - adrian.glaubitz@suse.com + +- New upstream release (bsc#1088358) + + Version 1.4.1 + - Added a check for the cryptography version before attempting to use it. + + From version 1.4.0 + - Added `cryptography`-based RSA signer and verifier. + - Added `google.oauth2.service_account.IDTokenCredentials`. + - Improved documentation around ID Tokens + + From version 1.3.0 + - Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``. + - Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` + specify the right version. + - ``default()`` now checks for the project ID environment var before + warning about missing project ID. + - Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. + - Fixed example in docstring for ``ReadOnlyScoped``. + - Made ``transport.requests`` use timeouts and retries + to improve reliability. + +------------------------------------------------------------------- +Sun Nov 19 15:22:10 UTC 2017 - mc@suse.com + +- initial version 1.2.1 diff --git a/python-google-auth.spec b/python-google-auth.spec new file mode 100644 index 0000000..3513750 --- /dev/null +++ b/python-google-auth.spec @@ -0,0 +1,86 @@ +# +# spec file for package python-google-auth +# +# Copyright (c) 2026 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-google-auth +Version: 2.47.0 +Release: 0 +Summary: Google Authentication Library +License: Apache-2.0 +URL: https://github.com/googleapis/google-auth-library-python +Source: https://files.pythonhosted.org/packages/source/g/google_auth/google_auth-%{version}.tar.gz +BuildRequires: %{python_module Flask} +BuildRequires: %{python_module PyJWT >= 2.0} +BuildRequires: %{python_module aiohttp >= 3.6.2} +BuildRequires: %{python_module aioresponses} +BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module freezegun} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pyOpenSSL >= 22.0.0} +BuildRequires: %{python_module pyasn1-modules >= 0.2.1} +BuildRequires: %{python_module pytest-asyncio} +BuildRequires: %{python_module pytest-localserver} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module pyu2f >= 0.1.5} +BuildRequires: %{python_module requests >= 2.20.0} +BuildRequires: %{python_module responses} +BuildRequires: %{python_module rsa >= 3.1.4} +BuildRequires: %{python_module setuptools >= 40.3.0} +BuildRequires: %{python_module urllib3} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-pyasn1-modules >= 0.2.1 +Requires: python-rsa >= 3.1.4 +Requires: python-urllib3 +Recommends: python-PyJWT >= 2.0 +Recommends: python-aiohttp >= 3.6.2 +Recommends: python-cryptography >= 38.0.3 +Recommends: python-pyOpenSSL >= 22.0.0 +Recommends: python-pyu2f >= 0.1.5 +Recommends: python-requests >= 2.20.0 +BuildArch: noarch +%python_subpackages + +%description +This library simplifies using Google’s various server-to-server authentication mechanisms to access Google APIs. + +%prep +%autosetup -p1 -n google_auth-%{version} + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +# don't test deprecated oauth2client utilities if we don't have it anymore +# deprecated OpenSSL.crypto started dropping functionality: https://github.com/googleapis/google-auth-library-python/issues/1665 +%pytest --ignore tests/test__oauth2client.py -k "not (TestDecryptPrivateKey and test_success)" + +%files %{python_files} +%license LICENSE +%doc README.rst +%dir %{python_sitelib}/google +%{python_sitelib}/google/auth +%{python_sitelib}/google/oauth2 +%{python_sitelib}/google_auth-%{version}*-info + +%changelog