From f2522267dee508296484270a27094fe220976380 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Nov 2025 21:24:56 +0000 Subject: [PATCH] chore(deps): Bump google.golang.org/api Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.255.0 to 0.256.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.255.0...v0.256.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.256.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- ci/resources/stemcell-version-bump/go.mod | 10 +- ci/resources/stemcell-version-bump/go.sum | 20 +- .../vendor/golang.org/x/oauth2/deviceauth.go | 31 +- .../golang.org/x/oauth2/google/google.go | 2 +- .../vendor/golang.org/x/oauth2/oauth2.go | 2 +- .../vendor/golang.org/x/oauth2/pkce.go | 2 +- .../vendor/golang.org/x/oauth2/token.go | 2 +- .../vendor/golang.org/x/oauth2/transport.go | 2 +- .../iamcredentials/v1/iamcredentials-api.json | 144 +++++- .../iamcredentials/v1/iamcredentials-gen.go | 471 ++++++++++++++++++ .../google.golang.org/api/internal/version.go | 2 +- .../stemcell-version-bump/vendor/modules.txt | 10 +- 12 files changed, 670 insertions(+), 28 deletions(-) diff --git a/ci/resources/stemcell-version-bump/go.mod b/ci/resources/stemcell-version-bump/go.mod index 2e6e37c2f..b87d70f54 100644 --- a/ci/resources/stemcell-version-bump/go.mod +++ b/ci/resources/stemcell-version-bump/go.mod @@ -7,7 +7,7 @@ toolchain go1.24.1 require ( cloud.google.com/go/storage v1.57.1 github.com/stretchr/testify v1.11.1 - google.golang.org/api v0.255.0 + google.golang.org/api v0.256.0 ) require ( @@ -32,7 +32,7 @@ require ( github.com/go-logr/stdr v1.2.2 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect github.com/googleapis/gax-go/v2 v2.15.0 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -49,14 +49,14 @@ require ( go.opentelemetry.io/otel/trace v1.37.0 // indirect golang.org/x/crypto v0.43.0 // indirect golang.org/x/net v0.46.0 // indirect - golang.org/x/oauth2 v0.32.0 // indirect - golang.org/x/sync v0.17.0 // indirect + golang.org/x/oauth2 v0.33.0 // indirect + golang.org/x/sync v0.18.0 // indirect golang.org/x/sys v0.37.0 // indirect golang.org/x/text v0.30.0 // indirect golang.org/x/time v0.14.0 // indirect google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect google.golang.org/grpc v1.76.0 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/ci/resources/stemcell-version-bump/go.sum b/ci/resources/stemcell-version-bump/go.sum index 95d754db9..cb3652e8a 100644 --- a/ci/resources/stemcell-version-bump/go.sum +++ b/ci/resources/stemcell-version-bump/go.sum @@ -61,8 +61,8 @@ github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= -github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ= +github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -105,10 +105,10 @@ golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= -golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= -golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo= +golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= @@ -117,14 +117,14 @@ golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/api v0.255.0 h1:OaF+IbRwOottVCYV2wZan7KUq7UeNUQn1BcPc4K7lE4= -google.golang.org/api v0.255.0/go.mod h1:d1/EtvCLdtiWEV4rAEHDHGh2bCnqsWhw+M8y2ECN4a8= +google.golang.org/api v0.256.0 h1:u6Khm8+F9sxbCTYNoBHg6/Hwv0N/i+V94MvkOSor6oI= +google.golang.org/api v0.256.0/go.mod h1:KIgPhksXADEKJlnEoRa9qAII4rXcy40vfI8HRqcU964= google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda h1:i/Q+bfisr7gq6feoJnS/DlpdwEL4ihp41fvRiM3Ork0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 h1:tRPGkdGHuewF4UisLzzHHr1spKw92qLM98nIzxbC0wY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/deviceauth.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/deviceauth.go index e99c92f39..e783a9437 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/deviceauth.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/deviceauth.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "io" + "mime" "net/http" "net/url" "strings" @@ -116,10 +117,38 @@ func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAu return nil, fmt.Errorf("oauth2: cannot auth device: %v", err) } if code := r.StatusCode; code < 200 || code > 299 { - return nil, &RetrieveError{ + retrieveError := &RetrieveError{ Response: r, Body: body, } + + content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type")) + switch content { + case "application/x-www-form-urlencoded", "text/plain": + // some endpoints return a query string + vals, err := url.ParseQuery(string(body)) + if err != nil { + return nil, retrieveError + } + retrieveError.ErrorCode = vals.Get("error") + retrieveError.ErrorDescription = vals.Get("error_description") + retrieveError.ErrorURI = vals.Get("error_uri") + default: + var tj struct { + // https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 + ErrorCode string `json:"error"` + ErrorDescription string `json:"error_description"` + ErrorURI string `json:"error_uri"` + } + if json.Unmarshal(body, &tj) != nil { + return nil, retrieveError + } + retrieveError.ErrorCode = tj.ErrorCode + retrieveError.ErrorDescription = tj.ErrorDescription + retrieveError.ErrorURI = tj.ErrorURI + } + + return nil, retrieveError } da := &DeviceAuthResponse{} diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/google/google.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/google/google.go index e2eb9c927..7d1fdd31d 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/google/google.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/google/google.go @@ -252,7 +252,7 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar // Further information about retrieving access tokens from the GCE metadata // server can be found at https://cloud.google.com/compute/docs/authentication. func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource { - // refresh 3 minutes and 45 seconds early. The shortest MDS cache is currently 4 minutes, so any + // Refresh 3 minutes and 45 seconds early. The shortest MDS cache is currently 4 minutes, so any // refreshes earlier are a waste of compute. earlyExpirySecs := 225 * time.Second return computeTokenSource(account, earlyExpirySecs, scope...) diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/oauth2.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/oauth2.go index 3e3b63069..5c527d31f 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/oauth2.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/oauth2.go @@ -98,7 +98,7 @@ const ( // in the POST body as application/x-www-form-urlencoded parameters. AuthStyleInParams AuthStyle = 1 - // AuthStyleInHeader sends the client_id and client_password + // AuthStyleInHeader sends the client_id and client_secret // using HTTP Basic Authorization. This is an optional style // described in the OAuth2 RFC 6749 section 2.3.1. AuthStyleInHeader AuthStyle = 2 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/pkce.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/pkce.go index cea8374d5..f99384f0f 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/pkce.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/pkce.go @@ -51,7 +51,7 @@ func S256ChallengeFromVerifier(verifier string) string { return base64.RawURLEncoding.EncodeToString(sha[:]) } -// S256ChallengeOption derives a PKCE code challenge derived from verifier with +// S256ChallengeOption derives a PKCE code challenge from the verifier with // method S256. It should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] // only. func S256ChallengeOption(verifier string) AuthCodeOption { diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/token.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/token.go index 239ec3296..e995eebb5 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/token.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/token.go @@ -103,7 +103,7 @@ func (t *Token) WithExtra(extra any) *Token { } // Extra returns an extra field. -// Extra fields are key-value pairs returned by the server as a +// Extra fields are key-value pairs returned by the server as // part of the token retrieval response. func (t *Token) Extra(key string) any { if raw, ok := t.raw.(map[string]any); ok { diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/transport.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/transport.go index 8bbebbac9..9922ec331 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/transport.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/oauth2/transport.go @@ -58,7 +58,7 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) { var cancelOnce sync.Once // CancelRequest does nothing. It used to be a legacy cancellation mechanism -// but now only it only logs on first use to warn that it's deprecated. +// but now only logs on first use to warn that it's deprecated. // // Deprecated: use contexts for cancellation instead. func (t *Transport) CancelRequest(req *http.Request) { diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-api.json b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-api.json index 598920d08..3694e4aeb 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-api.json +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-api.json @@ -137,8 +137,68 @@ }, "protocol": "rest", "resources": { + "locations": { + "resources": { + "workforcePools": { + "methods": { + "getAllowedLocations": { + "description": "Returns the trust boundary info for a given workforce pool.", + "flatPath": "v1/locations/{locationsId}/workforcePools/{workforcePoolsId}/allowedLocations", + "httpMethod": "GET", + "id": "iamcredentials.locations.workforcePools.getAllowedLocations", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. Resource name of workforce pool.", + "location": "path", + "pattern": "^locations/[^/]+/workforcePools/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}/allowedLocations", + "response": { + "$ref": "WorkforcePoolAllowedLocations" + } + } + } + } + } + }, "projects": { "resources": { + "locations": { + "resources": { + "workloadIdentityPools": { + "methods": { + "getAllowedLocations": { + "description": "Returns the trust boundary info for a given workload identity pool.", + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/allowedLocations", + "httpMethod": "GET", + "id": "iamcredentials.projects.locations.workloadIdentityPools.getAllowedLocations", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. Resource name of workload identity pool.", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}/allowedLocations", + "response": { + "$ref": "WorkloadIdentityPoolAllowedLocations" + } + } + } + } + } + }, "serviceAccounts": { "methods": { "generateAccessToken": { @@ -197,6 +257,28 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, + "getAllowedLocations": { + "description": "Returns the trust boundary info for a given service account.", + "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/allowedLocations", + "httpMethod": "GET", + "id": "iamcredentials.projects.serviceAccounts.getAllowedLocations", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. Resource name of service account.", + "location": "path", + "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}/allowedLocations", + "response": { + "$ref": "ServiceAccountAllowedLocations" + } + }, "signBlob": { "description": "Signs a blob using a service account's system-managed private key.", "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob", @@ -258,7 +340,7 @@ } } }, - "revision": "20251009", + "revision": "20251022", "rootUrl": "https://iamcredentials.googleapis.com/", "schemas": { "GenerateAccessTokenRequest": { @@ -336,6 +418,26 @@ }, "type": "object" }, + "ServiceAccountAllowedLocations": { + "description": "Represents a list of allowed locations for given service account.", + "id": "ServiceAccountAllowedLocations", + "properties": { + "encodedLocations": { + "description": "Output only. The hex encoded bitmap of the trust boundary locations", + "readOnly": true, + "type": "string" + }, + "locations": { + "description": "Output only. The human readable trust boundary locations. For example, [\"us-central1\", \"europe-west1\"]", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, "SignBlobRequest": { "id": "SignBlobRequest", "properties": { @@ -399,6 +501,46 @@ } }, "type": "object" + }, + "WorkforcePoolAllowedLocations": { + "description": "Represents a list of allowed locations for given workforce pool.", + "id": "WorkforcePoolAllowedLocations", + "properties": { + "encodedLocations": { + "description": "Output only. The hex encoded bitmap of the trust boundary locations", + "readOnly": true, + "type": "string" + }, + "locations": { + "description": "Output only. The human readable trust boundary locations. For example, [\"us-central1\", \"europe-west1\"]", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "WorkloadIdentityPoolAllowedLocations": { + "description": "Represents a list of allowed locations for given workload identity pool.", + "id": "WorkloadIdentityPoolAllowedLocations", + "properties": { + "encodedLocations": { + "description": "Output only. The hex encoded bitmap of the trust boundary locations", + "readOnly": true, + "type": "string" + }, + "locations": { + "description": "Output only. The human readable trust boundary locations. For example, [\"us-central1\", \"europe-west1\"]", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" } }, "servicePath": "", diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go index 6ed402028..fb81ad514 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/iamcredentials/v1/iamcredentials-gen.go @@ -119,6 +119,7 @@ func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, err return nil, err } s := &Service{client: client, BasePath: basePath, logger: internaloption.GetLogger(opts)} + s.Locations = NewLocationsService(s) s.Projects = NewProjectsService(s) if endpoint != "" { s.BasePath = endpoint @@ -144,6 +145,8 @@ type Service struct { BasePath string // API endpoint base URL UserAgent string // optional additional User-Agent fragment + Locations *LocationsService + Projects *ProjectsService } @@ -154,8 +157,30 @@ func (s *Service) userAgent() string { return googleapi.UserAgent + " " + s.UserAgent } +func NewLocationsService(s *Service) *LocationsService { + rs := &LocationsService{s: s} + rs.WorkforcePools = NewLocationsWorkforcePoolsService(s) + return rs +} + +type LocationsService struct { + s *Service + + WorkforcePools *LocationsWorkforcePoolsService +} + +func NewLocationsWorkforcePoolsService(s *Service) *LocationsWorkforcePoolsService { + rs := &LocationsWorkforcePoolsService{s: s} + return rs +} + +type LocationsWorkforcePoolsService struct { + s *Service +} + func NewProjectsService(s *Service) *ProjectsService { rs := &ProjectsService{s: s} + rs.Locations = NewProjectsLocationsService(s) rs.ServiceAccounts = NewProjectsServiceAccountsService(s) return rs } @@ -163,9 +188,32 @@ func NewProjectsService(s *Service) *ProjectsService { type ProjectsService struct { s *Service + Locations *ProjectsLocationsService + ServiceAccounts *ProjectsServiceAccountsService } +func NewProjectsLocationsService(s *Service) *ProjectsLocationsService { + rs := &ProjectsLocationsService{s: s} + rs.WorkloadIdentityPools = NewProjectsLocationsWorkloadIdentityPoolsService(s) + return rs +} + +type ProjectsLocationsService struct { + s *Service + + WorkloadIdentityPools *ProjectsLocationsWorkloadIdentityPoolsService +} + +func NewProjectsLocationsWorkloadIdentityPoolsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsService { + rs := &ProjectsLocationsWorkloadIdentityPoolsService{s: s} + return rs +} + +type ProjectsLocationsWorkloadIdentityPoolsService struct { + s *Service +} + func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService { rs := &ProjectsServiceAccountsService{s: s} return rs @@ -319,6 +367,36 @@ func (s GenerateIdTokenResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields) } +// ServiceAccountAllowedLocations: Represents a list of allowed locations for +// given service account. +type ServiceAccountAllowedLocations struct { + // EncodedLocations: Output only. The hex encoded bitmap of the trust boundary + // locations + EncodedLocations string `json:"encodedLocations,omitempty"` + // Locations: Output only. The human readable trust boundary locations. For + // example, ["us-central1", "europe-west1"] + Locations []string `json:"locations,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the server. + googleapi.ServerResponse `json:"-"` + // ForceSendFields is a list of field names (e.g. "EncodedLocations") to + // unconditionally include in API requests. By default, fields with empty or + // default values are omitted from API requests. See + // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more + // details. + ForceSendFields []string `json:"-"` + // NullFields is a list of field names (e.g. "EncodedLocations") to include in + // API requests with the JSON null value. By default, fields with empty values + // are omitted from API requests. See + // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. + NullFields []string `json:"-"` +} + +func (s ServiceAccountAllowedLocations) MarshalJSON() ([]byte, error) { + type NoMethod ServiceAccountAllowedLocations + return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields) +} + type SignBlobRequest struct { // Delegates: The sequence of service accounts in a delegation chain. Each // service account must be granted the `roles/iam.serviceAccountTokenCreator` @@ -459,6 +537,288 @@ func (s SignJwtResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields) } +// WorkforcePoolAllowedLocations: Represents a list of allowed locations for +// given workforce pool. +type WorkforcePoolAllowedLocations struct { + // EncodedLocations: Output only. The hex encoded bitmap of the trust boundary + // locations + EncodedLocations string `json:"encodedLocations,omitempty"` + // Locations: Output only. The human readable trust boundary locations. For + // example, ["us-central1", "europe-west1"] + Locations []string `json:"locations,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the server. + googleapi.ServerResponse `json:"-"` + // ForceSendFields is a list of field names (e.g. "EncodedLocations") to + // unconditionally include in API requests. By default, fields with empty or + // default values are omitted from API requests. See + // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more + // details. + ForceSendFields []string `json:"-"` + // NullFields is a list of field names (e.g. "EncodedLocations") to include in + // API requests with the JSON null value. By default, fields with empty values + // are omitted from API requests. See + // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. + NullFields []string `json:"-"` +} + +func (s WorkforcePoolAllowedLocations) MarshalJSON() ([]byte, error) { + type NoMethod WorkforcePoolAllowedLocations + return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields) +} + +// WorkloadIdentityPoolAllowedLocations: Represents a list of allowed locations +// for given workload identity pool. +type WorkloadIdentityPoolAllowedLocations struct { + // EncodedLocations: Output only. The hex encoded bitmap of the trust boundary + // locations + EncodedLocations string `json:"encodedLocations,omitempty"` + // Locations: Output only. The human readable trust boundary locations. For + // example, ["us-central1", "europe-west1"] + Locations []string `json:"locations,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the server. + googleapi.ServerResponse `json:"-"` + // ForceSendFields is a list of field names (e.g. "EncodedLocations") to + // unconditionally include in API requests. By default, fields with empty or + // default values are omitted from API requests. See + // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more + // details. + ForceSendFields []string `json:"-"` + // NullFields is a list of field names (e.g. "EncodedLocations") to include in + // API requests with the JSON null value. By default, fields with empty values + // are omitted from API requests. See + // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. + NullFields []string `json:"-"` +} + +func (s WorkloadIdentityPoolAllowedLocations) MarshalJSON() ([]byte, error) { + type NoMethod WorkloadIdentityPoolAllowedLocations + return gensupport.MarshalJSON(NoMethod(s), s.ForceSendFields, s.NullFields) +} + +type LocationsWorkforcePoolsGetAllowedLocationsCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// GetAllowedLocations: Returns the trust boundary info for a given workforce +// pool. +// +// - name: Resource name of workforce pool. +func (r *LocationsWorkforcePoolsService) GetAllowedLocations(name string) *LocationsWorkforcePoolsGetAllowedLocationsCall { + c := &LocationsWorkforcePoolsGetAllowedLocationsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more +// details. +func (c *LocationsWorkforcePoolsGetAllowedLocationsCall) Fields(s ...googleapi.Field) *LocationsWorkforcePoolsGetAllowedLocationsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets an optional parameter which makes the operation fail if the +// object's ETag matches the given value. This is useful for getting updates +// only after the object has changed since the last request. +func (c *LocationsWorkforcePoolsGetAllowedLocationsCall) IfNoneMatch(entityTag string) *LocationsWorkforcePoolsGetAllowedLocationsCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. +func (c *LocationsWorkforcePoolsGetAllowedLocationsCall) Context(ctx context.Context) *LocationsWorkforcePoolsGetAllowedLocationsCall { + c.ctx_ = ctx + return c +} + +// Header returns a http.Header that can be modified by the caller to add +// headers to the request. +func (c *LocationsWorkforcePoolsGetAllowedLocationsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *LocationsWorkforcePoolsGetAllowedLocationsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/allowedLocations") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, nil) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "iamcredentials.locations.workforcePools.getAllowedLocations", "request", internallog.HTTPRequest(req, nil)) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "iamcredentials.locations.workforcePools.getAllowedLocations" call. +// Any non-2xx status code is an error. Response headers are in either +// *WorkforcePoolAllowedLocations.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *LocationsWorkforcePoolsGetAllowedLocationsCall) Do(opts ...googleapi.CallOption) (*WorkforcePoolAllowedLocations, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &WorkforcePoolAllowedLocations{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + b, err := gensupport.DecodeResponseBytes(target, res) + if err != nil { + return nil, err + } + c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "iamcredentials.locations.workforcePools.getAllowedLocations", "response", internallog.HTTPResponse(res, b)) + return ret, nil +} + +type ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// GetAllowedLocations: Returns the trust boundary info for a given workload +// identity pool. +// +// - name: Resource name of workload identity pool. +func (r *ProjectsLocationsWorkloadIdentityPoolsService) GetAllowedLocations(name string) *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall { + c := &ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more +// details. +func (c *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets an optional parameter which makes the operation fail if the +// object's ETag matches the given value. This is useful for getting updates +// only after the object has changed since the last request. +func (c *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. +func (c *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall { + c.ctx_ = ctx + return c +} + +// Header returns a http.Header that can be modified by the caller to add +// headers to the request. +func (c *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/allowedLocations") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, nil) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "iamcredentials.projects.locations.workloadIdentityPools.getAllowedLocations", "request", internallog.HTTPRequest(req, nil)) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "iamcredentials.projects.locations.workloadIdentityPools.getAllowedLocations" call. +// Any non-2xx status code is an error. Response headers are in either +// *WorkloadIdentityPoolAllowedLocations.ServerResponse.Header or (if a +// response was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsWorkloadIdentityPoolsGetAllowedLocationsCall) Do(opts ...googleapi.CallOption) (*WorkloadIdentityPoolAllowedLocations, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &WorkloadIdentityPoolAllowedLocations{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + b, err := gensupport.DecodeResponseBytes(target, res) + if err != nil { + return nil, err + } + c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "iamcredentials.projects.locations.workloadIdentityPools.getAllowedLocations", "response", internallog.HTTPResponse(res, b)) + return ret, nil +} + type ProjectsServiceAccountsGenerateAccessTokenCall struct { s *Service name string @@ -674,6 +1034,117 @@ func (c *ProjectsServiceAccountsGenerateIdTokenCall) Do(opts ...googleapi.CallOp return ret, nil } +type ProjectsServiceAccountsGetAllowedLocationsCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// GetAllowedLocations: Returns the trust boundary info for a given service +// account. +// +// - name: Resource name of service account. +func (r *ProjectsServiceAccountsService) GetAllowedLocations(name string) *ProjectsServiceAccountsGetAllowedLocationsCall { + c := &ProjectsServiceAccountsGetAllowedLocationsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more +// details. +func (c *ProjectsServiceAccountsGetAllowedLocationsCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGetAllowedLocationsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets an optional parameter which makes the operation fail if the +// object's ETag matches the given value. This is useful for getting updates +// only after the object has changed since the last request. +func (c *ProjectsServiceAccountsGetAllowedLocationsCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsGetAllowedLocationsCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. +func (c *ProjectsServiceAccountsGetAllowedLocationsCall) Context(ctx context.Context) *ProjectsServiceAccountsGetAllowedLocationsCall { + c.ctx_ = ctx + return c +} + +// Header returns a http.Header that can be modified by the caller to add +// headers to the request. +func (c *ProjectsServiceAccountsGetAllowedLocationsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsServiceAccountsGetAllowedLocationsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/allowedLocations") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, nil) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + c.s.logger.DebugContext(c.ctx_, "api request", "serviceName", apiName, "rpcName", "iamcredentials.projects.serviceAccounts.getAllowedLocations", "request", internallog.HTTPRequest(req, nil)) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "iamcredentials.projects.serviceAccounts.getAllowedLocations" call. +// Any non-2xx status code is an error. Response headers are in either +// *ServiceAccountAllowedLocations.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsServiceAccountsGetAllowedLocationsCall) Do(opts ...googleapi.CallOption) (*ServiceAccountAllowedLocations, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &ServiceAccountAllowedLocations{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + b, err := gensupport.DecodeResponseBytes(target, res) + if err != nil { + return nil, err + } + c.s.logger.DebugContext(c.ctx_, "api response", "serviceName", apiName, "rpcName", "iamcredentials.projects.serviceAccounts.getAllowedLocations", "response", internallog.HTTPResponse(res, b)) + return ret, nil +} + type ProjectsServiceAccountsSignBlobCall struct { s *Service name string diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go index 41f7c3212..c29c5ffee 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go @@ -5,4 +5,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.255.0" +const Version = "0.256.0" diff --git a/ci/resources/stemcell-version-bump/vendor/modules.txt b/ci/resources/stemcell-version-bump/vendor/modules.txt index f4b4317ab..7ddb8fdd8 100644 --- a/ci/resources/stemcell-version-bump/vendor/modules.txt +++ b/ci/resources/stemcell-version-bump/vendor/modules.txt @@ -158,7 +158,7 @@ github.com/google/s2a-go/stream # github.com/google/uuid v1.6.0 ## explicit github.com/google/uuid -# github.com/googleapis/enterprise-certificate-proxy v0.3.6 +# github.com/googleapis/enterprise-certificate-proxy v0.3.7 ## explicit; go 1.23.0 github.com/googleapis/enterprise-certificate-proxy/client github.com/googleapis/enterprise-certificate-proxy/client/util @@ -279,7 +279,7 @@ golang.org/x/net/idna golang.org/x/net/internal/httpcommon golang.org/x/net/internal/timeseries golang.org/x/net/trace -# golang.org/x/oauth2 v0.32.0 +# golang.org/x/oauth2 v0.33.0 ## explicit; go 1.24.0 golang.org/x/oauth2 golang.org/x/oauth2/authhandler @@ -291,7 +291,7 @@ golang.org/x/oauth2/google/internal/stsexchange golang.org/x/oauth2/internal golang.org/x/oauth2/jws golang.org/x/oauth2/jwt -# golang.org/x/sync v0.17.0 +# golang.org/x/sync v0.18.0 ## explicit; go 1.24.0 golang.org/x/sync/semaphore # golang.org/x/sys v0.37.0 @@ -309,7 +309,7 @@ golang.org/x/text/unicode/norm # golang.org/x/time v0.14.0 ## explicit; go 1.24.0 golang.org/x/time/rate -# google.golang.org/api v0.255.0 +# google.golang.org/api v0.256.0 ## explicit; go 1.24.0 google.golang.org/api/googleapi google.golang.org/api/googleapi/transport @@ -341,7 +341,7 @@ google.golang.org/genproto/googleapis/api/expr/v1alpha1 google.golang.org/genproto/googleapis/api/label google.golang.org/genproto/googleapis/api/metric google.golang.org/genproto/googleapis/api/monitoredres -# google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda +# google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 ## explicit; go 1.24.0 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails