Merge branch 'main' into gen-doc

.github/auto-label.yaml

@@ -1,7 +1 @@
 product: true
-requestsize:
-  enabled: true
-staleness:
-  pullrequest: true
-  old: 30
-  extraold: 60

.release-please-manifest-individual.json

@@ -1,5 +1,5 @@
 {
-  "auth": "0.1.0",
+  "auth": "0.1.1",
   "auth/oauth2adapt": "0.1.0",
   "bigquery": "1.59.1",
   "bigtable": "1.21.0",

auth/CHANGES.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [0.1.1](https://github.com/googleapis/google-cloud-go/compare/auth/v0.1.0...auth/v0.1.1) (2024-03-10)
+
+
+### Bug Fixes
+
+* **auth/impersonate:** Properly send default detect params ([#9529](https://github.com/googleapis/google-cloud-go/issues/9529)) ([5b6b8be](https://github.com/googleapis/google-cloud-go/commit/5b6b8bef577f82707e51f5cc5d258d5bdf90218f)), refs [#9136](https://github.com/googleapis/google-cloud-go/issues/9136)
+* **auth:** Update grpc-go to v1.56.3 ([343cea8](https://github.com/googleapis/google-cloud-go/commit/343cea8c43b1e31ae21ad50ad31d3b0b60143f8c))
+* **auth:** Update grpc-go to v1.59.0 ([81a97b0](https://github.com/googleapis/google-cloud-go/commit/81a97b06cb28b25432e4ece595c55a9857e960b7))
+
 ## 0.1.0 (2023-10-18)
 
 

auth/impersonate/idtoken.go

@@ -24,7 +24,6 @@ import (
 	"time"
 
 	"cloud.google.com/go/auth"
-	"cloud.google.com/go/auth/detect"
 	"cloud.google.com/go/auth/httptransport"
 	"cloud.google.com/go/auth/internal"
 )
@@ -88,9 +87,9 @@ func NewIDTokenProvider(opts *IDTokenOptions) (auth.TokenProvider, error) {
 	if opts.Client == nil && opts.TokenProvider == nil {
 		var err error
 		client, err = httptransport.NewClient(&httptransport.Options{
-			DetectOpts: &detect.Options{
-				Audience: defaultAud,
-				Scopes:   []string{defaultScope},
+			InternalOptions: &httptransport.InternalOptions{
+				DefaultAudience: defaultAud,
+				DefaultScopes:   []string{defaultScope},
 			},
 		})
 		if err != nil {

auth/impersonate/impersonate.go

@@ -24,7 +24,6 @@ import (
 	"time"
 
 	"cloud.google.com/go/auth"
-	"cloud.google.com/go/auth/detect"
 	"cloud.google.com/go/auth/httptransport"
 	"cloud.google.com/go/auth/internal"
 )
@@ -57,9 +56,9 @@ func NewCredentialTokenProvider(opts *CredentialOptions) (auth.TokenProvider, er
 	if opts.Client == nil && opts.TokenProvider == nil {
 		var err error
 		client, err = httptransport.NewClient(&httptransport.Options{
-			DetectOpts: &detect.Options{
-				Audience: defaultAud,
-				Scopes:   []string{defaultScope},
+			InternalOptions: &httptransport.InternalOptions{
+				DefaultAudience: defaultAud,
+				DefaultScopes:   []string{defaultScope},
 			},
 		})
 		if err != nil {

auth/impersonate/integration_test.go

@@ -72,14 +72,20 @@ func TestMain(m *testing.M) {
 func TestCredentialsTokenSourceIntegration(t *testing.T) {
 	testutil.IntegrationTestCheck(t)
 	tests := []struct {
-		name        string
-		baseKeyFile string
-		delegates   []string
+		name            string
+		baseKeyFile     string
+		delegates       []string
+		useDefaultCreds bool
 	}{
 		{
 			name:        "SA -> SA",
 			baseKeyFile: readerKeyFile,
 		},
+		{
+			name:            "SA -> SA (Default)",
+			baseKeyFile:     readerKeyFile,
+			useDefaultCreds: true,
+		},
 		{
 			name:        "SA -> Delegate -> SA",
 			baseKeyFile: baseKeyFile,
@@ -90,19 +96,27 @@ func TestCredentialsTokenSourceIntegration(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ctx := context.Background()
-			creds, err := detect.DefaultCredentials(&detect.Options{
-				Scopes:          []string{"https://www.googleapis.com/auth/cloud-platform"},
-				CredentialsFile: tt.baseKeyFile,
-			})
-			if err != nil {
-				t.Fatalf("detect.DefaultCredentials() = %v", err)
+			var creds *detect.Credentials
+			if !tt.useDefaultCreds {
+				var err error
+				creds, err = detect.DefaultCredentials(&detect.Options{
+					Scopes:          []string{"https://www.googleapis.com/auth/cloud-platform"},
+					CredentialsFile: tt.baseKeyFile,
+				})
+				if err != nil {
+					t.Fatalf("detect.DefaultCredentials() = %v", err)
+				}
 			}
-			tp, err := impersonate.NewCredentialTokenProvider(&impersonate.CredentialOptions{
+
+			opts := &impersonate.CredentialOptions{
 				TargetPrincipal: writerEmail,
 				Scopes:          []string{"https://www.googleapis.com/auth/devstorage.full_control"},
 				Delegates:       tt.delegates,
-				TokenProvider:   creds,
-			})
+			}
+			if !tt.useDefaultCreds {
+				opts.TokenProvider = creds
+			}
+			tp, err := impersonate.NewCredentialTokenProvider(opts)
 			if err != nil {
 				t.Fatalf("failed to create ts: %v", err)
 			}
@@ -123,14 +137,20 @@ func TestIDTokenSourceIntegration(t *testing.T) {
 
 	ctx := context.Background()
 	tests := []struct {
-		name        string
-		baseKeyFile string
-		delegates   []string
+		name            string
+		baseKeyFile     string
+		delegates       []string
+		useDefaultCreds bool
 	}{
 		{
 			name:        "SA -> SA",
 			baseKeyFile: readerKeyFile,
 		},
+
+		{
+			name:            "SA -> SA (Default)",
+			useDefaultCreds: true,
+		},
 		{
 			name:        "SA -> Delegate -> SA",
 			baseKeyFile: baseKeyFile,
@@ -141,21 +161,28 @@ func TestIDTokenSourceIntegration(t *testing.T) {
 	for _, tt := range tests {
 		name := tt.name
 		t.Run(name, func(t *testing.T) {
-			creds, err := detect.DefaultCredentials(&detect.Options{
-				Scopes:          []string{"https://www.googleapis.com/auth/cloud-platform"},
-				CredentialsFile: tt.baseKeyFile,
-			})
-			if err != nil {
-				t.Fatalf("detect.DefaultCredentials() = %v", err)
+			var creds *detect.Credentials
+			if !tt.useDefaultCreds {
+				var err error
+				creds, err = detect.DefaultCredentials(&detect.Options{
+					Scopes:          []string{"https://www.googleapis.com/auth/cloud-platform"},
+					CredentialsFile: tt.baseKeyFile,
+				})
+				if err != nil {
+					t.Fatalf("detect.DefaultCredentials() = %v", err)
+				}
 			}
 			aud := "http://example.com/"
-			tp, err := impersonate.NewIDTokenProvider(&impersonate.IDTokenOptions{
+			opts := &impersonate.IDTokenOptions{
 				TargetPrincipal: writerEmail,
 				Audience:        aud,
 				Delegates:       tt.delegates,
 				IncludeEmail:    true,
-				TokenProvider:   creds,
-			})
+			}
+			if !tt.useDefaultCreds {
+				opts.TokenProvider = creds
+			}
+			tp, err := impersonate.NewIDTokenProvider(opts)
 			if err != nil {
 				t.Fatalf("failed to create ts: %v", err)
 			}

auth/internal/transport/s2a.go

@@ -161,7 +161,6 @@ func shouldUseS2A(clientCertSource cert.Provider, opts *Options) bool {
 	if clientCertSource != nil {
 		return false
 	}
-	log.Println(os.Getenv(googleAPIUseS2AEnv))
 	// If EXPERIMENTAL_GOOGLE_API_USE_S2A is not set to true, skip S2A.
 	if b, err := strconv.ParseBool(os.Getenv(googleAPIUseS2AEnv)); err == nil && !b {
 		return false

bigtable/admin.go

@@ -234,12 +234,23 @@ const (
 	Unprotected
 )
 
-// TableConf contains all of the information necessary to create a table with column families.
+// Family represents a column family with its optional GC policy and value type.
+type Family struct {
+	GCPolicy  GCPolicy
+	ValueType Type
+}
+
+// TableConf contains all the information necessary to create a table with column families.
 type TableConf struct {
 	TableID   string
 	SplitKeys []string
-	// Families is a map from family name to GCPolicy
+	// DEPRECATED: Use ColumnFamilies instead.
+	// Families is a map from family name to GCPolicy.
+	// Only one of Families or ColumnFamilies may be set.
 	Families map[string]GCPolicy
+	// ColumnFamilies is a map from family name to family configuration.
+	// Only one of Families or ColumnFamilies may be set.
+	ColumnFamilies map[string]Family
 	// DeletionProtection can be none, protected or unprotected
 	// set to protected to make the table protected against data loss
 	DeletionProtection    DeletionProtection
@@ -283,7 +294,28 @@ func (ac *AdminClient) CreateTableFromConf(ctx context.Context, conf *TableConf)
 		tbl.ChangeStreamConfig = &btapb.ChangeStreamConfig{}
 		tbl.ChangeStreamConfig.RetentionPeriod = durationpb.New(conf.ChangeStreamRetention.(time.Duration))
 	}
-	if conf.Families != nil {
+	if conf.Families != nil && conf.ColumnFamilies != nil {
+		return errors.New("only one of Families or ColumnFamilies may be set, not both")
+	}
+
+	if conf.ColumnFamilies != nil {
+		tbl.ColumnFamilies = make(map[string]*btapb.ColumnFamily)
+		for fam, config := range conf.ColumnFamilies {
+			var gcPolicy *btapb.GcRule
+			if config.GCPolicy != nil {
+				gcPolicy = config.GCPolicy.proto()
+			} else {
+				gcPolicy = &btapb.GcRule{}
+			}
+
+			var typeProto *btapb.Type = nil
+			if config.ValueType != nil {
+				typeProto = config.ValueType.proto()
+			}
+
+			tbl.ColumnFamilies[fam] = &btapb.ColumnFamily{GcRule: gcPolicy, ValueType: typeProto}
+		}
+	} else if conf.Families != nil {
 		tbl.ColumnFamilies = make(map[string]*btapb.ColumnFamily)
 		for fam, policy := range conf.Families {
 			tbl.ColumnFamilies[fam] = &btapb.ColumnFamily{GcRule: policy.proto()}
@@ -316,6 +348,30 @@ func (ac *AdminClient) CreateColumnFamily(ctx context.Context, table, family str
 	return err
 }
 
+// CreateColumnFamilyWithConfig creates a new column family in a table with an optional GC policy and value type.
+func (ac *AdminClient) CreateColumnFamilyWithConfig(ctx context.Context, table, family string, config Family) error {
+	ctx = mergeOutgoingMetadata(ctx, ac.md)
+	prefix := ac.instancePrefix()
+
+	cf := &btapb.ColumnFamily{}
+	if config.GCPolicy != nil {
+		cf.GcRule = config.GCPolicy.proto()
+	}
+	if config.ValueType != nil {
+		cf.ValueType = config.ValueType.proto()
+	}
+
+	req := &btapb.ModifyColumnFamiliesRequest{
+		Name: prefix + "/tables/" + table,
+		Modifications: []*btapb.ModifyColumnFamiliesRequest_Modification{{
+			Id:  family,
+			Mod: &btapb.ModifyColumnFamiliesRequest_Modification_Create{Create: cf},
+		}},
+	}
+	_, err := ac.tClient.ModifyColumnFamilies(ctx, req)
+	return err
+}
+
 // UpdateTableConf contains all of the information necessary to update a table with column families.
 type UpdateTableConf struct {
 	tableID string

bigtable/bigtable.go

@@ -960,6 +960,21 @@ func (m *Mutation) DeleteRow() {
 	m.ops = append(m.ops, &btpb.Mutation{Mutation: &btpb.Mutation_DeleteFromRow_{DeleteFromRow: &btpb.Mutation_DeleteFromRow{}}})
 }
 
+// AddIntToCell adds an int64 value to a cell in an aggregate column family. The column family must
+// have an input type of Int64 or this mutation will fail.
+func (m *Mutation) AddIntToCell(family, column string, ts Timestamp, value int64) {
+	m.addToCell(family, column, ts, &btpb.Value{Kind: &btpb.Value_IntValue{IntValue: value}})
+}
+
+func (m *Mutation) addToCell(family, column string, ts Timestamp, value *btpb.Value) {
+	m.ops = append(m.ops, &btpb.Mutation{Mutation: &btpb.Mutation_AddToCell_{AddToCell: &btpb.Mutation_AddToCell{
+		FamilyName:      family,
+		ColumnQualifier: &btpb.Value{Kind: &btpb.Value_RawValue{RawValue: []byte(column)}},
+		Timestamp:       &btpb.Value{Kind: &btpb.Value_RawTimestampMicros{RawTimestampMicros: int64(ts.TruncateToMilliseconds())}},
+		Input:           value,
+	}}})
+}
+
 // entryErr is a container that combines an entry with the error that was returned for it.
 // Err may be nil if no error was returned for the Entry, or if the Entry has not yet been processed.
 type entryErr struct {