Merge branch 'main' into workforce-credentials

googleapis · Jan 12, 2024 · 715a7a3 · 715a7a3
2 parents 6e13ac2 + cb782dd
commit 715a7a3
Show file tree

Hide file tree

Showing 30 changed files with 848 additions and 178 deletions.
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -13,7 +13,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
         - name: Checkout
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
         - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
         - name: Setup PHP
           uses: shivammathur/setup-php@v2

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,33 @@
+name: Release Pre-Check
+on:
+  pull_request:
+  workflow_dispatch:
+permissions:
+  contents: read
+jobs:
+  release-suite:
+    runs-on: ubuntu-latest
+    name: Run googleapis/google-cloud-php tests against latest version
+    if: github.event.pull_request.user.login == 'release-please[bot]'
+    steps:
+    - uses: actions/checkout@v4
+    - name: Clone googleapis/google-cloud-php
+      uses: actions/checkout@master
+      with:
+        repository: googleapis/google-cloud-php
+        path: google-cloud-php
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: '8.1'
+        extensions: grpc
+    - name: Configure google/auth to dev-main
+      run: |
+        cd google-cloud-php
+        composer install -q -d dev
+        dev/google-cloud update-deps google/auth 'dev-main as 1.200.0' --add=dev
+    - name: Run google/cloud package tests
+      run: |
+        cd google-cloud-php
+        bash .github/run-package-tests.sh
+
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -11,10 +11,10 @@ jobs:
         runs-on: ubuntu-latest
         strategy:
             matrix:
-                php: [ "7.4", "8.0", "8.1", "8.2" ]
+                php: [ "7.4", "8.0", "8.1", "8.2", "8.3" ]
         name: PHP ${{matrix.php }} Unit Test
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
               with:
@@ -31,7 +31,7 @@ jobs:
         runs-on: ubuntu-latest
         name: Test Prefer Lowest
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
               with:
@@ -49,11 +49,11 @@ jobs:
       runs-on: ubuntu-latest
       name: PHP Style Check
       steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.0'
+          php-version: '8.2'
       - name: Run Script
         run: |
           composer install
@@ -64,11 +64,11 @@ jobs:
       runs-on: ubuntu-latest
       name: PHPStan Static Analysis
       steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.0'
+          php-version: '8.2'
       - name: Run Script
         run: |
           composer install

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,51 @@
 
  * [feat]: add support for Firebase v6.0 (#391)
 
+## [1.34.0](https://github.com/googleapis/google-auth-library-php/compare/v1.33.0...v1.34.0) (2024-01-03)
+
+
+### Features
+
+* Respect sub for domain-wide delegation in service account creds ([#505](https://github.com/googleapis/google-auth-library-php/issues/505)) ([821d4f3](https://github.com/googleapis/google-auth-library-php/commit/821d4f3e5e496c4dfd5e68e58daaa81484f8af99))
+* Support universe domain in service account and metadata credentials ([#482](https://github.com/googleapis/google-auth-library-php/issues/482)) ([e4aa874](https://github.com/googleapis/google-auth-library-php/commit/e4aa874e2e1dd321f811b09a80f58d42986bf418))
+
+
+### Bug Fixes
+
+* ID Token Caching for GCECredentials ([#510](https://github.com/googleapis/google-auth-library-php/issues/510)) ([3222f9e](https://github.com/googleapis/google-auth-library-php/commit/3222f9e5c8d836e21d062ff861b32d3ac867930a))
+
+## [1.33.0](https://github.com/googleapis/google-auth-library-php/compare/v1.32.1...v1.33.0) (2023-11-29)
+
+
+### Features
+
+* Add and implement universe domain interface ([#477](https://github.com/googleapis/google-auth-library-php/issues/477)) ([35781ed](https://github.com/googleapis/google-auth-library-php/commit/35781ed573aa9d831d38452eefbac790559dfb97))
+
+### Miscellaneous
+
+* Refactor `AuthTokenMiddleware` ([#492](https://github.com/googleapis/google-auth-library-php/pull/492))
+
+## [1.32.1](https://github.com/googleapis/google-auth-library-php/compare/v1.32.0...v1.32.1) (2023-10-17)
+
+
+### Bug Fixes
+
+* Allowed_algs not properly set for string value ([#489](https://github.com/googleapis/google-auth-library-php/issues/489)) ([0042b52](https://github.com/googleapis/google-auth-library-php/commit/0042b522ebbcffc6d6623e322d162d963eada3b5))
+
+## [1.32.0](https://github.com/googleapis/google-auth-library-php/compare/v1.31.0...v1.32.0) (2023-10-10)
+
+
+### Features
+
+* Respect cache control for access token certs ([#479](https://github.com/googleapis/google-auth-library-php/issues/479)) ([6d426b5](https://github.com/googleapis/google-auth-library-php/commit/6d426b5cb9462845d2c2d7d506318c9bee613528))
+
+## [1.31.0](https://github.com/googleapis/google-auth-library-php/compare/v1.30.0...v1.31.0) (2023-10-05)
+
+
+### Features
+
+* Add AWS credential source ([#474](https://github.com/googleapis/google-auth-library-php/issues/474)) ([e5bc897](https://github.com/googleapis/google-auth-library-php/commit/e5bc8979bf87159d9acab1ca8cb7cd7af008b2a6))
+
 ## [1.30.0](https://github.com/googleapis/google-auth-library-php/compare/v1.29.1...v1.30.0) (2023-09-07)
 
 

diff --git a/README.md b/README.md
@@ -35,44 +35,28 @@ composer.phar require google/auth
 ## Application Default Credentials
 
 This library provides an implementation of
-[application default credentials][application default credentials] for PHP.
+[Application Default Credentials (ADC)][application default credentials] for PHP.
 
-The Application Default Credentials provide a simple way to get authorization
-credentials for use in calling Google APIs.
+Application Default Credentials provides a simple way to get authorization
+credentials for use in calling Google APIs, and is
+the recommended approach to authorize calls to Cloud APIs.
 
-They are best suited for cases when the call needs to have the same identity
-and authorization level for the application independent of the user. This is
-the recommended approach to authorize calls to Cloud APIs, particularly when
-you're building an application that uses Google Compute Engine.
+### Set up ADC
 
-#### Download your Service Account Credentials JSON file
+To use ADC, you must set it up by providing credentials.
+How you set up ADC depends on the environment where your code is running,
+and whether you are running code in a test or production environment.
 
-To use `Application Default Credentials`, You first need to download a set of
-JSON credentials for your project. Go to **APIs & Services** > **Credentials** in
-the [Google Developers Console][developer console] and select
-**Service account** from the **Add credentials** dropdown.
+For more information, see [Set up Application Default Credentials][set-up-adc].
 
-> This file is your *only copy* of these credentials. It should never be
-> committed with your source code, and should be stored securely.
-
-Once downloaded, store the path to this file in the
-`GOOGLE_APPLICATION_CREDENTIALS` environment variable.
-
-```php
-putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
-```
-
-> PHP's `putenv` function is just one way to set an environment variable.
-> Consider using `.htaccess` or apache configuration files as well.
-
-#### Enable the API you want to use
+### Enable the API you want to use
 
 Before making your API call, you must be sure the API you're calling has been
 enabled. Go to **APIs & Auth** > **APIs** in the
 [Google Developers Console][developer console] and enable the APIs you'd like to
 call. For the example below, you must enable the `Drive API`.
 
-#### Call the APIs
+### Call the APIs
 
 As long as you update the environment variable below to point to *your* JSON
 credentials file, the following code should output a list of your Drive files.
@@ -257,6 +241,18 @@ print_r((string) $response->getBody());
 
 [iap-proxy-header]: https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_proxy-authorization_header
 
+#### External credentials (Workload identity federation)
+
+Using workload identity federation, your application can access Google Cloud resources from Amazon Web Services (AWS),
+Microsoft Azure or any identity provider that supports OpenID Connect (OIDC).
+
+Traditionally, applications running outside Google Cloud have used service account keys to access Google Cloud
+resources. Using identity federation, you can allow your workload to impersonate a service account. This lets you access
+Google Cloud resources directly, eliminating the maintenance and security burden associated with service account keys.
+
+Follow the detailed instructions on how to
+[Configure Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds).
+
 #### Verifying JWTs
 
 If you are [using Google ID tokens to authenticate users][google-id-tokens], use
@@ -304,9 +300,10 @@ hesitate to
 about the client or APIs on [StackOverflow](http://stackoverflow.com).
 
 [google-apis-php-client]: https://github.com/google/google-api-php-client
-[application default credentials]: https://developers.google.com/accounts/docs/application-default-credentials
+[application default credentials]: https://cloud.google.com/docs/authentication/application-default-credentials
 [contributing]: https://github.com/google/google-auth-library-php/tree/main/.github/CONTRIBUTING.md
 [copying]: https://github.com/google/google-auth-library-php/tree/main/COPYING
 [Guzzle]: https://github.com/guzzle/guzzle
 [Guzzle 5]: http://docs.guzzlephp.org/en/5.3
 [developer console]: https://console.developers.google.com
+[set-up-adc]: https://cloud.google.com/docs/authentication/provide-credentials-adc
diff --git a/VERSION b/VERSION
@@ -0,0 +1 @@
+1.33.0
diff --git a/composer.json b/composer.json
@@ -11,7 +11,7 @@
   "require": {
     "php": "^7.4||^8.0",
     "firebase/php-jwt": "^6.0",
-    "guzzlehttp/guzzle": "^6.2.1|^7.0",
+    "guzzlehttp/guzzle": "^6.5.8||^7.4.5",
     "guzzlehttp/psr7": "^2.4.5",
     "psr/http-message": "^1.1||^2.0",
     "psr/cache": "^1.0||^2.0||^3.0"

diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="tests/bootstrap.php" colors="true" convertWarningsToExceptions="false" convertNoticesToExceptions="false" convertErrorsToExceptions="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="tests/bootstrap.php" colors="true" convertWarningsToExceptions="true" convertNoticesToExceptions="false" convertErrorsToExceptions="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
   <coverage>
     <include>
       <directory suffix=".php">src</directory>