feat: enable DirectPath bound token in InstantiatingGrpcChannelProvider #3572
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
cc @rmehta19 |
|
Auth dep has been bumped in #3577, so I think you'll be able to sync this PR and get the tests to pass. |
…into directpath-bound-token-with-patch
rockspore
changed the title
rockspore
changed the title
Is there an order that these PRs should go in/ any dependency between the two? If not, we can try to get #3591 merged and then swing back to this. |
I don't believe there's any dependency between the two. I think Luwei and I are creating similar helper functions though, so the one that merges second can make use of them. |
+1 on @rmehta19's comment. I am hoping this PR can make the upcoming release, but there is no required order. #3591 can go first. |
lqiu96
reviewed
Feb 7, 2025
Comment on lines
+144
to
145
| @Nullable private final CallCredentials altsCallCredentials; | ||
| @Nullable private final CallCredentials mtlsS2ACallCredentials; |
There was a problem hiding this comment.
Can altsCallCredentials and mtlsS2ACallCredentials share the same variable? Something like hardBoundCallCredentials?
There was a problem hiding this comment.
Oh, from reading the code below, I'm assuming this is a limitation from directpath.
There was a problem hiding this comment.
Hmm, I guess we can at this point, because it's always one or the other. But does that provide any benefit?
If in the future, we want gRPC to use mTLS when falling back from DirectPath to CloudPath, we will need these two different creds again.
There was a problem hiding this comment.
Is it always going to be one or the other? I'd rather just have one variable to keep track of the hard bound callcredential state -> mtls vs alts if possible. Adding more variables makes it harder to keep track of all the combinations of possible states (mtls can be null or non-null + alts can be null or non-null).
If in the future, we want gRPC to use mTLS when falling back from DirectPath to CloudPath
Is this something that is in the works and you know that it will require multiple types of callcredentials? Or is this just a hypothetical example?
There was a problem hiding this comment.
Let's consolidate the discussion around keeping two credentials to this thread.
Is it always going to be one or the other?
I believe so in normal use cases although at this point you can see that DirectPath enablement is also controlled by an environment variable. So in theory, I suppose the decision could change in the runtime so two credentials need to exist independently to ensure there is no interference.
Even when that env var switch gets removed in the future, IMO we should still keep two credentials separate because we use a list of allowed bound token types to control the enablement of them independently. From that perspective, it should be fairly straightforward to track the null-ness of these two variables - they are enabled by the enum in the list.
Is this something that is in the works and you know that it will require multiple types of callcredentials? Or is this just a hypothetical example?
Our team has talked about that a few times but there is no concrete plan as of now. So yes it's fair to be considered as a hypothetical example.
There was a problem hiding this comment.
DirectPath enablement is also controlled by an environment variable. So in theory, I suppose the decision could change in the runtime so two credentials need to exist independently to ensure there is no interference.
+1, the answer to "can DirectPath be used" could change from after this transportChannelProvider is built (.build()) but before calling transportChannelProvider.createSingleChannel().
In general, I think it may be simpler to keep these two creds separate. I think that combining them would complicate our isMtlsS2AHardBoundTokensEnabled and isDirectPathBoundTokenEnabled logic below. Since both can be true on GCE and DirectPath takes precedence over using S2A, I think we would end up needing to combine the logic from those functions if we wanted a single hardBoundCallCredential. While DirectPath and S2A are doing similar things when it comes to enabling the usage hard bound tokens, I think at this time it might be difficult to try and reason about them together like this
Additionally, @lqiu96, from our discussion in #3591 (comment), It seems like creating 2 creds is ok, as they are created in the provider once, and are not exposed by the provider? That was a detailed discussion though, so I could be missing something.
There was a problem hiding this comment.
I'm not entirely sure I'm following because I am still only see this as a limitation with how DirectPath is being resolved.
Correct me if I'm wrong. For hard bound tokens, even if MTLS_S2A and ALTS are both in the hard-bound list, only one of them is going to to be used, right? Even if both are currently resolved to be non-null. The intended logic is roughly as follows:
If hardbound tokens list is non-empty:
- If DirectPath + ATLS token included -> Create the altsCallCredentials
- If Non-DirectPath + S2A enabled + S2A_MTLS token included -> Create the mtlsCallCredentials
Else:
- Use the normal flow
Changing how DirectPath is done is out of scope for this PR and two different hard-bound tokens can live here for now. I'm just not piecing together why two separate hard bound tokens need to exist (besides for the directpath limitation), since it's going to be either ALTS or MTLS, right? Or is there some fallback logic that I may be forgetting about.
There was a problem hiding this comment.
So due to the environment variable check inside isDirectPathEnabled which is called by canUseDirectPath used by createSingleChannel, we have to keep these two credentials separated for now.
I guess the remaining discussion is about whether it makes sense otherwise to keep these two credentials inside the object. You are right that only one of the bound tokens will be used in practice. So I agree there will be no technical reason preventing us from consolidating them into one private class member.
I tend to believe it's just our opinions on which way makes the code easier to reason and minimizes confusion that differ. As @rmehta19 pointed out, isMtlsS2AHardBoundTokensEnabled and isDirectPathBoundTokenEnabled would both mutate the hardBoundCallCredentials. IMHO, it feels less intuitive and more error-prone, if the order of populating hardBoundCallCredentials is accidentally changed or so. But I personally don't feel strongly about this. At the point, the environment variable check is gone for DirectPath enablement, I'm fine if it's concluded that one hardBoundCallCredentials is the better way to go.
There was a problem hiding this comment.
Yes agreed. Really either way is fine logic-wise, but I just want to be cautious of adding in so many additional credential variables (as it went from 1 to 3). Each may include multiple states and this increases the mental load when figuring out how channels are created, which channels are created, and which credentials are used for each channel used.
lqiu96
reviewed
Feb 7, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Show resolved
Hide resolved
lqiu96
reviewed
Feb 7, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Outdated
Show resolved
Hide resolved
lqiu96
reviewed
Feb 7, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Show resolved
Hide resolved
lqiu96
reviewed
Feb 7, 2025
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
Outdated
Show resolved
Hide resolved
|
/gcbrun |
lqiu96
approved these changes
Feb 10, 2025
Thanks a lot for reviewing this @lqiu96! Could you help merge it once ready? |
lqiu96
pushed a commit
that referenced
this pull request
Feb 10, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.53.0</summary> ## [2.53.0](v2.52.0...v2.53.0) (2025-02-10) ### Features * enable DirectPath bound token in InstantiatingGrpcChannelProvider ([#3572](#3572)) ([5080495](5080495)) * Enable MTLS_S2A bound token by default for gRPC S2A enabled flows ([#3591](#3591)) ([81e21f2](81e21f2)) * migrate away from deprecated graal-sdk dependency to use nativeimage ([#2706](#2706)) ([757801a](757801a)) ### Bug Fixes * Avoid creating message string prematurely for streaming calls ([#3622](#3622)) ([f805e70](f805e70)) ### Dependencies * update dependency com.google.code.gson:gson to v2.12.0 ([#3595](#3595)) ([1f1b119](1f1b119)) * update dependency com.google.code.gson:gson to v2.12.0 ([#3596](#3596)) ([af62f53](af62f53)) * update dependency com.google.code.gson:gson to v2.12.1 ([#3599](#3599)) ([18917ee](18917ee)) * update dependency com.google.code.gson:gson to v2.12.1 ([#3600](#3600)) ([3f82836](3f82836)) * update dependency commons-codec:commons-codec to v1.18.0 ([#3590](#3590)) ([cd46ba5](cd46ba5)) * update dependency io.netty:netty-tcnative-boringssl-static to v2.0.70.final ([#3623](#3623)) ([a4d1f95](a4d1f95)) * update dependency lxml to v5.3.1 ([#3624](#3624)) ([5407646](5407646)) * update dependency net.bytebuddy:byte-buddy to v1.17.0 ([#3582](#3582)) ([54d99e9](54d99e9)) * update dependency org.checkerframework:checker-qual to v3.49.0 ([#3604](#3604)) ([390cffa](390cffa)) * update dependency org.graalvm.sdk:nativeimage to v24.1.2 ([#3597](#3597)) ([9d151c4](9d151c4)) * update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to 456f60c ([#3607](#3607)) ([c2d2768](c2d2768)) * update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to d323c2b ([#3601](#3601)) ([ed35c23](ed35c23)) * update docker.io/library/python docker tag to v3.13.2 ([#3615](#3615)) ([ba007c2](ba007c2)) * update docker.io/library/python:3.13.1-alpine3.20 docker digest to 7788ec8 ([#3586](#3586)) ([a24d1ba](a24d1ba)) * update google api dependencies ([#3584](#3584)) ([08f2b7b](08f2b7b)) * update google auth library dependencies to v1.32.0 ([#3611](#3611)) ([9436eb0](9436eb0)) * update google auth library dependencies to v1.32.1 ([#3618](#3618)) ([88c78e2](88c78e2)) * update google http client dependencies to v1.46.1 ([#3616](#3616)) ([2462105](2462105)) * update googleapis/java-cloud-bom digest to 47ad868 ([#3608](#3608)) ([2bcf9e0](2bcf9e0)) * update googleapis/java-cloud-bom digest to 514a644 ([#3602](#3602)) ([172d4da](172d4da)) * update googleapis/java-cloud-bom digest to 7752ecd ([#3603](#3603)) ([06be924](06be924)) * update netty dependencies to v4.1.117.final ([#3581](#3581)) ([2734dc0](2734dc0)) * update netty dependencies to v4.1.118.final ([#3625](#3625)) ([16ff6bd](16ff6bd)) * update netty dependencies to v4.1.118.final ([#3626](#3626)) ([316c425](316c425)) * Update OpenTelemetry semantic convention packages in the shared dependencies ([#3402](#3402)) ([0e69784](0e69784)) * update opentelemetry-java monorepo to v1.46.0 ([#3585](#3585)) ([ac214be](ac214be)) * update opentelemetry-java monorepo to v1.47.0 ([#3619](#3619)) ([66901df](66901df)) * update repo-automation-bots digest to 35eff2c ([#3609](#3609)) ([b962a01](b962a01)) * update repo-automation-bots digest to 3a68a9c ([#3620](#3620)) ([1d79552](1d79552)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
lqiu96
pushed a commit
that referenced
this pull request
Feb 20, 2025
…er (#3572) Prepares a ComputeEngineCredentials that fetches DirectPath bound tokens for the gRPC ChannelCredentials if applicable.
lqiu96
pushed a commit
that referenced
this pull request
Feb 20, 2025
🤖 I have created a release *beep* *boop* --- <details><summary>2.53.0</summary> ## [2.53.0](v2.52.0...v2.53.0) (2025-02-10) ### Features * enable DirectPath bound token in InstantiatingGrpcChannelProvider ([#3572](#3572)) ([5080495](5080495)) * Enable MTLS_S2A bound token by default for gRPC S2A enabled flows ([#3591](#3591)) ([81e21f2](81e21f2)) * migrate away from deprecated graal-sdk dependency to use nativeimage ([#2706](#2706)) ([757801a](757801a)) ### Bug Fixes * Avoid creating message string prematurely for streaming calls ([#3622](#3622)) ([f805e70](f805e70)) ### Dependencies * update dependency com.google.code.gson:gson to v2.12.0 ([#3595](#3595)) ([1f1b119](1f1b119)) * update dependency com.google.code.gson:gson to v2.12.0 ([#3596](#3596)) ([af62f53](af62f53)) * update dependency com.google.code.gson:gson to v2.12.1 ([#3599](#3599)) ([18917ee](18917ee)) * update dependency com.google.code.gson:gson to v2.12.1 ([#3600](#3600)) ([3f82836](3f82836)) * update dependency commons-codec:commons-codec to v1.18.0 ([#3590](#3590)) ([cd46ba5](cd46ba5)) * update dependency io.netty:netty-tcnative-boringssl-static to v2.0.70.final ([#3623](#3623)) ([a4d1f95](a4d1f95)) * update dependency lxml to v5.3.1 ([#3624](#3624)) ([5407646](5407646)) * update dependency net.bytebuddy:byte-buddy to v1.17.0 ([#3582](#3582)) ([54d99e9](54d99e9)) * update dependency org.checkerframework:checker-qual to v3.49.0 ([#3604](#3604)) ([390cffa](390cffa)) * update dependency org.graalvm.sdk:nativeimage to v24.1.2 ([#3597](#3597)) ([9d151c4](9d151c4)) * update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to 456f60c ([#3607](#3607)) ([c2d2768](c2d2768)) * update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to d323c2b ([#3601](#3601)) ([ed35c23](ed35c23)) * update docker.io/library/python docker tag to v3.13.2 ([#3615](#3615)) ([ba007c2](ba007c2)) * update docker.io/library/python:3.13.1-alpine3.20 docker digest to 7788ec8 ([#3586](#3586)) ([a24d1ba](a24d1ba)) * update google api dependencies ([#3584](#3584)) ([08f2b7b](08f2b7b)) * update google auth library dependencies to v1.32.0 ([#3611](#3611)) ([9436eb0](9436eb0)) * update google auth library dependencies to v1.32.1 ([#3618](#3618)) ([88c78e2](88c78e2)) * update google http client dependencies to v1.46.1 ([#3616](#3616)) ([2462105](2462105)) * update googleapis/java-cloud-bom digest to 47ad868 ([#3608](#3608)) ([2bcf9e0](2bcf9e0)) * update googleapis/java-cloud-bom digest to 514a644 ([#3602](#3602)) ([172d4da](172d4da)) * update googleapis/java-cloud-bom digest to 7752ecd ([#3603](#3603)) ([06be924](06be924)) * update netty dependencies to v4.1.117.final ([#3581](#3581)) ([2734dc0](2734dc0)) * update netty dependencies to v4.1.118.final ([#3625](#3625)) ([16ff6bd](16ff6bd)) * update netty dependencies to v4.1.118.final ([#3626](#3626)) ([316c425](316c425)) * Update OpenTelemetry semantic convention packages in the shared dependencies ([#3402](#3402)) ([0e69784](0e69784)) * update opentelemetry-java monorepo to v1.46.0 ([#3585](#3585)) ([ac214be](ac214be)) * update opentelemetry-java monorepo to v1.47.0 ([#3619](#3619)) ([66901df](66901df)) * update repo-automation-bots digest to 35eff2c ([#3609](#3609)) ([b962a01](b962a01)) * update repo-automation-bots digest to 3a68a9c ([#3620](#3620)) ([1d79552](1d79552)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
Mar 3, 2025
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle | patch | `11.3.3` -> `11.3.4` | | [org.slf4j:slf4j-api](http://www.slf4j.org) ([source](https://github.com/qos-ch/slf4j), [changelog](https://www.slf4j.org/news.html)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.0.16` -> `2.0.17` | | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.52.0` -> `2.53.0` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.51.0` -> `2.52.0` | | [com.google.cloud:google-cloud-spanner](https://github.com/googleapis/java-spanner) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `6.86.0` -> `6.88.0` | | [com.google.cloud:google-cloud-logging](https://github.com/googleapis/java-logging) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `3.21.3` -> `3.21.4` | | [com.google.apis:google-api-services-cloudkms](http://nexus.sonatype.org/oss-repository-hosting.html) ([source](http://svn.sonatype.org/spice/tags/oss-parent-7)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `v1-rev20250102-2.0.0` -> `v1-rev20250213-2.0.0` | | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.26.2` -> `2.26.4` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.51.0` -> `2.52.0` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.61.0` -> `2.62.0` | | [io.netty:netty-handler](https://netty.io/) ([source](https://github.com/netty/netty)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `4.1.118.Final` -> `4.1.119.Final` | | [io.netty:netty-bom](https://netty.io/) ([source](https://github.com/netty/netty)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `4.1.118.Final` -> `4.1.119.Final` | | [org.junit.jupiter:junit-jupiter-params](https://junit.org/junit5/) ([source](https://github.com/junit-team/junit5)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.11.4` -> `5.12.0` | | [org.junit.jupiter:junit-jupiter-engine](https://junit.org/junit5/) ([source](https://github.com/junit-team/junit5)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.11.4` -> `5.12.0` | | [org.junit.jupiter:junit-jupiter-api](https://junit.org/junit5/) ([source](https://github.com/junit-team/junit5)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.11.4` -> `5.12.0` | | [com.google.http-client:google-http-client-jackson2](https://github.com/googleapis/google-http-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.46.1` -> `1.46.3` | | [com.google.http-client:google-http-client](https://github.com/googleapis/google-http-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.46.1` -> `1.46.3` | | [com.google.auth:google-auth-library-oauth2-http](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.32.1` -> `1.33.1` | | [com.google.auth:google-auth-library-credentials](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.32.1` -> `1.33.1` | | [io.gitlab.arturbosch.detekt](https://detekt.dev) ([source](https://github.com/detekt/detekt)) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `1.23.7` -> `1.23.8` | | [io.gitlab.arturbosch.detekt:detekt-test-utils](https://detekt.dev) ([source](https://github.com/detekt/detekt)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.23.7` -> `1.23.8` | | [io.gitlab.arturbosch.detekt:detekt-test](https://detekt.dev) ([source](https://github.com/detekt/detekt)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.23.7` -> `1.23.8` | | [io.gitlab.arturbosch.detekt:detekt-psi-utils](https://detekt.dev) ([source](https://github.com/detekt/detekt)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.23.7` -> `1.23.8` | | [io.gitlab.arturbosch.detekt:detekt-parser](https://detekt.dev) ([source](https://github.com/detekt/detekt)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.23.7` -> `1.23.8` | | [io.gitlab.arturbosch.detekt:detekt-api](https://detekt.dev) ([source](https://github.com/detekt/detekt)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.23.7` -> `1.23.8` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.8.2` -> `2.10.1` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.46.0` -> `1.46.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.46.0` -> `1.46.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.23` -> `2.30.30` | | [com.amazonaws:aws-java-sdk-sqs](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.781` -> `1.12.782` | | [com.amazonaws:aws-java-sdk-s3](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.781` -> `1.12.782` | | [com.amazonaws:aws-java-sdk-dynamodb](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.781` -> `1.12.782` | | [com.amazonaws:aws-java-sdk-core](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.781` -> `1.12.782` | | [org.awaitility:awaitility-kotlin](http://github.com/awaitility/awaitility) ([source](http://svn.sonatype.org/spice/trunk/oss/oss-parent-9)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `4.2.2` -> `4.3.0` | | [org.awaitility:awaitility](http://awaitility.org) ([source](http://svn.sonatype.org/spice/trunk/oss/oss-parent-9)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `4.2.2` -> `4.3.0` | --- ### Release Notes <details> <summary>googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)</summary> ### [`v2.53.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2530-2025-02-10) ##### Features - enable DirectPath bound token in InstantiatingGrpcChannelProvider ([#​3572](googleapis/sdk-platform-java#3572)) ([5080495](googleapis/sdk-platform-java@5080495)) - Enable MTLS_S2A bound token by default for gRPC S2A enabled flows ([#​3591](googleapis/sdk-platform-java#3591)) ([81e21f2](googleapis/sdk-platform-java@81e21f2)) - migrate away from deprecated graal-sdk dependency to use nativeimage ([#​2706](googleapis/sdk-platform-java#2706)) ([757801a](googleapis/sdk-platform-java@757801a)) ##### Bug Fixes - Avoid creating message string prematurely for streaming calls ([#​3622](googleapis/sdk-platform-java#3622)) ([f805e70](googleapis/sdk-platform-java@f805e70)) ##### Dependencies - update dependency com.google.code.gson:gson to v2.12.0 ([#​3595](googleapis/sdk-platform-java#3595)) ([1f1b119](googleapis/sdk-platform-java@1f1b119)) - update dependency com.google.code.gson:gson to v2.12.0 ([#​3596](googleapis/sdk-platform-java#3596)) ([af62f53](googleapis/sdk-platform-java@af62f53)) - update dependency com.google.code.gson:gson to v2.12.1 ([#​3599](googleapis/sdk-platform-java#3599)) ([18917ee](googleapis/sdk-platform-java@18917ee)) - update dependency com.google.code.gson:gson to v2.12.1 ([#​3600](googleapis/sdk-platform-java#3600)) ([3f82836](googleapis/sdk-platform-java@3f82836)) - update dependency commons-codec:commons-codec to v1.18.0 ([#​3590](googleapis/sdk-platform-java#3590)) ([cd46ba5](googleapis/sdk-platform-java@cd46ba5)) - update dependency io.netty:netty-tcnative-boringssl-static to v2.0.70.final ([#​3623](googleapis/sdk-platform-java#3623)) ([a4d1f95](googleapis/sdk-platform-java@a4d1f95)) - update dependency lxml to v5.3.1 ([#​3624](googleapis/sdk-platform-java#3624)) ([5407646](googleapis/sdk-platform-java@5407646)) - update dependency net.bytebuddy:byte-buddy to v1.17.0 ([#​3582](googleapis/sdk-platform-java#3582)) ([54d99e9](googleapis/sdk-platform-java@54d99e9)) - update dependency org.checkerframework:checker-qual to v3.49.0 ([#​3604](googleapis/sdk-platform-java#3604)) ([390cffa](googleapis/sdk-platform-java@390cffa)) - update dependency org.graalvm.sdk:nativeimage to v24.1.2 ([#​3597](googleapis/sdk-platform-java#3597)) ([9d151c4](googleapis/sdk-platform-java@9d151c4)) - update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to [`456f60c`](googleapis/sdk-platform-java@456f60c) ([#​3607](googleapis/sdk-platform-java#3607)) ([c2d2768](googleapis/sdk-platform-java@c2d2768)) - update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to [`d323c2b`](googleapis/sdk-platform-java@d323c2b) ([#​3601](googleapis/sdk-platform-java#3601)) ([ed35c23](googleapis/sdk-platform-java@ed35c23)) - update docker.io/library/python docker tag to v3.13.2 ([#​3615](googleapis/sdk-platform-java#3615)) ([ba007c2](googleapis/sdk-platform-java@ba007c2)) - update docker.io/library/python:3.13.1-alpine3.20 docker digest to [`7788ec8`](googleapis/sdk-platform-java@7788ec8) ([#​3586](googleapis/sdk-platform-java#3586)) ([a24d1ba](googleapis/sdk-platform-java@a24d1ba)) - update google api dependencies ([#​3584](googleapis/sdk-platform-java#3584)) ([08f2b7b](googleapis/sdk-platform-java@08f2b7b)) - update google auth library dependencies to v1.32.0 ([#​3611](googleapis/sdk-platform-java#3611)) ([9436eb0](googleapis/sdk-platform-java@9436eb0)) - update google auth library dependencies to v1.32.1 ([#​3618](googleapis/sdk-platform-java#3618)) ([88c78e2](googleapis/sdk-platform-java@88c78e2)) - update google http client dependencies to v1.46.1 ([#​3616](googleapis/sdk-platform-java#3616)) ([2462105](googleapis/sdk-platform-java@2462105)) - update googleapis/java-cloud-bom digest to [`47ad868`](googleapis/sdk-platform-java@47ad868) ([#​3608](googleapis/sdk-platform-java#3608)) ([2bcf9e0](googleapis/sdk-platform-java@2bcf9e0)) - update googleapis/java-cloud-bom digest to [`514a644`](googleapis/sdk-platform-java@514a644) ([#​3602](googleapis/sdk-platform-java#3602)) ([172d4da](googleapis/sdk-platform-java@172d4da)) - update googleapis/java-cloud-bom digest to [`7752ecd`](googleapis/sdk-platform-java@7752ecd) ([#​3603](googleapis/sdk-platform-java#3603)) ([06be924](googleapis/sdk-platform-java@06be924)) - update netty dependencies to v4.1.117.final ([#​3581](googleapis/sdk-platform-java#3581)) ([2734dc0](googleapis/sdk-platform-java@2734dc0)) - update netty dependencies to v4.1.118.final ([#​3625](googleapis/sdk-platform-java#3625)) ([16ff6bd](googleapis/sdk-platform-java@16ff6bd)) - update netty dependencies to v4.1.118.final ([#​3626](googleapis/sdk-platform-java#3626)) ([316c425](googleapis/sdk-platform-java@316c425)) - Update OpenTelemetry semantic convention packages in the shared dependencies ([#​3402](googleapis/sdk-platform-java#3402)) ([0e69784](googleapis/sdk-platform-java@0e69784)) - update opentelemetry-java monorepo to v1.46.0 ([#​3585](googleapis/sdk-platform-java#3585)) ([ac214be](googleapis/sdk-platform-java@ac214be)) - update opentelemetry-java monorepo to v1.47.0 ([#​3619](googleapis/sdk-platform-java#3619)) ([66901df](googleapis/sdk-platform-java@66901df)) - update repo-automation-bots digest to [`35eff2c`](googleapis/sdk-platform-java@35eff2c) ([#​3609](googleapis/sdk-platform-java#3609)) ([b962a01](googleapis/sdk-platform-java@b962a01)) - update repo-automation-bots digest to [`3a68a9c`](googleapis/sdk-platform-java@3a68a9c) ([#​3620](googleapis/sdk-platform-java#3620)) ([1d79552](googleapis/sdk-platform-java@1d79552)) </details> <details> <summary>googleapis/java-spanner (com.google.cloud:google-cloud-spanner)</summary> ### [`v6.88.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6880-2025-02-27) ##### Features - Add a last field in the PartialResultSet ([7c714be](googleapis/java-spanner@7c714be)) - Automatically set default sequence kind in JDBC and PGAdapter ([#​3658](googleapis/java-spanner#3658)) ([e8abf33](googleapis/java-spanner@e8abf33)) - Default authentication support for external hosts ([#​3656](googleapis/java-spanner#3656)) ([ace11d5](googleapis/java-spanner@ace11d5)) - **spanner:** A new enum `IsolationLevel` is added ([3fd33ba](googleapis/java-spanner@3fd33ba)) - **spanner:** Add instance partitions field in backup proto ([3fd33ba](googleapis/java-spanner@3fd33ba)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.54.0 ([57497ad](googleapis/java-spanner@57497ad)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.44.0 ([#​3665](googleapis/java-spanner#3665)) ([3543548](googleapis/java-spanner@3543548)) ### [`v6.87.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6870-2025-02-20) ##### Features - Add AddSplitPoints API ([a5ebcd3](googleapis/java-spanner@a5ebcd3)) - Add option for multiplexed sessions with partitioned operations ([#​3635](googleapis/java-spanner#3635)) ([dc89b4d](googleapis/java-spanner@dc89b4d)) - Add option to indicate that a statement is the last in a transaction ([#​3647](googleapis/java-spanner#3647)) ([b04ea80](googleapis/java-spanner@b04ea80)) - Adding gfe_latencies metric to built-in metrics ([#​3490](googleapis/java-spanner#3490)) ([314dadc](googleapis/java-spanner@314dadc)) - **spanner:** Support multiplexed session for read-write transactions ([#​3608](googleapis/java-spanner#3608)) ([bda78ed](googleapis/java-spanner@bda78ed)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.53.0 ([20a3d0d](googleapis/java-spanner@20a3d0d)) - **spanner:** End spans for read-write methods ([#​3629](googleapis/java-spanner#3629)) ([4a1f99c](googleapis/java-spanner@4a1f99c)) - **spanner:** Release resources in TransactionManager ([#​3638](googleapis/java-spanner#3638)) ([e0a3e5b](googleapis/java-spanner@e0a3e5b)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.43.0 ([#​3642](googleapis/java-spanner#3642)) ([c12968a](googleapis/java-spanner@c12968a)) </details> <details> <summary>googleapis/java-logging (com.google.cloud:google-cloud-logging)</summary> ### [`v3.21.4`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3214-2025-02-26) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.54.0 ([67fa9fb](googleapis/java-logging@67fa9fb)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.44.0 ([#​1768](googleapis/java-logging#1768)) ([a69e699](googleapis/java-logging@a69e699)) - Update googleapis/sdk-platform-java action to v2.54.0 ([#​1762](googleapis/java-logging#1762)) ([d50a8d2](googleapis/java-logging@d50a8d2)) </details> <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.26.4`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2264-2025-02-26) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.44.0 ([#​1769](googleapis/java-datastore#1769)) ([7a86509](googleapis/java-datastore@7a86509)) ### [`v2.26.3`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2263-2025-02-21) ##### Dependencies - Update dependency com.google.cloud:gapic-libraries-bom to v1.52.0 ([#​1747](googleapis/java-datastore#1747)) ([592072b](googleapis/java-datastore@592072b)) </details> <details> <summary>googleapis/google-http-java-client (com.google.http-client:google-http-client-jackson2)</summary> ### [`v1.46.3`](https://github.com/googleapis/google-http-java-client/blob/HEAD/CHANGELOG.md#1463-2025-02-25) ##### Dependencies - Update native-image-shared-config to 1.14.4 ([1ab8c28](googleapis/google-http-java-client@1ab8c28)) ### [`v1.46.2`](https://github.com/googleapis/google-http-java-client/blob/HEAD/CHANGELOG.md#1462-2025-02-24) ##### Dependencies - Update grpc-context-io to 1.70.0 ([#​2078](googleapis/google-http-java-client#2078)) ([3a82a5f](googleapis/google-http-java-client@3a82a5f)) </details> <details> <summary>googleapis/google-auth-library-java (com.google.auth:google-auth-library-oauth2-http)</summary> ### [`v1.33.1`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1331-2025-02-25) ##### Dependencies - Update dependency com.google.cloud:google-cloud-shared-config to v1.14.4 ([53a2abc](googleapis/google-auth-library-java@53a2abc)) ### [`v1.33.0`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1330-2025-02-24) ##### Features - Add client logging with slf4j ([#​1586](googleapis/google-auth-library-java#1586)) ([24761d6](googleapis/google-auth-library-java@24761d6)) ##### Dependencies - Update dependency com.google.http-client:google-http-client-bom to v1.46.1 ([96a5ad8](googleapis/google-auth-library-java@96a5ad8)) </details> <details> <summary>detekt/detekt (io.gitlab.arturbosch.detekt)</summary> ### [`v1.23.8`](https://github.com/detekt/detekt/releases/tag/v1.23.8) ##### 1.23.8 - 2025-02-20 This is a point release for Detekt `1.23.0`, built against Kotlin `2.0.21`, with fixes for several bugs that got reported by the community. ##### Notable Changes - fix(deps): Update kotlin to 2.0.21 - [#​7580](detekt/detekt#7580) - fix(deps): Update AGP to v8.8.1 - [#​7879](detekt/detekt#7936) - fix(deps): update Gradle to v8.12.1 - [#​7780](detekt/detekt#7780) ##### Changelog - UseDataClass: do not report on `expect` classes - [#​7857](detekt/detekt#7857) - Fix InjectDispatcher false positives - [#​7797](detekt/detekt#7797) - \[UnnecessaryParentheses] Allow float/double without integer part - [#​7751](detekt/detekt#7751) - Fix `ThrowingExceptionsWithoutMessageOrCause` false positive - [#​7715](detekt/detekt#7715) - Issue [#​7634](detekt/detekt#7634): Make `UndocumentedPublicClass` configurable to flag \`com… - [#​7635](detekt/detekt#7635) - Fix redundant empty tags in baseline XML - [#​7625](detekt/detekt#7625) - MatchingDeclarationName now supports platofrm suffixes - [#​6426](detekt/detekt#6426) ##### Contributors We would like to thank the following contributors that made this release possible: [@​BraisGabin](https://github.com/BraisGabin), [@​JordanLongstaff](https://github.com/JordanLongstaff), [@​Nava2](https://github.com/Nava2), [@​atulgpt](https://github.com/atulgpt), [@​eygraber](https://github.com/eygraber), [@​lexa-diky](https://github.com/lexa-diky), [@​t-kameyama](https://github.com/t-kameyama) </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.10.1`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2101) - \[Fix]: `BuildHealthException` extends `VerificationException`. - \[Fix]: module advice must be 'actionable' to be 'not empty'. ### [`v2.10.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2100) - \[Feat]: new `dependencyAnalysis.reporting.printBuildHealth` DSL option. - \[Fix]: support colorizing multiline strings. ### [`v2.9.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-290) - \[Feat]: if buildHealth contains only warnings, adjust message to be less severe. - \[Feat]: provide way to opt-out of printing postscript if it only contains warnings. - \[Feat]: improve console output with colors and smarter vertical spacing. - \[Fix]: improve comparability of `Declaration`. - \[Fix]: dependency model classes are now fully Comparable. - \[Fix]: `Source` is fully Comparable. - \[Fix]: `ExplodingBytecode` is fully Comparable. - \[Perf]: improve performance of `isForMissingSuperclass` (again). - \[Chore]: update to Kotlin 2.0.21. - \[Chore]: test against AGP 8.9 and 8.10 ```kotlin dependencyAnalysis { reporting { onlyOnFailure(false) // when true, only prints postscript when there are failure-level issues. postscript(/* Some text to help out end users who may not be build engineers. */) } } ``` </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.46.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.46.1): 1.46.1 ##### Components ##### Dynamic Instrumentation - 🐛 🍒 8344 - Fix CodeOrigin for [@​Trace](https://github.com/Trace) annotation ([#​8425](DataDog/dd-trace-java#8425) - [@​evanchooly](https://github.com/evanchooly)) - 🐛 🍒 8369 - Disable capture of entry values ([#​8424](DataDog/dd-trace-java#8424) - [@​evanchooly](https://github.com/evanchooly)) ##### Other changes ##### Library Injection - 🐛 Address partial library copy failures causing failed application startups in k8s. </details> <details> <summary>aws/aws-sdk-java (com.amazonaws:aws-java-sdk-sqs)</summary> ### [`v1.12.782`](https://github.com/aws/aws-sdk-java/blob/HEAD/CHANGELOG.md#112782-2025-02-17) [Compare Source](aws/aws-sdk-java@1.12.781...1.12.782) #### **AWS SDK for Java** - ### Features - Add account endpoint business metrics to user agent </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: c09b37e74def026f742f5d17fa486de17cc259d9
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prepares a ComputeEngineCredentials that fetches DirectPath bound tokens for the gRPC ChannelCredentials if applicable.