feat: update all protos and pb2 files (#92)

* feat: update all protos and pb2 files * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: parthea

google/api/annotations.proto

@@ -1,4 +1,4 @@
-// Copyright (c) 2015, Google Inc.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

google/api/auth.proto

@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,18 +16,16 @@ syntax = "proto3";
 
 package google.api;
 
-import "google/api/annotations.proto";
-
 option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
 option java_multiple_files = true;
 option java_outer_classname = "AuthProto";
 option java_package = "com.google.api";
 option objc_class_prefix = "GAPI";
 
-
-// `Authentication` defines the authentication configuration for an API.
+// `Authentication` defines the authentication configuration for API methods
+// provided by an API service.
 //
-// Example for an API targeted for external use:
+// Example:
 //
 // name: calendar.googleapis.com
 // authentication:
@@ -39,6 +37,9 @@ option objc_class_prefix = "GAPI";
 // - selector: "*"
 // requirements:
 // provider_id: google_calendar_auth
+// - selector: google.calendar.Delegate
+// oauth:
+// canonical_scopes: https://www.googleapis.com/auth/calendar.read
 message Authentication {
  // A list of authentication rules that apply to individual API methods.
  //
@@ -68,14 +69,37 @@ message AuthenticationRule {
  OAuthRequirements oauth = 2;
 
  // If true, the service accepts API keys without any other credential.
+ // This flag only applies to HTTP and gRPC requests.
  bool allow_without_credential = 5;
 
  // Requirements for additional authentication providers.
  repeated AuthRequirement requirements = 7;
 }
 
-// Configuration for an anthentication provider, including support for
-// [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+// Specifies a location to extract JWT from an API request.
+message JwtLocation {
+ oneof in {
+ // Specifies HTTP header name to extract JWT token.
+ string header = 1;
+
+ // Specifies URL query parameter name to extract JWT token.
+ string query = 2;
+ }
+
+ // The value prefix. The value format is "value_prefix{token}"
+ // Only applies to "in" header type. Must be empty for "in" query type.
+ // If not empty, the header value has to match (case sensitive) this prefix.
+ // If not matched, JWT will not be extracted. If matched, JWT will be
+ // extracted after the prefix is removed.
+ //
+ // For example, for "Authorization: Bearer {JWT}",
+ // value_prefix="Bearer " with a space at the end.
+ string value_prefix = 3;
+}
+
+// Configuration for an authentication provider, including support for
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
 message AuthProvider {
  // The unique identifier of the auth provider. It will be referred to by
  // `AuthRequirement.provider_id`.
@@ -92,34 +116,60 @@ message AuthProvider {
  string issuer = 2;
 
  // URL of the provider's public key set to validate signature of the JWT. See
- // [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+ // [OpenID
+ // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
  // Optional if the key set document:
  // - can be retrieved from
- // [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html
+ // [OpenID
+ // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)
  // of the issuer.
- // - can be inferred from the email domain of the issuer (e.g. a Google service account).
+ // - can be inferred from the email domain of the issuer (e.g. a Google
+ // service account).
  //
  // Example: https://www.googleapis.com/oauth2/v1/certs
  string jwks_uri = 3;
 
  // The list of JWT
  // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
  // that are allowed to access. A JWT containing any of these audiences will
- // be accepted. When this setting is absent, only JWTs with audience
- // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
- // will be accepted. For example, if no audiences are in the setting,
- // LibraryService API will only accept JWTs with the following audience
- // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
+ // be accepted. When this setting is absent, JWTs with audiences:
+ // - "https://[service.name]/[google.protobuf.Api.name]"
+ // - "https://[service.name]/"
+ // will be accepted.
+ // For example, if no audiences are in the setting, LibraryService API will
+ // accept JWTs with the following audiences:
+ // -
+ // https://library-example.googleapis.com/google.example.library.v1.LibraryService
+ // - https://library-example.googleapis.com/
  //
  // Example:
  //
  // audiences: bookstore_android.apps.googleusercontent.com,
  // bookstore_web.apps.googleusercontent.com
  string audiences = 4;
 
- // Redirect URL if JWT token is required but no present or is expired.
+ // Redirect URL if JWT token is required but not present or is expired.
  // Implement authorizationUrl of securityDefinitions in OpenAPI spec.
  string authorization_url = 5;
+
+ // Defines the locations to extract the JWT.
+ //
+ // JWT locations can be either from HTTP headers or URL query parameters.
+ // The rule is that the first match wins. The checking order is: checking
+ // all headers first, then URL query parameters.
+ //
+ // If not specified, default to use following 3 locations:
+ // 1) Authorization: Bearer
+ // 2) x-goog-iap-jwt-assertion
+ // 3) access_token query parameter
+ //
+ // Default locations can be specified as followings:
+ // jwt_locations:
+ // - header: Authorization
+ // value_prefix: "Bearer "
+ // - header: x-goog-iap-jwt-assertion
+ // - query: access_token
+ repeated JwtLocation jwt_locations = 6;
 }
 
 // OAuth scopes are a way to define data and permissions on data. For example,
@@ -152,7 +202,8 @@ message OAuthRequirements {
 }
 
 // User-defined authentication requirements, including support for
-// [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
 message AuthRequirement {
  // [id][google.api.AuthProvider.id] from authentication provider.
  //

google/api/auth_pb2.py

@@ -27,17 +27,13 @@
 _sym_db = _symbol_database.Default()
 
 
-from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
-
-
 DESCRIPTOR = _descriptor.FileDescriptor(
  name="google/api/auth.proto",
  package="google.api",
  syntax="proto3",
  serialized_options=b"\n\016com.google.apiB\tAuthProtoP\001ZEgoogle.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig\242\002\004GAPI",
  create_key=_descriptor._internal_create_key,
- serialized_pb=b'\n\x15google/api/auth.proto\x12\ngoogle.api\x1a\x1cgoogle/api/annotations.proto"l\n\x0e\x41uthentication\x12-\n\x05rules\x18\x03 \x03(\x0b\x32\x1e.google.api.AuthenticationRule\x12+\n\tproviders\x18\x04 \x03(\x0b\x32\x18.google.api.AuthProvider"\xa9\x01\n\x12\x41uthenticationRule\x12\x10\n\x08selector\x18\x01 \x01(\t\x12,\n\x05oauth\x18\x02 \x01(\x0b\x32\x1d.google.api.OAuthRequirements\x12 \n\x18\x61llow_without_credential\x18\x05 \x01(\x08\x12\x31\n\x0crequirements\x18\x07 \x03(\x0b\x32\x1b.google.api.AuthRequirement"j\n\x0c\x41uthProvider\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0e\n\x06issuer\x18\x02 \x01(\t\x12\x10\n\x08jwks_uri\x18\x03 \x01(\t\x12\x11\n\taudiences\x18\x04 \x01(\t\x12\x19\n\x11\x61uthorization_url\x18\x05 \x01(\t"-\n\x11OAuthRequirements\x12\x18\n\x10\x63\x61nonical_scopes\x18\x01 \x01(\t"9\n\x0f\x41uthRequirement\x12\x13\n\x0bprovider_id\x18\x01 \x01(\t\x12\x11\n\taudiences\x18\x02 \x01(\tBk\n\x0e\x63om.google.apiB\tAuthProtoP\x01ZEgoogle.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig\xa2\x02\x04GAPIb\x06proto3',
- dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR],
+ serialized_pb=b'\n\x15google/api/auth.proto\x12\ngoogle.api"l\n\x0e\x41uthentication\x12-\n\x05rules\x18\x03 \x03(\x0b\x32\x1e.google.api.AuthenticationRule\x12+\n\tproviders\x18\x04 \x03(\x0b\x32\x18.google.api.AuthProvider"\xa9\x01\n\x12\x41uthenticationRule\x12\x10\n\x08selector\x18\x01 \x01(\t\x12,\n\x05oauth\x18\x02 \x01(\x0b\x32\x1d.google.api.OAuthRequirements\x12 \n\x18\x61llow_without_credential\x18\x05 \x01(\x08\x12\x31\n\x0crequirements\x18\x07 \x03(\x0b\x32\x1b.google.api.AuthRequirement"L\n\x0bJwtLocation\x12\x10\n\x06header\x18\x01 \x01(\tH\x00\x12\x0f\n\x05query\x18\x02 \x01(\tH\x00\x12\x14\n\x0cvalue_prefix\x18\x03 \x01(\tB\x04\n\x02in"\x9a\x01\n\x0c\x41uthProvider\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0e\n\x06issuer\x18\x02 \x01(\t\x12\x10\n\x08jwks_uri\x18\x03 \x01(\t\x12\x11\n\taudiences\x18\x04 \x01(\t\x12\x19\n\x11\x61uthorization_url\x18\x05 \x01(\t\x12.\n\rjwt_locations\x18\x06 \x03(\x0b\x32\x17.google.api.JwtLocation"-\n\x11OAuthRequirements\x12\x18\n\x10\x63\x61nonical_scopes\x18\x01 \x01(\t"9\n\x0f\x41uthRequirement\x12\x13\n\x0bprovider_id\x18\x01 \x01(\t\x12\x11\n\taudiences\x18\x02 \x01(\tBk\n\x0e\x63om.google.apiB\tAuthProtoP\x01ZEgoogle.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig\xa2\x02\x04GAPIb\x06proto3',
 )
 
 
@@ -96,8 +92,8 @@
  syntax="proto3",
  extension_ranges=[],
  oneofs=[],
- serialized_start=67,
- serialized_end=175,
+ serialized_start=37,
+ serialized_end=145,
 )
 
 
@@ -194,8 +190,96 @@
  syntax="proto3",
  extension_ranges=[],
  oneofs=[],
- serialized_start=178,
- serialized_end=347,
+ serialized_start=148,
+ serialized_end=317,
+)
+
+
+_JWTLOCATION = _descriptor.Descriptor(
+ name="JwtLocation",
+ full_name="google.api.JwtLocation",
+ filename=None,
+ file=DESCRIPTOR,
+ containing_type=None,
+ create_key=_descriptor._internal_create_key,
+ fields=[
+ _descriptor.FieldDescriptor(
+ name="header",
+ full_name="google.api.JwtLocation.header",
+ index=0,
+ number=1,
+ type=9,
+ cpp_type=9,
+ label=1,
+ has_default_value=False,
+ default_value=b"".decode("utf-8"),
+ message_type=None,
+ enum_type=None,
+ containing_type=None,
+ is_extension=False,
+ extension_scope=None,
+ serialized_options=None,
+ file=DESCRIPTOR,
+ create_key=_descriptor._internal_create_key,
+ ),
+ _descriptor.FieldDescriptor(
+ name="query",
+ full_name="google.api.JwtLocation.query",
+ index=1,
+ number=2,
+ type=9,
+ cpp_type=9,
+ label=1,
+ has_default_value=False,
+ default_value=b"".decode("utf-8"),
+ message_type=None,
+ enum_type=None,
+ containing_type=None,
+ is_extension=False,
+ extension_scope=None,
+ serialized_options=None,
+ file=DESCRIPTOR,
+ create_key=_descriptor._internal_create_key,
+ ),
+ _descriptor.FieldDescriptor(
+ name="value_prefix",
+ full_name="google.api.JwtLocation.value_prefix",
+ index=2,
+ number=3,
+ type=9,
+ cpp_type=9,
+ label=1,
+ has_default_value=False,
+ default_value=b"".decode("utf-8"),
+ message_type=None,
+ enum_type=None,
+ containing_type=None,
+ is_extension=False,
+ extension_scope=None,
+ serialized_options=None,
+ file=DESCRIPTOR,
+ create_key=_descriptor._internal_create_key,
+ ),
+ ],
+ extensions=[],
+ nested_types=[],
+ enum_types=[],
+ serialized_options=None,
+ is_extendable=False,
+ syntax="proto3",
+ extension_ranges=[],
+ oneofs=[
+ _descriptor.OneofDescriptor(
+ name="in",
+ full_name="google.api.JwtLocation.in",
+ index=0,
+ containing_type=None,
+ create_key=_descriptor._internal_create_key,
+ fields=[],
+ )
+ ],
+ serialized_start=319,
+ serialized_end=395,
 )
 
 
@@ -302,6 +386,25 @@
  file=DESCRIPTOR,
  create_key=_descriptor._internal_create_key,
  ),
+ _descriptor.FieldDescriptor(
+ name="jwt_locations",
+ full_name="google.api.AuthProvider.jwt_locations",
+ index=5,
+ number=6,
+ type=11,
+ cpp_type=10,
+ label=3,
+ has_default_value=False,
+ default_value=[],
+ message_type=None,
+ enum_type=None,
+ containing_type=None,
+ is_extension=False,
+ extension_scope=None,
+ serialized_options=None,
+ file=DESCRIPTOR,
+ create_key=_descriptor._internal_create_key,
+ ),
  ],
  extensions=[],
  nested_types=[],
@@ -311,8 +414,8 @@
  syntax="proto3",
  extension_ranges=[],
  oneofs=[],
- serialized_start=349,
- serialized_end=455,
+ serialized_start=398,
+ serialized_end=552,
 )
 
 
@@ -352,8 +455,8 @@
  syntax="proto3",
  extension_ranges=[],
  oneofs=[],
- serialized_start=457,
- serialized_end=502,
+ serialized_start=554,
+ serialized_end=599,
 )
 
 
@@ -412,16 +515,26 @@
  syntax="proto3",
  extension_ranges=[],
  oneofs=[],
- serialized_start=504,
- serialized_end=561,
+ serialized_start=601,
+ serialized_end=658,
 )
 
 _AUTHENTICATION.fields_by_name["rules"].message_type = _AUTHENTICATIONRULE
 _AUTHENTICATION.fields_by_name["providers"].message_type = _AUTHPROVIDER
 _AUTHENTICATIONRULE.fields_by_name["oauth"].message_type = _OAUTHREQUIREMENTS
 _AUTHENTICATIONRULE.fields_by_name["requirements"].message_type = _AUTHREQUIREMENT
+_JWTLOCATION.oneofs_by_name["in"].fields.append(_JWTLOCATION.fields_by_name["header"])
+_JWTLOCATION.fields_by_name["header"].containing_oneof = _JWTLOCATION.oneofs_by_name[
+ "in"
+]
+_JWTLOCATION.oneofs_by_name["in"].fields.append(_JWTLOCATION.fields_by_name["query"])
+_JWTLOCATION.fields_by_name["query"].containing_oneof = _JWTLOCATION.oneofs_by_name[
+ "in"
+]
+_AUTHPROVIDER.fields_by_name["jwt_locations"].message_type = _JWTLOCATION
 DESCRIPTOR.message_types_by_name["Authentication"] = _AUTHENTICATION
 DESCRIPTOR.message_types_by_name["AuthenticationRule"] = _AUTHENTICATIONRULE
+DESCRIPTOR.message_types_by_name["JwtLocation"] = _JWTLOCATION
 DESCRIPTOR.message_types_by_name["AuthProvider"] = _AUTHPROVIDER
 DESCRIPTOR.message_types_by_name["OAuthRequirements"] = _OAUTHREQUIREMENTS
 DESCRIPTOR.message_types_by_name["AuthRequirement"] = _AUTHREQUIREMENT
@@ -449,6 +562,17 @@
 )
 _sym_db.RegisterMessage(AuthenticationRule)
 
+JwtLocation = _reflection.GeneratedProtocolMessageType(
+ "JwtLocation",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _JWTLOCATION,
+ "__module__": "google.api.auth_pb2"
+ # @@protoc_insertion_point(class_scope:google.api.JwtLocation)
+ },
+)
+_sym_db.RegisterMessage(JwtLocation)
+
 AuthProvider = _reflection.GeneratedProtocolMessageType(
  "AuthProvider",
  (_message.Message,),