diff --git a/stubs/google-auth/METADATA.toml b/stubs/google-auth/METADATA.toml new file mode 100644 index 000000000000..64bc7d2c3868 --- /dev/null +++ b/stubs/google-auth/METADATA.toml @@ -0,0 +1,7 @@ +version = "2.48.*" +upstream-repository = "https://github.com/googleapis/google-auth-library-python" +dependencies = [ + "types-requests", + "types-grpcio", + "cryptography", +] diff --git a/stubs/google-auth/google/__init__.pyi b/stubs/google-auth/google/__init__.pyi new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/stubs/google-auth/google/auth/__init__.pyi b/stubs/google-auth/google/auth/__init__.pyi new file mode 100644 index 000000000000..b9b174e2897b --- /dev/null +++ b/stubs/google-auth/google/auth/__init__.pyi @@ -0,0 +1,9 @@ +from google.auth._default import ( + default as default, + load_credentials_from_dict as load_credentials_from_dict, + load_credentials_from_file as load_credentials_from_file, +) + +__all__ = ["default", "load_credentials_from_file", "load_credentials_from_dict"] + +class Python37DeprecationWarning(DeprecationWarning): ... diff --git a/stubs/google-auth/google/auth/_agent_identity_utils.pyi b/stubs/google-auth/google/auth/_agent_identity_utils.pyi new file mode 100644 index 000000000000..9715580220db --- /dev/null +++ b/stubs/google-auth/google/auth/_agent_identity_utils.pyi @@ -0,0 +1,10 @@ +from typing import Any + +CRYPTOGRAPHY_NOT_FOUND_ERROR: str + +def get_agent_identity_certificate_path() -> str | None: ... +def get_and_parse_agent_identity_certificate() -> Any | None: ... +def parse_certificate(cert_bytes: bytes) -> Any: ... +def calculate_certificate_fingerprint(cert: Any) -> str: ... +def should_request_bound_token(cert: Any) -> bool: ... +def get_cached_cert_fingerprint(cached_cert: bytes | None) -> str: ... diff --git a/stubs/google-auth/google/auth/_cache.pyi b/stubs/google-auth/google/auth/_cache.pyi new file mode 100644 index 000000000000..8b3638f10de0 --- /dev/null +++ b/stubs/google-auth/google/auth/_cache.pyi @@ -0,0 +1,15 @@ +from typing import Hashable, TypeVar + +_Key = TypeVar("_Key", bound=Hashable) +_Value = TypeVar("_Value") + +class LRUCache(dict[_Key, _Value]): + maxsize: int + + def __init__(self, maxsize: int) -> None: ... + def clear(self) -> None: ... + def __getitem__(self, key: _Key) -> _Value: ... + def __setitem__(self, key: _Key, value: _Value) -> None: ... + def __delitem__(self, key: _Key) -> None: ... + def popitem(self) -> tuple[_Key, _Value]: ... + def _update(self, key: _Key) -> None: ... diff --git a/stubs/google-auth/google/auth/_cloud_sdk.pyi b/stubs/google-auth/google/auth/_cloud_sdk.pyi new file mode 100644 index 000000000000..45cf0a3e3b70 --- /dev/null +++ b/stubs/google-auth/google/auth/_cloud_sdk.pyi @@ -0,0 +1,6 @@ +CLOUD_SDK_CLIENT_ID: str + +def get_config_path() -> str: ... +def get_application_default_credentials_path() -> str: ... +def get_project_id() -> str | None: ... +def get_auth_access_token(account: str | None = None) -> str: ... diff --git a/stubs/google-auth/google/auth/_constants.pyi b/stubs/google-auth/google/auth/_constants.pyi new file mode 100644 index 000000000000..1e041fd1be0e --- /dev/null +++ b/stubs/google-auth/google/auth/_constants.pyi @@ -0,0 +1,3 @@ +_SERVICE_ACCOUNT_TRUST_BOUNDARY_LOOKUP_ENDPOINT: str +_WORKFORCE_POOL_TRUST_BOUNDARY_LOOKUP_ENDPOINT: str +_WORKLOAD_IDENTITY_POOL_TRUST_BOUNDARY_LOOKUP_ENDPOINT: str diff --git a/stubs/google-auth/google/auth/_credentials_async.pyi b/stubs/google-auth/google/auth/_credentials_async.pyi new file mode 100644 index 000000000000..bb434f8cedba --- /dev/null +++ b/stubs/google-auth/google/auth/_credentials_async.pyi @@ -0,0 +1,20 @@ +import abc +from typing import Mapping, Sequence + +from google.auth import credentials +from google.auth.transport import Request as _Request + +class Credentials(credentials.Credentials, metaclass=abc.ABCMeta): + async def before_request(self, request: _Request, method: str, url: str, headers: Mapping[str, str]) -> None: ... + +class CredentialsWithQuotaProject(credentials.CredentialsWithQuotaProject, metaclass=abc.ABCMeta): ... + +class AnonymousCredentials(credentials.AnonymousCredentials, Credentials): + async def before_request(self, request: _Request, method: str, url: str, headers: Mapping[str, str]) -> None: ... + +class ReadOnlyScoped(credentials.ReadOnlyScoped, metaclass=abc.ABCMeta): ... +class Scoped(credentials.Scoped, metaclass=abc.ABCMeta): ... + +def with_scopes_if_required(credentials: Credentials, scopes: Sequence[str]) -> Credentials: ... + +class Signing(credentials.Signing, metaclass=abc.ABCMeta): ... diff --git a/stubs/google-auth/google/auth/_credentials_base.pyi b/stubs/google-auth/google/auth/_credentials_base.pyi new file mode 100644 index 000000000000..502a92d7e497 --- /dev/null +++ b/stubs/google-auth/google/auth/_credentials_base.pyi @@ -0,0 +1,12 @@ +import abc +from _typeshed import Incomplete +from typing import Any, Coroutine + +from google.auth.transport import Request as _TransportRequest + +class _BaseCredentials(metaclass=abc.ABCMeta): + token: Incomplete + + def __init__(self) -> None: ... + @abc.abstractmethod + def refresh(self, request: _TransportRequest) -> None | Coroutine[Any, Any, None]: ... diff --git a/stubs/google-auth/google/auth/_default.pyi b/stubs/google-auth/google/auth/_default.pyi new file mode 100644 index 000000000000..08b805aa4e2c --- /dev/null +++ b/stubs/google-auth/google/auth/_default.pyi @@ -0,0 +1,29 @@ +from typing import TYPE_CHECKING, Any, Mapping, Sequence + +from google.auth.credentials import Credentials as Credentials +from google.auth.transport import Request as Request + +if TYPE_CHECKING: + from google.auth.api_key import Credentials as _ApiKeyCredentials + +def load_credentials_from_file( + filename: str, + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + quota_project_id: str | None = None, + request: Request | None = None, +) -> tuple[Credentials, str | None]: ... +def load_credentials_from_dict( + info: Mapping[str, Any], + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + quota_project_id: str | None = None, + request: Request | None = None, +) -> tuple[Credentials, str | None]: ... +def get_api_key_credentials(key: str) -> _ApiKeyCredentials: ... +def default( + scopes: Sequence[str] | None = None, + request: Request | None = None, + quota_project_id: str | None = None, + default_scopes: Sequence[str] | None = None, +) -> tuple[Credentials, str | None]: ... diff --git a/stubs/google-auth/google/auth/_default_async.pyi b/stubs/google-auth/google/auth/_default_async.pyi new file mode 100644 index 000000000000..80ad214ea79f --- /dev/null +++ b/stubs/google-auth/google/auth/_default_async.pyi @@ -0,0 +1,11 @@ +from typing import Sequence + +from google.auth.credentials import Credentials as Credentials +from google.auth.transport import Request as _Request + +def load_credentials_from_file( + filename: str, scopes: Sequence[str] | None = None, quota_project_id: str | None = None +) -> tuple[Credentials, str | None]: ... +def default_async( + scopes: Sequence[str] | None = None, request: _Request | None = None, quota_project_id: str | None = None +) -> tuple[Credentials, str | None]: ... diff --git a/stubs/google-auth/google/auth/_exponential_backoff.pyi b/stubs/google-auth/google/auth/_exponential_backoff.pyi new file mode 100644 index 000000000000..e15bebae5b89 --- /dev/null +++ b/stubs/google-auth/google/auth/_exponential_backoff.pyi @@ -0,0 +1,22 @@ +class _BaseExponentialBackoff: + def __init__( + self, + total_attempts: int = 3, + initial_wait_seconds: float = 1.0, + randomization_factor: float = 0.1, + multiplier: float = 2.0, + ) -> None: ... + @property + def total_attempts(self) -> int: ... + @property + def backoff_count(self) -> int: ... + +class ExponentialBackoff(_BaseExponentialBackoff): + def __init__(self, *args: object, **kwargs: object) -> None: ... + def __iter__(self) -> ExponentialBackoff: ... + def __next__(self) -> int: ... + +class AsyncExponentialBackoff(_BaseExponentialBackoff): + def __init__(self, *args: object, **kwargs: object) -> None: ... + def __aiter__(self) -> AsyncExponentialBackoff: ... + async def __anext__(self) -> int: ... diff --git a/stubs/google-auth/google/auth/_helpers.pyi b/stubs/google-auth/google/auth/_helpers.pyi new file mode 100644 index 000000000000..c4707aabf189 --- /dev/null +++ b/stubs/google-auth/google/auth/_helpers.pyi @@ -0,0 +1,23 @@ +import datetime +import logging +from typing import Any, Callable, Mapping, Sequence + +REFRESH_THRESHOLD: datetime.timedelta + +def copy_docstring(source_class: type) -> Callable[[Any], Any]: ... +def parse_content_type(header_value: str) -> str: ... +def utcnow() -> datetime.datetime: ... +def utcfromtimestamp(timestamp: float) -> datetime.datetime: ... +def datetime_to_secs(value: datetime.datetime) -> int: ... +def to_bytes(value: str | bytes, encoding: str = "utf-8") -> bytes: ... +def from_bytes(value: str | bytes) -> str: ... +def update_query(url: str, params: Mapping[str, str], remove: Sequence[str] | None = None) -> str: ... +def scopes_to_string(scopes: Sequence[str]) -> str: ... +def string_to_scopes(scopes: Sequence[str] | str) -> list[str]: ... +def padded_urlsafe_b64decode(value: str | bytes) -> bytes: ... +def unpadded_urlsafe_b64encode(value: str | bytes) -> str | bytes: ... +def get_bool_from_env(variable_name: str, default: bool = False) -> bool: ... +def is_python_3() -> bool: ... +def is_logging_enabled(logger: logging.Logger) -> bool: ... +def request_log(logger: logging.Logger, method: str, url: str, body: bytes | None, headers: Mapping[str, str] | None) -> None: ... +def response_log(logger: logging.Logger, response: Any) -> None: ... diff --git a/stubs/google-auth/google/auth/_jwt_async.pyi b/stubs/google-auth/google/auth/_jwt_async.pyi new file mode 100644 index 000000000000..0328e2d7f1b7 --- /dev/null +++ b/stubs/google-auth/google/auth/_jwt_async.pyi @@ -0,0 +1,84 @@ +from typing import Any, Mapping + +from google.auth import _credentials_async, jwt +from google.auth.credentials import Signing +from google.auth.crypt import Signer as _Signer +from google.auth.transport import Request as _Request + +_DEFAULT_TOKEN_LIFETIME_SECS: int +_DEFAULT_MAX_CACHE_SIZE: int +_ALGORITHM_TO_VERIFIER_CLASS: dict[str, type] +_CRYPTOGRAPHY_BASED_ALGORITHMS: frozenset[str] + +def encode( + signer: _Signer, payload: Mapping[str, str], header: Mapping[str, str] | None = None, key_id: str | None = None +) -> bytes: ... +def _decode_jwt_segment(encoded_section: bytes) -> Mapping[str, Any]: ... +def _unverified_decode(token: str | bytes) -> tuple[Mapping[str, Any], Mapping[str, Any], bytes, bytes]: ... +def decode_header(token: str | bytes) -> Mapping[str, Any]: ... +def _verify_iat_and_exp(payload: Mapping[str, str], clock_skew_in_seconds: int = 0) -> None: ... +def decode( + token: str, + certs: str | bytes | Mapping[str, str | bytes] | None = None, + verify: bool = True, + audience: str | list[str] | None = None, + clock_skew_in_seconds: int = 0, +) -> Mapping[str, Any]: ... + +class Credentials(jwt.Credentials, _credentials_async.Credentials): + expiry: Any + + def __init__( + self, + signer: _Signer, + issuer: str, + subject: str, + audience: str, + additional_claims: Mapping[str, str] | None = None, + token_lifetime: int = ..., + quota_project_id: str | None = None, + ) -> None: ... + @classmethod + def _from_signer_and_info(cls, signer: _Signer, info: Mapping[str, str], **kwargs: Any) -> Credentials: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str], **kwargs: Any) -> Credentials: ... + @classmethod + def from_service_account_file(cls, filename: str, **kwargs: Any) -> Credentials: ... + @classmethod + def from_signing_credentials(cls, credentials: Signing, audience: str, **kwargs: Any) -> Credentials: ... + def with_claims( + self, + issuer: str | None = None, + subject: str | None = None, + audience: str | None = None, + additional_claims: Mapping[str, str] | None = None, + ) -> Credentials: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def refresh(self, request: Any) -> None: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer_email(self) -> str: ... + @property + def signer(self) -> _Signer: ... + @property + def additional_claims(self) -> Mapping[str, str]: ... + +class OnDemandCredentials(jwt.OnDemandCredentials, _credentials_async.Credentials): + """On-demand JWT credentials. + + Like :class:`Credentials`, this class uses a JWT as the bearer token for + authentication. However, this class does not require the audience at + construction time. Instead, it will generate a new token on-demand for + each request using the request URI as the audience. It caches tokens + so that multiple requests to the same URI do not incur the overhead + of generating a new token every time. + + This behavior is especially useful for `gRPC`_ clients. A gRPC service may + have multiple audience and gRPC clients may not know all of the audiences + required for accessing a particular service. With these credentials, + no knowledge of the audiences is required ahead of time. + + .. _grpc: http://www.grpc.io/ + """ + + async def before_request(self, request: _Request, method: str, url: str, headers: Mapping[str, str]) -> None: ... diff --git a/stubs/google-auth/google/auth/_oauth2client.pyi b/stubs/google-auth/google/auth/_oauth2client.pyi new file mode 100644 index 000000000000..7a46b956e31b --- /dev/null +++ b/stubs/google-auth/google/auth/_oauth2client.pyi @@ -0,0 +1,3 @@ +from typing import Any + +def convert(credentials: Any) -> Any: ... diff --git a/stubs/google-auth/google/auth/_refresh_worker.pyi b/stubs/google-auth/google/auth/_refresh_worker.pyi new file mode 100644 index 000000000000..d2f3b317d0c5 --- /dev/null +++ b/stubs/google-auth/google/auth/_refresh_worker.pyi @@ -0,0 +1,11 @@ +import threading +from typing import Any + +class RefreshThreadManager: + def __init__(self) -> None: ... + def start_refresh(self, cred: Any, request: Any) -> bool: ... + def clear_error(self) -> None: ... + +class RefreshThread(threading.Thread): + def __init__(self, cred: Any, request: Any, **kwargs: Any) -> None: ... + def run(self) -> None: ... diff --git a/stubs/google-auth/google/auth/_service_account_info.pyi b/stubs/google-auth/google/auth/_service_account_info.pyi new file mode 100644 index 000000000000..a426dfa94d4d --- /dev/null +++ b/stubs/google-auth/google/auth/_service_account_info.pyi @@ -0,0 +1,8 @@ +from typing import Mapping, Sequence + +from google.auth import crypt as _crypt + +def from_dict(data: Mapping[str, str], require: Sequence[str] | None = None, use_rsa_signer: bool = True) -> _crypt.Signer: ... +def from_filename( + filename: str, require: Sequence[str] | None = None, use_rsa_signer: bool = True +) -> tuple[Mapping[str, str], _crypt.Signer]: ... diff --git a/stubs/google-auth/google/auth/aio/__init__.pyi b/stubs/google-auth/google/auth/aio/__init__.pyi new file mode 100644 index 000000000000..bda5b5a7f4cc --- /dev/null +++ b/stubs/google-auth/google/auth/aio/__init__.pyi @@ -0,0 +1 @@ +__version__: str diff --git a/stubs/google-auth/google/auth/aio/_helpers.pyi b/stubs/google-auth/google/auth/aio/_helpers.pyi new file mode 100644 index 000000000000..672ac9f8952f --- /dev/null +++ b/stubs/google-auth/google/auth/aio/_helpers.pyi @@ -0,0 +1,4 @@ +import logging +from typing import Any + +async def response_log_async(logger: logging.Logger, response: Any) -> None: ... diff --git a/stubs/google-auth/google/auth/aio/credentials.pyi b/stubs/google-auth/google/auth/aio/credentials.pyi new file mode 100644 index 000000000000..41f617b847c3 --- /dev/null +++ b/stubs/google-auth/google/auth/aio/credentials.pyi @@ -0,0 +1,23 @@ +from _typeshed import Incomplete +from typing import Mapping + +from google.auth._credentials_base import _BaseCredentials +from google.auth.transport import Request as _TransportRequest + +class Credentials(_BaseCredentials): + def __init__(self) -> None: ... + async def apply(self, headers: Mapping[str, str], token: str | None = None) -> None: ... + async def refresh(self, request: _TransportRequest) -> None: ... + async def before_request(self, request: _TransportRequest, method: str, url: str, headers: Mapping[str, str]) -> None: ... + +class StaticCredentials(Credentials): + token: Incomplete + + def __init__(self, token: str) -> None: ... + async def refresh(self, request: _TransportRequest) -> None: ... + async def before_request(self, request: _TransportRequest, method: str, url: str, headers: Mapping[str, str]) -> None: ... + +class AnonymousCredentials(Credentials): + async def refresh(self, request: _TransportRequest) -> None: ... + async def apply(self, headers: Mapping[str, str], token: str | None = None) -> None: ... + async def before_request(self, request: _TransportRequest, method: str, url: str, headers: Mapping[str, str]) -> None: ... diff --git a/stubs/google-auth/google/auth/aio/transport/__init__.pyi b/stubs/google-auth/google/auth/aio/transport/__init__.pyi new file mode 100644 index 000000000000..1197e226a62e --- /dev/null +++ b/stubs/google-auth/google/auth/aio/transport/__init__.pyi @@ -0,0 +1,26 @@ +import abc +from typing import Any, AsyncGenerator, Mapping, Sequence + +DEFAULT_RETRYABLE_STATUS_CODES: Sequence[int] +DEFAULT_MAX_RETRY_ATTEMPTS: int + +class Response(metaclass=abc.ABCMeta): + @property + @abc.abstractmethod + def status_code(self) -> int: ... + @property + @abc.abstractmethod + def headers(self) -> Mapping[str, str]: ... + @abc.abstractmethod + async def content(self, chunk_size: int) -> AsyncGenerator[bytes]: ... + @abc.abstractmethod + async def read(self) -> bytes: ... + @abc.abstractmethod + async def close(self) -> None: ... + +class Request(metaclass=abc.ABCMeta): + @abc.abstractmethod + async def __call__( + self, url: str, method: str, body: bytes | None, headers: Mapping[str, str] | None, timeout: float, **kwargs: Any + ) -> Response: ... + async def close(self) -> None: ... diff --git a/stubs/google-auth/google/auth/aio/transport/aiohttp.pyi b/stubs/google-auth/google/auth/aio/transport/aiohttp.pyi new file mode 100644 index 000000000000..2bedc42f6519 --- /dev/null +++ b/stubs/google-auth/google/auth/aio/transport/aiohttp.pyi @@ -0,0 +1,29 @@ +from typing import Any, AsyncGenerator, Mapping + +from google.auth.aio import transport + +ClientTimeout = Any + +class Response(transport.Response): + def __init__(self, response: Any) -> None: ... + @property + def status_code(self) -> int: ... + @property + def headers(self) -> Mapping[str, str]: ... + async def content(self, chunk_size: int = 1024) -> AsyncGenerator[bytes]: ... + async def read(self) -> bytes: ... + async def close(self) -> None: ... + +class Request(transport.Request): + def __init__(self, session: Any | None = None) -> None: ... + async def __call__( + self, + url: str, + method: str = "GET", + body: bytes | None = None, + headers: Mapping[str, str] | None = None, + timeout: float | ClientTimeout = ..., + *args: Any, + **kwargs: Any, + ) -> transport.Response: ... + async def close(self) -> None: ... diff --git a/stubs/google-auth/google/auth/aio/transport/mtls.pyi b/stubs/google-auth/google/auth/aio/transport/mtls.pyi new file mode 100644 index 000000000000..156572e84eae --- /dev/null +++ b/stubs/google-auth/google/auth/aio/transport/mtls.pyi @@ -0,0 +1,11 @@ +import ssl +from typing import Callable + +def make_client_cert_ssl_context(cert_bytes: bytes, key_bytes: bytes, passphrase: bytes | None = None) -> ssl.SSLContext: ... +def default_client_cert_source() -> Callable[[], tuple[bytes, bytes]]: ... +async def get_client_ssl_credentials( + certificate_config_path: str | None = None, +) -> tuple[bool, bytes | None, bytes | None, bytes | None]: ... +async def get_client_cert_and_key( + client_cert_callback: Callable[[], tuple[bytes, bytes]] | None = None, +) -> tuple[bool, bytes | None, bytes | None]: ... diff --git a/stubs/google-auth/google/auth/aio/transport/sessions.pyi b/stubs/google-auth/google/auth/aio/transport/sessions.pyi new file mode 100644 index 000000000000..4b9801489686 --- /dev/null +++ b/stubs/google-auth/google/auth/aio/transport/sessions.pyi @@ -0,0 +1,80 @@ +from contextlib import asynccontextmanager +from typing import Any, AsyncGenerator, Callable, Mapping + +from google.auth.aio import transport +from google.auth.aio.credentials import Credentials + +class ClientTimeout: ... + +AIOHTTP_INSTALLED: bool + +@asynccontextmanager +def timeout_guard(timeout: float) -> AsyncGenerator[Any]: ... + +class AsyncAuthorizedSession: + def __init__(self, credentials: Credentials, auth_request: transport.Request | None = None) -> None: ... + async def configure_mtls_channel(self, client_cert_callback: Callable[[], tuple[bytes, bytes]] | None = None) -> None: ... + async def request( + self, + method: str, + url: str, + data: bytes | None = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float = ..., + timeout: float | ClientTimeout = ..., + total_attempts: int | None = ..., + **kwargs: Any, + ) -> transport.Response: ... + async def get( + self, + url: str, + data: bytes | None = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float = ..., + timeout: float | ClientTimeout = ..., + total_attempts: int | None = ..., + **kwargs: Any, + ) -> transport.Response: ... + async def post( + self, + url: str, + data: bytes | None = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float = ..., + timeout: float | ClientTimeout = ..., + total_attempts: int | None = ..., + **kwargs: Any, + ) -> transport.Response: ... + async def put( + self, + url: str, + data: bytes | None = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float = ..., + timeout: float | ClientTimeout = ..., + total_attempts: int | None = ..., + **kwargs: Any, + ) -> transport.Response: ... + async def patch( + self, + url: str, + data: bytes | None = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float = ..., + timeout: float | ClientTimeout = ..., + total_attempts: int | None = ..., + **kwargs: Any, + ) -> transport.Response: ... + async def delete( + self, + url: str, + data: bytes | None = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float = ..., + timeout: float | ClientTimeout = ..., + total_attempts: int | None = ..., + **kwargs: Any, + ) -> transport.Response: ... + @property + def is_mtls(self) -> bool: ... + async def close(self) -> None: ... diff --git a/stubs/google-auth/google/auth/api_key.pyi b/stubs/google-auth/google/auth/api_key.pyi new file mode 100644 index 000000000000..91bd9bb00da1 --- /dev/null +++ b/stubs/google-auth/google/auth/api_key.pyi @@ -0,0 +1,20 @@ +from typing import Mapping + +import google +import google.auth +import google.auth.transport +from google.auth import credentials + +class Credentials(credentials.Credentials): + token: str + + def __init__(self, token: str) -> None: ... + @property + def expired(self) -> bool: ... + @property + def valid(self) -> bool: ... + def refresh(self, request: google.auth.transport.Request) -> None: ... + def apply(self, headers: Mapping[str, str], token: str | None = None) -> None: ... + def before_request( + self, request: google.auth.transport.Request, method: str, url: str, headers: Mapping[str, str] + ) -> None: ... diff --git a/stubs/google-auth/google/auth/app_engine.pyi b/stubs/google-auth/google/auth/app_engine.pyi new file mode 100644 index 000000000000..91daa741452c --- /dev/null +++ b/stubs/google-auth/google/auth/app_engine.pyi @@ -0,0 +1,35 @@ +from typing import Sequence + +import google +import google.auth +import google.auth.transport +from google.auth import credentials +from google.auth.crypt import base + +class Signer(base.Signer): + @property + def key_id(self) -> str: ... + def sign(self, message: str | bytes) -> bytes: ... + +def get_project_id() -> str: ... + +class Credentials(credentials.Scoped, credentials.Signing, credentials.CredentialsWithQuotaProject): + def __init__( + self, + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + service_account_id: str | None = None, + quota_project_id: str | None = None, + ) -> None: ... + def refresh(self, request: google.auth.transport.Request) -> None: ... + @property + def service_account_email(self) -> str: ... + @property + def requires_scopes(self) -> bool: ... + def with_scopes(self, scopes: Sequence[str], default_scopes: Sequence[str] | None = None) -> Credentials: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer_email(self) -> str: ... + @property + def signer(self) -> Signer: ... diff --git a/stubs/google-auth/google/auth/aws.pyi b/stubs/google-auth/google/auth/aws.pyi new file mode 100644 index 000000000000..164f74137839 --- /dev/null +++ b/stubs/google-auth/google/auth/aws.pyi @@ -0,0 +1,50 @@ +import abc +from dataclasses import dataclass +from typing import Any, Mapping + +from google.auth import external_account + +@dataclass +class AwsSecurityCredentials: + access_key_id: str + secret_access_key: str + session_token: str | None = None + +class RequestSigner: + def __init__(self, region_name: str) -> None: ... + def get_request_options( + self, + aws_security_credentials: AwsSecurityCredentials, + url: str, + method: str, + request_payload: str = "", + additional_headers: Mapping[str, str] | None = None, + ) -> Mapping[str, str]: ... + +class AwsSecurityCredentialsSupplier(metaclass=abc.ABCMeta): + @abc.abstractmethod + def get_aws_security_credentials(self, context: Any, request: Any) -> AwsSecurityCredentials: ... + @abc.abstractmethod + def get_aws_region(self, context: Any, request: Any) -> str: ... + +class _DefaultAwsSecurityCredentialsSupplier(AwsSecurityCredentialsSupplier): + def __init__(self, credential_source: Mapping[str, Any]) -> None: ... + def get_aws_security_credentials(self, context: Any, request: Any) -> AwsSecurityCredentials: ... + def get_aws_region(self, context: Any, request: Any) -> str: ... + +class Credentials(external_account.Credentials, metaclass=abc.ABCMeta): + def __init__( + self, + audience: str, + subject_token_type: str, + token_url: str = "https://sts.googleapis.com/v1/token", + credential_source: Mapping[str, Any] | None = None, + aws_security_credentials_supplier: AwsSecurityCredentialsSupplier | None = None, + *args: Any, + **kwargs: Any, + ) -> None: ... + def retrieve_subject_token(self, request: Any) -> str: ... + @classmethod + def from_info(cls, info: Mapping[str, Any], **kwargs: Any) -> Credentials: ... + @classmethod + def from_file(cls, filename: str, **kwargs: Any) -> Credentials: ... diff --git a/stubs/google-auth/google/auth/compute_engine/__init__.pyi b/stubs/google-auth/google/auth/compute_engine/__init__.pyi new file mode 100644 index 000000000000..802fc05fc37a --- /dev/null +++ b/stubs/google-auth/google/auth/compute_engine/__init__.pyi @@ -0,0 +1,4 @@ +from google.auth.compute_engine._metadata import detect_gce_residency_linux as detect_gce_residency_linux +from google.auth.compute_engine.credentials import Credentials as Credentials, IDTokenCredentials as IDTokenCredentials + +__all__ = ["Credentials", "IDTokenCredentials", "detect_gce_residency_linux"] diff --git a/stubs/google-auth/google/auth/compute_engine/_metadata.pyi b/stubs/google-auth/google/auth/compute_engine/_metadata.pyi new file mode 100644 index 000000000000..3e8228e746f4 --- /dev/null +++ b/stubs/google-auth/google/auth/compute_engine/_metadata.pyi @@ -0,0 +1,25 @@ +import datetime +from typing import Any, Mapping + +from google.auth.transport import Request as _Request + +def is_on_gce(request: _Request) -> bool: ... +def detect_gce_residency_linux() -> bool: ... +def ping(request: _Request, timeout: int = 3, retry_count: int = 3) -> bool: ... +def get( + request: _Request, + path: str, + root: str | None = None, + params: Mapping[str, str] | None = None, + recursive: bool = False, + retry_count: int = 5, + headers: Mapping[str, str] | None = None, + return_none_for_not_found_error: bool = False, + timeout: int = 3, +) -> Mapping[str, Any] | str: ... +def get_project_id(request: _Request) -> str | None: ... +def get_universe_domain(request: _Request) -> str: ... +def get_service_account_info(request: _Request, service_account: str = "default") -> Mapping[str, Any]: ... +def get_service_account_token( + request: _Request, service_account: str = "default", scopes: str | list[str] | None = None +) -> tuple[str, datetime.datetime]: ... diff --git a/stubs/google-auth/google/auth/compute_engine/_mtls.pyi b/stubs/google-auth/google/auth/compute_engine/_mtls.pyi new file mode 100644 index 000000000000..ee88dd850c95 --- /dev/null +++ b/stubs/google-auth/google/auth/compute_engine/_mtls.pyi @@ -0,0 +1,45 @@ +import enum +import ssl +from dataclasses import dataclass +from pathlib import Path +from typing import Any, Mapping + +from requests import PreparedRequest, Response +from requests.adapters import HTTPAdapter + +@dataclass +class MdsMtlsConfig: + ca_cert_path: Path = ... + client_combined_cert_path: Path = ... + +class MdsMtlsMode(enum.Enum): + """MDS mTLS mode. Used to configure connection behavior when connecting to MDS. + + STRICT: Always use HTTPS/mTLS. If certificates are not found locally, an error will be returned. + NONE: Never use mTLS. Requests will use regular HTTP. + DEFAULT: Use mTLS if certificates are found locally, otherwise use regular HTTP. + """ + + STRICT = "strict" + NONE = "none" + DEFAULT = "default" + +def _get_mds_root_crt_path() -> Path: ... +def _get_mds_client_combined_cert_path() -> Path: ... +def should_use_mds_mtls(mds_mtls_config: MdsMtlsConfig = MdsMtlsConfig()) -> bool: ... + +class MdsMtlsAdapter(HTTPAdapter): + ssl_context: ssl.SSLContext + + def __init__(self, mds_mtls_config: MdsMtlsConfig = MdsMtlsConfig(), *args: Any, **kwargs: Any) -> None: ... + def init_poolmanager(self, *args: Any, **kwargs: Any) -> None: ... + def proxy_manager_for(self, *args: Any, **kwargs: Any) -> None: ... + def send( + self, + request: PreparedRequest, + stream: bool = ..., + timeout: float | tuple[float, float] | tuple[float, None] | None = ..., + verify: bool | str = ..., + cert: bytes | str | tuple[bytes | str, bytes | str] | None = ..., + proxies: Mapping[str, str] | None = ..., + ) -> Response: ... diff --git a/stubs/google-auth/google/auth/compute_engine/credentials.pyi b/stubs/google-auth/google/auth/compute_engine/credentials.pyi new file mode 100644 index 000000000000..cedf93424ad8 --- /dev/null +++ b/stubs/google-auth/google/auth/compute_engine/credentials.pyi @@ -0,0 +1,84 @@ +from _typeshed import Incomplete +from typing import Any, Mapping, Sequence + +import google +import google.auth +import google.auth.crypt +import google.auth.transport +from google.auth import credentials + +_TRUST_BOUNDARY_LOOKUP_ENDPOINT = "https://iamcredentials.{}/v1/projects/-/serviceAccounts/{}/allowedLocations" + +class Credentials( + credentials.Scoped, + credentials.CredentialsWithQuotaProject, + credentials.CredentialsWithUniverseDomain, + credentials.CredentialsWithTrustBoundary, +): + """Compute Engine Credentials. + + These credentials use the Google Compute Engine metadata server to obtain + OAuth 2.0 access tokens associated with the instance's service account, + and are also used for Cloud Run, Flex and App Engine (except for the Python + 2.7 runtime, which is supported only on older versions of this library). + + For more information about Compute Engine authentication, including how + to configure scopes, see the `Compute Engine authentication + documentation`_. + + .. note:: On Compute Engine the metadata server ignores requested scopes. + On Cloud Run, Flex and App Engine the server honours requested scopes. + + .. _Compute Engine authentication documentation: + https://cloud.google.com/compute/docs/authentication#using + """ + + def __init__( + self, + service_account_email: str = "default", + quota_project_id: str | None = None, + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + universe_domain: str | None = None, + trust_boundary: Mapping[str, str] | None = None, + ) -> None: ... + @property + def service_account_email(self) -> str: ... + @property + def requires_scopes(self) -> bool: ... + @property + def universe_domain(self) -> str: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_scopes(self, scopes: Sequence[str], default_scopes: Sequence[str] | None = None) -> Credentials: ... + def with_universe_domain(self, universe_domain: str | None) -> Credentials: ... + def with_trust_boundary(self, trust_boundary: Mapping[str, str]) -> Credentials: ... + def _build_trust_boundary_lookup_url(self) -> str: ... + def _perform_refresh_token(self, request: google.auth.transport.Request) -> None: ... + +class IDTokenCredentials(credentials.CredentialsWithQuotaProject, credentials.Signing, credentials.CredentialsWithTokenUri): + def __init__( + self, + request: google.auth.transport.Request, + target_audience: str | None = None, + token_uri: str | None = None, + additional_claims: Mapping[str, str] | None = None, + service_account_email: str | None = None, + signer: google.auth.crypt.Signer | None = None, + use_metadata_identity_endpoint: bool = False, + quota_project_id: str | None = None, + ) -> None: ... + def with_target_audience(self, target_audience: str) -> IDTokenCredentials: ... + def with_quota_project(self, quota_project_id: str | None) -> IDTokenCredentials: ... + def with_token_uri(self, token_uri: str) -> IDTokenCredentials: ... + token: Incomplete + expiry: Incomplete + + def refresh(self, request: google.auth.transport.Request) -> None: ... + @property + def signer(self) -> Any: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def service_account_email(self) -> str: ... + @property + def signer_email(self) -> str: ... diff --git a/stubs/google-auth/google/auth/credentials.pyi b/stubs/google-auth/google/auth/credentials.pyi new file mode 100644 index 000000000000..2eba333b698f --- /dev/null +++ b/stubs/google-auth/google/auth/credentials.pyi @@ -0,0 +1,97 @@ +import abc +from _typeshed import Incomplete +from enum import Enum +from typing import Any, Coroutine, Mapping, Sequence + +from google.auth._credentials_base import _BaseCredentials +from google.auth.crypt import Signer as _Signer +from google.auth.transport import Request as _TransportRequest + +DEFAULT_UNIVERSE_DOMAIN: str +NO_OP_TRUST_BOUNDARY_LOCATIONS: list[str] +NO_OP_TRUST_BOUNDARY_ENCODED_LOCATIONS: str + +class Credentials(_BaseCredentials, metaclass=abc.ABCMeta): + expiry: Incomplete + + def __init__(self) -> None: ... + @property + def expired(self) -> bool: ... + @property + def valid(self) -> bool: ... + @property + def token_state(self) -> TokenState: ... + @property + def quota_project_id(self) -> str | None: ... + @property + def universe_domain(self) -> str: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + @abc.abstractmethod + def refresh(self, request: _TransportRequest) -> None | Coroutine[Any, Any, None]: ... + def apply(self, headers: Mapping[str, str], token: str | None = None) -> None: ... + def before_request( + self, request: _TransportRequest, method: str, url: str, headers: Mapping[str, str] + ) -> None | Coroutine[Any, Any, None]: ... + def with_non_blocking_refresh(self) -> None: ... + +class CredentialsWithQuotaProject(Credentials, metaclass=abc.ABCMeta): + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_quota_project_from_environment(self) -> Credentials: ... + +class CredentialsWithTokenUri(Credentials, metaclass=abc.ABCMeta): + def with_token_uri(self, token_uri: str) -> Credentials: ... + +class CredentialsWithUniverseDomain(Credentials, metaclass=abc.ABCMeta): + def with_universe_domain(self, universe_domain: str) -> Credentials: ... + +class CredentialsWithTrustBoundary(Credentials, metaclass=abc.ABCMeta): + @abc.abstractmethod + def _perform_refresh_token(self, request: _TransportRequest) -> None: ... + def with_trust_boundary(self, trust_boundary: Mapping[str, str]) -> Credentials: ... + def apply(self, headers: Mapping[str, str], token: str | None = None) -> None: ... + def refresh(self, request: _TransportRequest) -> None | Coroutine[Any, Any, None]: ... + +class AnonymousCredentials(Credentials): + @property + def expired(self) -> bool: ... + @property + def valid(self) -> bool: ... + def refresh(self, request: _TransportRequest) -> None: ... + def apply(self, headers: Mapping[str, str], token: str | None = None) -> None: ... + def before_request( + self, request: _TransportRequest, method: str, url: str, headers: Mapping[str, str] + ) -> None | Coroutine[Any, Any, None]: ... + +class ReadOnlyScoped(metaclass=abc.ABCMeta): + def __init__(self) -> None: ... + @property + def scopes(self) -> Sequence[str] | None: ... + @property + def default_scopes(self) -> Sequence[str] | None: ... + @property + @abc.abstractmethod + def requires_scopes(self) -> bool: ... + def has_scopes(self, scopes: Sequence[str]) -> bool: ... + +class Scoped(ReadOnlyScoped, metaclass=abc.ABCMeta): + @abc.abstractmethod + def with_scopes(self, scopes: Sequence[str], default_scopes: Sequence[str] | None = None) -> Scoped: ... + +def with_scopes_if_required( + credentials: Credentials, scopes: Sequence[str], default_scopes: Sequence[str] | None = None +) -> Credentials: ... + +class Signing(metaclass=abc.ABCMeta): + @abc.abstractmethod + def sign_bytes(self, message: bytes) -> bytes: ... + @property + @abc.abstractmethod + def signer_email(self) -> str: ... + @property + @abc.abstractmethod + def signer(self) -> _Signer: ... + +class TokenState(Enum): + FRESH = 1 + STALE = 2 + INVALID = 3 diff --git a/stubs/google-auth/google/auth/crypt/__init__.pyi b/stubs/google-auth/google/auth/crypt/__init__.pyi new file mode 100644 index 000000000000..5df5573c49ca --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/__init__.pyi @@ -0,0 +1,12 @@ +from _typeshed import Incomplete + +__all__ = ["EsSigner", "EsVerifier", "ES256Signer", "ES256Verifier", "RSASigner", "RSAVerifier", "Signer", "Verifier"] + +EsSigner: Incomplete +EsVerifier: Incomplete +ES256Signer: Incomplete +ES256Verifier: Incomplete +Signer: Incomplete +Verifier: Incomplete +RSASigner: Incomplete +RSAVerifier: Incomplete diff --git a/stubs/google-auth/google/auth/crypt/_cryptography_rsa.pyi b/stubs/google-auth/google/auth/crypt/_cryptography_rsa.pyi new file mode 100644 index 000000000000..3715adc2dd19 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/_cryptography_rsa.pyi @@ -0,0 +1,17 @@ +from typing import Any + +from google.auth.crypt import base + +class RSAVerifier(base.Verifier): + def __init__(self, public_key: Any) -> None: ... + def verify(self, message: Any, signature: Any) -> bool: ... + @classmethod + def from_string(cls, public_key: Any) -> RSAVerifier: ... + +class RSASigner(base.Signer, base.FromServiceAccountMixin): + def __init__(self, private_key: Any, key_id: str | None = None) -> None: ... + @property + def key_id(self) -> str: ... + def sign(self, message: Any) -> bytes: ... + @classmethod + def from_string(cls, key: Any, key_id: str | None = None) -> RSASigner: ... diff --git a/stubs/google-auth/google/auth/crypt/_helpers.pyi b/stubs/google-auth/google/auth/crypt/_helpers.pyi new file mode 100644 index 000000000000..862577467da2 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/_helpers.pyi @@ -0,0 +1,32 @@ +"""Transport adapter for Base Requests typing stubs.""" + +import abc +from typing import Any + +_DEFAULT_TIMEOUT: int = 120 # in seconds + +class _BaseAuthorizedSession(metaclass=abc.ABCMeta): + """Base class for a Request Session with credentials. This class is intended to capture + the common logic between synchronous and asynchronous request sessions and is not intended to + be instantiated directly. + + Args: + credentials (object): The credentials to add to the request. + """ + + credentials: Any + + def __init__(self, credentials: Any) -> None: ... + @abc.abstractmethod + def request( + self, + method: str, + url: str, + data: Any = None, + headers: Any = None, + max_allowed_time: Any = None, + timeout: int = _DEFAULT_TIMEOUT, + **kwargs: Any, + ) -> Any: ... + @abc.abstractmethod + def close(self) -> None: ... diff --git a/stubs/google-auth/google/auth/crypt/_python_rsa.pyi b/stubs/google-auth/google/auth/crypt/_python_rsa.pyi new file mode 100644 index 000000000000..3715adc2dd19 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/_python_rsa.pyi @@ -0,0 +1,17 @@ +from typing import Any + +from google.auth.crypt import base + +class RSAVerifier(base.Verifier): + def __init__(self, public_key: Any) -> None: ... + def verify(self, message: Any, signature: Any) -> bool: ... + @classmethod + def from_string(cls, public_key: Any) -> RSAVerifier: ... + +class RSASigner(base.Signer, base.FromServiceAccountMixin): + def __init__(self, private_key: Any, key_id: str | None = None) -> None: ... + @property + def key_id(self) -> str: ... + def sign(self, message: Any) -> bytes: ... + @classmethod + def from_string(cls, key: Any, key_id: str | None = None) -> RSASigner: ... diff --git a/stubs/google-auth/google/auth/crypt/base.pyi b/stubs/google-auth/google/auth/crypt/base.pyi new file mode 100644 index 000000000000..6b89c6314041 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/base.pyi @@ -0,0 +1,22 @@ +import abc +from typing import Mapping + +class Verifier(metaclass=abc.ABCMeta): + @abc.abstractmethod + def verify(self, message: str | bytes, signature: str | bytes) -> bool: ... + +class Signer(metaclass=abc.ABCMeta): + @property + @abc.abstractmethod + def key_id(self) -> str: ... + @abc.abstractmethod + def sign(self, message: str | bytes) -> bytes: ... + +class FromServiceAccountMixin(metaclass=abc.ABCMeta): + @classmethod + @abc.abstractmethod + def from_string(cls, key: str, key_id: str | None = None) -> Signer: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str]) -> Signer: ... + @classmethod + def from_service_account_file(cls, filename: str) -> Signer: ... diff --git a/stubs/google-auth/google/auth/crypt/es.pyi b/stubs/google-auth/google/auth/crypt/es.pyi new file mode 100644 index 000000000000..f4e29b3542f1 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/es.pyi @@ -0,0 +1,36 @@ +from dataclasses import dataclass + +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ec +from google.auth.crypt import base + +@dataclass +class _ESAttributes: + rs_size: int + sha_algo: hashes.HashAlgorithm + algorithm: str + + @classmethod + def from_key(cls, key: ec.EllipticCurvePublicKey | ec.EllipticCurvePrivateKey) -> _ESAttributes: ... + @classmethod + def from_curve(cls, curve: ec.EllipticCurve) -> _ESAttributes: ... + +class EsVerifier(base.Verifier): + """Verifies ECDSA cryptographic signatures using public keys.""" + + def __init__(self, public_key: ec.EllipticCurvePublicKey) -> None: ... + def verify(self, message: str | bytes, signature: str | bytes) -> bool: ... + @classmethod + def from_string(cls, public_key: str | bytes) -> EsVerifier: ... + +class EsSigner(base.Signer, base.FromServiceAccountMixin): + """Signs messages with an ECDSA private key.""" + + def __init__(self, private_key: ec.EllipticCurvePrivateKey, key_id: str | None = None) -> None: ... + @property + def algorithm(self) -> str: ... + @property + def key_id(self) -> str: ... + def sign(self, message: str | bytes) -> bytes: ... + @classmethod + def from_string(cls, key: bytes | str, key_id: str | None = None) -> EsSigner: ... diff --git a/stubs/google-auth/google/auth/crypt/es256.pyi b/stubs/google-auth/google/auth/crypt/es256.pyi new file mode 100644 index 000000000000..fb4d8d5b54a6 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/es256.pyi @@ -0,0 +1,4 @@ +from google.auth.crypt.es import EsSigner, EsVerifier + +class ES256Verifier(EsVerifier): ... +class ES256Signer(EsSigner): ... diff --git a/stubs/google-auth/google/auth/crypt/rsa.pyi b/stubs/google-auth/google/auth/crypt/rsa.pyi new file mode 100644 index 000000000000..226002bc6985 --- /dev/null +++ b/stubs/google-auth/google/auth/crypt/rsa.pyi @@ -0,0 +1,19 @@ +from typing import Any + +from google.auth.crypt import base + +RSA_KEY_MODULE_PREFIX: str + +class RSAVerifier(base.Verifier): + def __init__(self, public_key: Any) -> None: ... + def verify(self, message: Any, signature: Any) -> bool: ... + @classmethod + def from_string(cls, public_key: Any) -> RSAVerifier: ... + +class RSASigner(base.Signer, base.FromServiceAccountMixin): + def __init__(self, private_key: Any, key_id: str | None = None) -> None: ... + @property + def key_id(self) -> str: ... + def sign(self, message: Any) -> bytes: ... + @classmethod + def from_string(cls, key: Any, key_id: str | None = None) -> RSASigner: ... diff --git a/stubs/google-auth/google/auth/downscoped.pyi b/stubs/google-auth/google/auth/downscoped.pyi new file mode 100644 index 000000000000..9a082a305bc3 --- /dev/null +++ b/stubs/google-auth/google/auth/downscoped.pyi @@ -0,0 +1,67 @@ +from _typeshed import Incomplete +from typing import Any, Mapping, Sequence + +import google +import google.auth +import google.auth.transport +from google.auth import credentials + +class CredentialAccessBoundary: + def __init__(self, rules: list[AccessBoundaryRule] = []) -> None: ... + @property + def rules(self) -> tuple[AccessBoundaryRule, ...]: ... + @rules.setter + def rules(self, value: list[AccessBoundaryRule]) -> None: ... + def add_rule(self, rule: AccessBoundaryRule) -> None: ... + def to_json(self) -> Mapping[str, Any]: ... + +class AccessBoundaryRule: + def __init__( + self, + available_resource: str, + available_permissions: Sequence[str], + availability_condition: AvailabilityCondition | None = None, + ) -> None: ... + @property + def available_resource(self) -> str: ... + @available_resource.setter + def available_resource(self, value: str) -> None: ... + @property + def available_permissions(self) -> tuple[str, ...]: ... + @available_permissions.setter + def available_permissions(self, value: Sequence[str]) -> None: ... + @property + def availability_condition(self) -> AvailabilityCondition | None: ... + @availability_condition.setter + def availability_condition(self, value: AvailabilityCondition | None) -> None: ... + def to_json(self) -> Mapping[str, Any]: ... + +class AvailabilityCondition: + def __init__(self, expression: str, title: str | None = None, description: str | None = None) -> None: ... + @property + def expression(self) -> str: ... + @expression.setter + def expression(self, value: str) -> None: ... + @property + def title(self) -> str | None: ... + @title.setter + def title(self, value: str | None) -> None: ... + @property + def description(self) -> str | None: ... + @description.setter + def description(self, value: str | None) -> None: ... + def to_json(self) -> Mapping[str, str]: ... + +class Credentials(credentials.CredentialsWithQuotaProject): + def __init__( + self, + source_credentials: Credentials, + credential_access_boundary: CredentialAccessBoundary, + quota_project_id: str | None = None, + universe_domain: str = ..., + ) -> None: ... + token: Incomplete + expiry: Incomplete + + def refresh(self, request: google.auth.transport.Request) -> None: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... diff --git a/stubs/google-auth/google/auth/environment_vars.pyi b/stubs/google-auth/google/auth/environment_vars.pyi new file mode 100644 index 000000000000..e07017cb0bc2 --- /dev/null +++ b/stubs/google-auth/google/auth/environment_vars.pyi @@ -0,0 +1,24 @@ +PROJECT: str +LEGACY_PROJECT: str +GOOGLE_CLOUD_QUOTA_PROJECT: str +CREDENTIALS: str +CLOUD_SDK_CONFIG_DIR: str +GCE_METADATA_HOST: str +GCE_METADATA_ROOT: str +GCE_METADATA_IP: str +GCE_METADATA_TIMEOUT: str +GCE_METADATA_DETECT_RETRIES: str +NO_GCE_CHECK: str +GCE_METADATA_MTLS_MODE: str +GOOGLE_API_USE_CLIENT_CERTIFICATE: str +LEGACY_APPENGINE_RUNTIME: str +AWS_ACCESS_KEY_ID: str +AWS_SECRET_ACCESS_KEY: str +AWS_SESSION_TOKEN: str +AWS_REGION: str +AWS_DEFAULT_REGION: str +GOOGLE_AUTH_TRUST_BOUNDARY_ENABLED: str +GOOGLE_API_CERTIFICATE_CONFIG: str +CLOUD_SDK_CONTEXT_AWARE_USE_CLIENT_CERTIFICATE: str +CLOUDSDK_CONTEXT_AWARE_CERTIFICATE_CONFIG_FILE_PATH: str +GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES: str diff --git a/stubs/google-auth/google/auth/exceptions.pyi b/stubs/google-auth/google/auth/exceptions.pyi new file mode 100644 index 000000000000..175caa5cb9b1 --- /dev/null +++ b/stubs/google-auth/google/auth/exceptions.pyi @@ -0,0 +1,29 @@ +class GoogleAuthError(Exception): + def __init__(self, *args: object, **kwargs: object) -> None: ... + @property + def retryable(self) -> bool: ... + +class TransportError(GoogleAuthError): ... +class RefreshError(GoogleAuthError): ... +class UserAccessTokenError(GoogleAuthError): ... +class DefaultCredentialsError(GoogleAuthError): ... +class MutualTLSChannelError(GoogleAuthError): ... + +class ClientCertError(GoogleAuthError): + @property + def retryable(self) -> bool: ... + +class OAuthError(GoogleAuthError): ... + +class ReauthFailError(RefreshError): + def __init__(self, message: str | None = None, **kwargs: object) -> None: ... + +class ReauthSamlChallengeFailError(ReauthFailError): ... +class MalformedError(DefaultCredentialsError, ValueError): ... +class InvalidResource(DefaultCredentialsError, ValueError): ... +class InvalidOperation(DefaultCredentialsError, ValueError): ... +class InvalidValue(DefaultCredentialsError, ValueError): ... +class InvalidType(DefaultCredentialsError, TypeError): ... +class OSError(DefaultCredentialsError, EnvironmentError): ... +class TimeoutError(GoogleAuthError): ... +class ResponseError(GoogleAuthError): ... diff --git a/stubs/google-auth/google/auth/external_account.pyi b/stubs/google-auth/google/auth/external_account.pyi new file mode 100644 index 000000000000..5f7058409c12 --- /dev/null +++ b/stubs/google-auth/google/auth/external_account.pyi @@ -0,0 +1,69 @@ +import abc +from dataclasses import dataclass +from typing import Any, Mapping, Sequence + +import google +import google.auth +import google.auth.transport +from google.auth import credentials + +@dataclass +class SupplierContext: + subject_token_type: str + audience: str + +class Credentials( + credentials.Scoped, + credentials.CredentialsWithQuotaProject, + credentials.CredentialsWithTokenUri, + credentials.CredentialsWithTrustBoundary, + metaclass=abc.ABCMeta, +): + """Base class for external account credentials.""" + + def __init__( + self, + audience: str, + subject_token_type: str, + token_url: str, + credential_source: Mapping[str, Any], + service_account_impersonation_url: str | None = None, + service_account_impersonation_options: Mapping[str, str] | None = None, + client_id: str | None = None, + client_secret: str | None = None, + token_info_url: str | None = None, + quota_project_id: str | None = None, + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + workforce_pool_user_project: str | None = None, + universe_domain: str = credentials.DEFAULT_UNIVERSE_DOMAIN, + trust_boundary: Mapping[str, str] | None = None, + ) -> None: ... + @property + def info(self) -> Mapping[str, Any]: ... + @property + def service_account_email(self) -> str | None: ... + @property + def is_user(self) -> bool: ... + @property + def is_workforce_pool(self) -> bool: ... + @property + def requires_scopes(self) -> bool: ... + @property + def project_number(self) -> str | None: ... + @property + def token_info_url(self) -> str | None: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + def with_scopes(self, scopes: Sequence[str], default_scopes: Sequence[str] | None = None) -> Credentials: ... + @abc.abstractmethod + def retrieve_subject_token(self, request: google.auth.transport.Request) -> str: ... + def get_project_id(self, request: google.auth.transport.Request) -> str | None: ... + def refresh(self, request: google.auth.transport.Request) -> None: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_token_uri(self, token_uri: str) -> Credentials: ... + def with_universe_domain(self, universe_domain: str) -> Credentials: ... + def with_trust_boundary(self, trust_boundary: Mapping[str, str] | None) -> Credentials: ... + @classmethod + def from_info(cls, info: Mapping[str, Any], **kwargs: Any) -> Credentials: ... + @classmethod + def from_file(cls, filename: str, **kwargs: Any) -> Credentials: ... diff --git a/stubs/google-auth/google/auth/external_account_authorized_user.pyi b/stubs/google-auth/google/auth/external_account_authorized_user.pyi new file mode 100644 index 000000000000..e115b5172d7d --- /dev/null +++ b/stubs/google-auth/google/auth/external_account_authorized_user.pyi @@ -0,0 +1,73 @@ +import datetime +from _typeshed import Incomplete +from typing import Any, Mapping, Sequence + +import google +import google.auth +import google.auth.transport +from google.auth import credentials + +class Credentials( + credentials.CredentialsWithQuotaProject, + credentials.ReadOnlyScoped, + credentials.CredentialsWithTokenUri, + credentials.CredentialsWithTrustBoundary, +): + token: Incomplete + expiry: datetime.datetime | None + + def __init__( + self, + token: str | None = None, + expiry: datetime.datetime | None = None, + refresh_token: str | None = None, + audience: str | None = None, + client_id: str | None = None, + client_secret: str | None = None, + token_url: str | None = None, + token_info_url: str | None = None, + revoke_url: str | None = None, + scopes: Sequence[str] | None = None, + quota_project_id: str | None = None, + universe_domain: str = ..., + trust_boundary: Mapping[str, str] | None = None, + ) -> None: ... + @property + def info(self) -> Mapping[str, object]: ... + def constructor_args(self) -> Mapping[str, object]: ... + @property + def scopes(self) -> Sequence[str] | None: ... + @property + def requires_scopes(self) -> bool: ... + @property + def client_id(self) -> str | None: ... + @property + def client_secret(self) -> str | None: ... + @property + def audience(self) -> str | None: ... + @property + def refresh_token(self) -> str | None: ... + @property + def token_url(self) -> str | None: ... + @property + def token_info_url(self) -> str | None: ... + @property + def revoke_url(self) -> str | None: ... + @property + def is_user(self) -> bool: ... + @property + def can_refresh(self) -> bool: ... + def get_project_id(self, request: google.auth.transport.Request | None = None) -> str | None: ... + def to_json(self, strip: Sequence[str] | None = None) -> str: ... + def revoke(self, request: google.auth.transport.Request) -> None: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_token_uri(self, token_uri: str) -> Credentials: ... + def with_universe_domain(self, universe_domain: str) -> Credentials: ... + def with_trust_boundary(self, trust_boundary: Mapping[str, str]) -> Credentials: ... + @classmethod + def from_info(cls, info: Mapping[str, Any], **kwargs: Any) -> Credentials: ... + @classmethod + def from_file(cls, filename: str, **kwargs: Any) -> Credentials: ... + def _build_trust_boundary_lookup_url(self) -> str: ... + def _perform_refresh_token(self, request: google.auth.transport.Request) -> None: ... diff --git a/stubs/google-auth/google/auth/iam.pyi b/stubs/google-auth/google/auth/iam.pyi new file mode 100644 index 000000000000..9fef723bdd05 --- /dev/null +++ b/stubs/google-auth/google/auth/iam.pyi @@ -0,0 +1,15 @@ +import google +import google.auth +import google.auth.transport +from google.auth import credentials +from google.auth.crypt import base + +IAM_RETRY_CODES: set[int] + +class Signer(base.Signer): + def __init__( + self, request: google.auth.transport.Request, credentials: credentials.Credentials, service_account_email: str + ) -> None: ... + @property + def key_id(self) -> str: ... + def sign(self, message: str | bytes) -> bytes: ... diff --git a/stubs/google-auth/google/auth/identity_pool.pyi b/stubs/google-auth/google/auth/identity_pool.pyi new file mode 100644 index 000000000000..23f162640858 --- /dev/null +++ b/stubs/google-auth/google/auth/identity_pool.pyi @@ -0,0 +1,44 @@ +import abc +from typing import Any, Mapping, NamedTuple + +from google.auth import external_account + +class SubjectTokenSupplier(metaclass=abc.ABCMeta): + @abc.abstractmethod + def get_subject_token(self, context: Any, request: Any) -> str: ... + +class _TokenContent(NamedTuple): + content: str + location: str + +class _FileSupplier(SubjectTokenSupplier): + def __init__(self, path: str, format_type: str, subject_token_field_name: str | None) -> None: ... + def get_subject_token(self, context: Any, request: Any) -> str: ... + +class _UrlSupplier(SubjectTokenSupplier): + def __init__( + self, url: str, format_type: str, subject_token_field_name: str | None, headers: Mapping[str, str] | None + ) -> None: ... + def get_subject_token(self, context: Any, request: Any) -> str: ... + +class _X509Supplier(SubjectTokenSupplier): + def __init__(self, trust_chain_path: str | None, leaf_cert_callback: Any) -> None: ... + def get_subject_token(self, context: Any, request: Any) -> str: ... + +class Credentials(external_account.Credentials, metaclass=abc.ABCMeta): + def __init__( + self, + audience: str, + subject_token_type: str, + token_url: str = "https://sts.googleapis.com/v1/token", + credential_source: Mapping[str, Any] | None = None, + subject_token_supplier: SubjectTokenSupplier | None = None, + *args: Any, + **kwargs: Any, + ) -> None: ... + def retrieve_subject_token(self, request: Any) -> str: ... + @classmethod + def from_info(cls, info: Mapping[str, Any], **kwargs: Any) -> Credentials: ... + @classmethod + def from_file(cls, filename: str, **kwargs: Any) -> Credentials: ... + def refresh(self, request: Any) -> None: ... diff --git a/stubs/google-auth/google/auth/impersonated_credentials.pyi b/stubs/google-auth/google/auth/impersonated_credentials.pyi new file mode 100644 index 000000000000..0b6ec98fc913 --- /dev/null +++ b/stubs/google-auth/google/auth/impersonated_credentials.pyi @@ -0,0 +1,71 @@ +from _typeshed import Incomplete +from typing import Any, Mapping, Sequence + +import google +import google.auth +import google.auth.transport +from google.auth import credentials + +class Credentials( + credentials.Scoped, credentials.CredentialsWithQuotaProject, credentials.Signing, credentials.CredentialsWithTrustBoundary +): + token: Incomplete + expiry: Incomplete + + def __init__( + self, + source_credentials: credentials.Credentials, + target_principal: str, + target_scopes: Sequence[str], + delegates: Sequence[str] | None = None, + subject: str | None = None, + lifetime: int = ..., + quota_project_id: str | None = None, + iam_endpoint_override: str | None = None, + trust_boundary: Mapping[str, str] | None = None, + ) -> None: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer_email(self) -> str: ... + @property + def service_account_email(self) -> str: ... + @property + def signer(self) -> Any: ... + @property + def requires_scopes(self) -> bool: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + def with_trust_boundary(self, trust_boundary: Mapping[str, str]) -> Credentials: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_scopes(self, scopes: Sequence[str], default_scopes: Sequence[str] | None = None) -> Credentials: ... + @classmethod + def from_impersonated_service_account_info( + cls: type[Credentials], info: Mapping[str, Any], scopes: Sequence[str] | None = None + ) -> Credentials: ... + def _build_trust_boundary_lookup_url(self) -> str: ... + def _perform_refresh_token(self, request: google.auth.transport.Request) -> None: ... + +class IDTokenCredentials(credentials.CredentialsWithQuotaProject, credentials.Signing, credentials.CredentialsWithTokenUri): + def __init__( + self, + target_credentials: credentials.Credentials, + target_audience: str | None = None, + include_email: bool = False, + quota_project_id: str | None = None, + ) -> None: ... + def from_credentials( + self, target_credentials: credentials.Credentials, target_audience: str | None = None + ) -> IDTokenCredentials: ... + def with_target_audience(self, target_audience: str) -> IDTokenCredentials: ... + def with_include_email(self, include_email: bool) -> IDTokenCredentials: ... + def with_quota_project(self, quota_project_id: str | None) -> IDTokenCredentials: ... + token: Incomplete + expiry: Incomplete + + def refresh(self, request: google.auth.transport.Request) -> None: ... + @property + def signer(self) -> Any: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def service_account_email(self) -> str: ... + @property + def signer_email(self) -> str: ... diff --git a/stubs/google-auth/google/auth/jwt.pyi b/stubs/google-auth/google/auth/jwt.pyi new file mode 100644 index 000000000000..9ac2fe363ffc --- /dev/null +++ b/stubs/google-auth/google/auth/jwt.pyi @@ -0,0 +1,95 @@ +from typing import Any, Coroutine, Mapping + +from google.auth import credentials as _credentials +from google.auth.crypt import Signer as _Signer + +_DEFAULT_TOKEN_LIFETIME_SECS: int +_DEFAULT_MAX_CACHE_SIZE: int +_ALGORITHM_TO_VERIFIER_CLASS: dict[str, type] +_CRYPTOGRAPHY_BASED_ALGORITHMS: frozenset[str] + +def encode( + signer: _Signer, payload: Mapping[str, str], header: Mapping[str, str] | None = None, key_id: str | None = None +) -> bytes: ... +def _decode_jwt_segment(encoded_section: bytes) -> Mapping[str, object]: ... +def _unverified_decode(token: str | bytes) -> tuple[Mapping[str, object], Mapping[str, object], bytes, bytes]: ... +def decode_header(token: str | bytes) -> Mapping[str, object]: ... +def _verify_iat_and_exp(payload: Mapping[str, str], clock_skew_in_seconds: int = 0) -> None: ... +def decode( + token: str, + certs: str | bytes | Mapping[str, str | bytes] | None = None, + verify: bool = True, + audience: str | list[str] | None = None, + clock_skew_in_seconds: int = 0, +) -> Mapping[str, str]: ... + +class Credentials(_credentials.Signing, _credentials.CredentialsWithQuotaProject): + expiry: Any + + def __init__( + self, + signer: _Signer, + issuer: str, + subject: str, + audience: str, + additional_claims: Mapping[str, str] | None = None, + token_lifetime: int = ..., + quota_project_id: str | None = None, + ) -> None: ... + @classmethod + def _from_signer_and_info(cls, signer: _Signer, info: Mapping[str, str], **kwargs: Any) -> Credentials: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str], **kwargs: Any) -> Credentials: ... + @classmethod + def from_service_account_file(cls, filename: str, **kwargs: Any) -> Credentials: ... + @classmethod + def from_signing_credentials(cls, credentials: _credentials.Signing, audience: str, **kwargs: Any) -> Credentials: ... + def with_claims( + self, + issuer: str | None = None, + subject: str | None = None, + audience: str | None = None, + additional_claims: Mapping[str, str] | None = None, + ) -> Credentials: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def refresh(self, request: Any) -> None: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer_email(self) -> str: ... + @property + def signer(self) -> _Signer: ... + @property + def additional_claims(self) -> Mapping[str, str]: ... + +class OnDemandCredentials(_credentials.Signing, _credentials.CredentialsWithQuotaProject): + def __init__( + self, + signer: _Signer, + issuer: str, + subject: str, + additional_claims: Mapping[str, str] | None = None, + token_lifetime: int = ..., + max_cache_size: int = ..., + quota_project_id: str | None = None, + ) -> None: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str], **kwargs: Any) -> OnDemandCredentials: ... + @classmethod + def from_service_account_file(cls, filename: str, **kwargs: Any) -> OnDemandCredentials: ... + @classmethod + def from_signing_credentials(cls, credentials: _credentials.Signing, **kwargs: Any) -> OnDemandCredentials: ... + def with_claims( + self, issuer: str | None = None, subject: str | None = None, additional_claims: Mapping[str, str] | None = None + ) -> OnDemandCredentials: ... + def with_quota_project(self, quota_project_id: str | None) -> OnDemandCredentials: ... + @property + def valid(self) -> bool: ... + def refresh(self, request: Any) -> None: ... + def before_request( + self, request: Any, method: str, url: str, headers: Mapping[str, str] + ) -> None | Coroutine[Any, Any, None]: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer_email(self) -> str: ... + @property + def signer(self) -> _Signer: ... diff --git a/stubs/google-auth/google/auth/metrics.pyi b/stubs/google-auth/google/auth/metrics.pyi new file mode 100644 index 000000000000..820353dac60d --- /dev/null +++ b/stubs/google-auth/google/auth/metrics.pyi @@ -0,0 +1,28 @@ +from typing import Mapping + +API_CLIENT_HEADER: str +BYOID_HEADER_SECTION: str +REQUEST_TYPE_ACCESS_TOKEN: str +REQUEST_TYPE_ID_TOKEN: str +REQUEST_TYPE_MDS_PING: str +REQUEST_TYPE_REAUTH_START: str +REQUEST_TYPE_REAUTH_CONTINUE: str +CRED_TYPE_USER: str +CRED_TYPE_SA_ASSERTION: str +CRED_TYPE_SA_JWT: str +CRED_TYPE_SA_MDS: str +CRED_TYPE_SA_IMPERSONATE: str + +def python_and_auth_lib_version() -> str: ... +def token_request_access_token_mds() -> str: ... +def token_request_id_token_mds() -> str: ... +def token_request_access_token_impersonate() -> str: ... +def token_request_id_token_impersonate() -> str: ... +def token_request_access_token_sa_assertion() -> str: ... +def token_request_id_token_sa_assertion() -> str: ... +def token_request_user() -> str: ... +def mds_ping() -> str: ... +def reauth_start() -> str: ... +def reauth_continue() -> str: ... +def byoid_metrics_header(metrics_options: Mapping[str, str]) -> str: ... +def add_metric_header(headers: Mapping[str, str], metric_header_value: str | None) -> None: ... diff --git a/stubs/google-auth/google/auth/pluggable.pyi b/stubs/google-auth/google/auth/pluggable.pyi new file mode 100644 index 000000000000..8f92f9f64dcc --- /dev/null +++ b/stubs/google-auth/google/auth/pluggable.pyi @@ -0,0 +1,32 @@ +import abc +from typing import Any, Mapping + +from google.auth import external_account + +EXECUTABLE_SUPPORTED_MAX_VERSION: int +EXECUTABLE_TIMEOUT_MILLIS_DEFAULT: int +EXECUTABLE_TIMEOUT_MILLIS_LOWER_BOUND: int +EXECUTABLE_TIMEOUT_MILLIS_UPPER_BOUND: int +EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_LOWER_BOUND: int +EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_UPPER_BOUND: int + +class Credentials(external_account.Credentials, metaclass=abc.ABCMeta): + interactive: bool + + def __init__( + self, + audience: str, + subject_token_type: str, + token_url: str, + credential_source: Mapping[str, Any] | None = None, + *args: Any, + **kwargs: Any, + ) -> None: ... + def retrieve_subject_token(self, request: Any) -> Any: ... + def revoke(self, request: Any) -> None: ... + @property + def external_account_id(self) -> str | None: ... + @classmethod + def from_info(cls, info: Mapping[str, Any], **kwargs: Any) -> Credentials: ... + @classmethod + def from_file(cls, filename: str, **kwargs: Any) -> Credentials: ... diff --git a/stubs/google-auth/google/auth/transport/__init__.pyi b/stubs/google-auth/google/auth/transport/__init__.pyi new file mode 100644 index 000000000000..ebbe6b4b3aee --- /dev/null +++ b/stubs/google-auth/google/auth/transport/__init__.pyi @@ -0,0 +1,29 @@ +import abc +from typing import Any, Mapping, Sequence + +DEFAULT_RETRYABLE_STATUS_CODES: Sequence[int] +DEFAULT_REFRESH_STATUS_CODES: Sequence[int] +DEFAULT_MAX_REFRESH_ATTEMPTS: int + +class Response(metaclass=abc.ABCMeta): + @property + @abc.abstractmethod + def status(self) -> int: ... + @property + @abc.abstractmethod + def headers(self) -> Mapping[str, str]: ... + @property + @abc.abstractmethod + def data(self) -> bytes: ... + +class Request(metaclass=abc.ABCMeta): + @abc.abstractmethod + def __call__( + self, + url: str, + method: str = "GET", + body: bytes | None = None, + headers: Mapping[str, str] | None = None, + timeout: float | None = None, + **kwargs: Any, + ) -> Response: ... diff --git a/stubs/google-auth/google/auth/transport/_aiohttp_requests.pyi b/stubs/google-auth/google/auth/transport/_aiohttp_requests.pyi new file mode 100644 index 000000000000..f05881e2786d --- /dev/null +++ b/stubs/google-auth/google/auth/transport/_aiohttp_requests.pyi @@ -0,0 +1,63 @@ +from typing import Any, Mapping, Sequence + +from google.auth import transport +from google.auth.transport import Response + +class _CombinedResponse(transport.Response): + def __init__(self, response: Any) -> None: ... + @property + def status(self) -> int: ... + @property + def headers(self) -> Mapping[str, str]: ... + @property + def data(self) -> bytes: ... + async def raw_content(self) -> bytes: ... + async def content(self) -> bytes: ... + +class _Response(transport.Response): + def __init__(self, response: Any) -> None: ... + @property + def status(self) -> int: ... + @property + def headers(self) -> Mapping[str, str]: ... + @property + def data(self) -> bytes: ... + +class Request(transport.Request): + session: Any + + def __init__(self, session: Any | None = None) -> None: ... + def __call__( + self, + url: str, + method: str = "GET", + body: bytes | None = None, + headers: Mapping[str, str] | None = None, + timeout: float | None = None, + **kwargs: Any, + ) -> Response: ... + +class AuthorizedSession: + credentials: Any + + def __init__( + self, + credentials: Any, + refresh_status_codes: Sequence[int] = ..., + max_refresh_attempts: int = ..., + refresh_timeout: float | None = None, + auth_request: Request | None = None, + auto_decompress: bool = False, + **kwargs: Any, + ) -> None: ... + async def request( + self, + method: str, + url: str, + data: Any = None, + headers: Mapping[str, str] | None = None, + max_allowed_time: float | None = None, + timeout: float | None = None, + auto_decompress: bool = False, + **kwargs: Any, + ) -> _Response: ... diff --git a/stubs/google-auth/google/auth/transport/_custom_tls_signer.pyi b/stubs/google-auth/google/auth/transport/_custom_tls_signer.pyi new file mode 100644 index 000000000000..3bc218f5d180 --- /dev/null +++ b/stubs/google-auth/google/auth/transport/_custom_tls_signer.pyi @@ -0,0 +1,16 @@ +from _typeshed import Incomplete + +SIGN_CALLBACK_CTYPE: Incomplete + +def load_offload_lib(offload_lib_path: str) -> object: ... +def load_signer_lib(signer_lib_path: str) -> object: ... +def load_provider_lib(provider_lib_path: str) -> object: ... +def get_sign_callback(signer_lib: object, config_file_path: str) -> object: ... +def get_cert(signer_lib: object, config_file_path: str) -> bytes: ... + +class CustomTlsSigner: + def __init__(self, enterprise_cert_file_path: str) -> None: ... + def load_libraries(self) -> None: ... + def set_up_custom_key(self) -> None: ... + def should_use_provider(self) -> bool: ... + def attach_to_ssl_context(self, ctx: object) -> None: ... diff --git a/stubs/google-auth/google/auth/transport/_http_client.pyi b/stubs/google-auth/google/auth/transport/_http_client.pyi new file mode 100644 index 000000000000..f01e368ae433 --- /dev/null +++ b/stubs/google-auth/google/auth/transport/_http_client.pyi @@ -0,0 +1,23 @@ +from typing import Any, Mapping + +from google.auth import transport + +class Response(transport.Response): + def __init__(self, response: Any) -> None: ... + @property + def status(self) -> int: ... + @property + def headers(self) -> Mapping[str, str]: ... + @property + def data(self) -> bytes: ... + +class Request(transport.Request): + def __call__( + self, + url: str, + method: str = "GET", + body: bytes | None = None, + headers: Mapping[str, str] | None = None, + timeout: float | None = None, + **kwargs: Any, + ) -> Response: ... diff --git a/stubs/google-auth/google/auth/transport/_mtls_helper.pyi b/stubs/google-auth/google/auth/transport/_mtls_helper.pyi new file mode 100644 index 000000000000..90cc388f8356 --- /dev/null +++ b/stubs/google-auth/google/auth/transport/_mtls_helper.pyi @@ -0,0 +1,17 @@ +from typing import Callable + +CONTEXT_AWARE_METADATA_PATH: str +CERTIFICATE_CONFIGURATION_DEFAULT_PATH: str + +def get_client_ssl_credentials( + generate_encrypted_key: bool = False, + context_aware_metadata_path: str = CONTEXT_AWARE_METADATA_PATH, + certificate_config_path: str | None = None, +) -> tuple[bool, bytes | None, bytes | None, bytes | None]: ... +def get_client_cert_and_key( + client_cert_callback: Callable[[], tuple[bytes, bytes]] | None = None, +) -> tuple[bool, bytes | None, bytes | None]: ... +def decrypt_private_key(key: bytes, passphrase: bytes | None) -> bytes: ... +def check_use_client_cert() -> bool: ... +def check_parameters_for_unauthorized_response(cached_cert: bytes | None) -> tuple[bytes, bytes, str | None, str]: ... +def call_client_cert_callback() -> tuple[bytes, bytes]: ... diff --git a/stubs/google-auth/google/auth/transport/_requests_base.pyi b/stubs/google-auth/google/auth/transport/_requests_base.pyi new file mode 100644 index 000000000000..d44374f34b42 --- /dev/null +++ b/stubs/google-auth/google/auth/transport/_requests_base.pyi @@ -0,0 +1,20 @@ +import abc +from typing import Any + +class _BaseAuthorizedSession(metaclass=abc.ABCMeta): + credentials: Any + + def __init__(self, credentials: Any) -> None: ... + @abc.abstractmethod + def request( + self, + method: str, + url: str, + data: Any = None, + headers: Any = None, + max_allowed_time: Any = None, + timeout: float | None = None, + **kwargs: Any, + ) -> Any: ... + @abc.abstractmethod + def close(self) -> None: ... diff --git a/stubs/google-auth/google/auth/transport/grpc.pyi b/stubs/google-auth/google/auth/transport/grpc.pyi new file mode 100644 index 000000000000..b7324906271f --- /dev/null +++ b/stubs/google-auth/google/auth/transport/grpc.pyi @@ -0,0 +1,18 @@ +from typing import Any + +import grpc + +class AuthMetadataPlugin(grpc.AuthMetadataPlugin): + def __init__(self, credentials: Any, request: Any, default_host: str | None = None) -> None: ... + def __call__(self, context: Any, callback: Any) -> None: ... + +def secure_authorized_channel( + credentials: Any, request: Any, target: str, ssl_credentials: Any = ..., client_cert_callback: Any = ..., **kwargs: Any +) -> grpc.Channel: ... + +class SslCredentials: + def __init__(self) -> None: ... + @property + def ssl_credentials(self) -> Any: ... + @property + def is_mtls(self) -> bool: ... diff --git a/stubs/google-auth/google/auth/transport/mtls.pyi b/stubs/google-auth/google/auth/transport/mtls.pyi new file mode 100644 index 000000000000..3fc8dc18fee5 --- /dev/null +++ b/stubs/google-auth/google/auth/transport/mtls.pyi @@ -0,0 +1,6 @@ +from typing import Callable + +def has_default_client_cert_source(include_context_aware: bool = True) -> bool: ... +def default_client_cert_source() -> Callable[[], tuple[bytes, bytes]]: ... +def default_client_encrypted_cert_source(cert_path: str, key_path: str) -> Callable[[], tuple[str, str, bytes]]: ... +def should_use_client_cert() -> bool: ... diff --git a/stubs/google-auth/google/auth/transport/requests.pyi b/stubs/google-auth/google/auth/transport/requests.pyi new file mode 100644 index 000000000000..71bc343b00fc --- /dev/null +++ b/stubs/google-auth/google/auth/transport/requests.pyi @@ -0,0 +1,128 @@ +import types +from _typeshed import SupportsItems, SupportsRead +from typing import Any, Callable, Iterable, Mapping, MutableMapping, Sequence + +import requests +import requests.adapters +from google.auth import transport +from requests import Response, Response as _RequestsResponse +from requests.auth import AuthBase +from requests.sessions import PreparedRequest, RequestsCookieJar + +class _Response(transport.Response): + def __init__(self, response: _RequestsResponse) -> None: ... + @property + def status(self) -> int: ... + @property + def headers(self) -> Mapping[str, str]: ... + @property + def data(self) -> bytes: ... + +class TimeoutGuard: + remaining_timeout: Any + + def __init__(self, timeout: Any, timeout_error_type: type[Exception] = requests.exceptions.Timeout) -> None: ... + def __enter__(self) -> TimeoutGuard: ... + def __exit__( + self, exc_type: type[BaseException] | None, exc_value: BaseException | None, traceback: types.TracebackType | None + ) -> None: ... + +class Request(transport.Request): + session: requests.Session | None + + def __init__(self, session: requests.Session | None = None) -> None: ... + def __del__(self) -> None: ... + def __call__( + self, + url: str, + method: str = "GET", + body: bytes | None = None, + headers: Mapping[str, str] | None = None, + timeout: float | None = None, + **kwargs: Any, + ) -> _Response: ... + +class _MutualTlsAdapter(requests.adapters.HTTPAdapter): + def __init__(self, cert: bytes, key: bytes) -> None: ... + def init_poolmanager(self, *args: Any, **kwargs: Any) -> None: ... + def proxy_manager_for(self, *args: Any, **kwargs: Any) -> Any: ... + +class _MutualTlsOffloadAdapter(requests.adapters.HTTPAdapter): + signer: Any + + def __init__(self, enterprise_cert_file_path: str) -> None: ... + def init_poolmanager(self, *args: Any, **kwargs: Any) -> None: ... + def proxy_manager_for(self, *args: Any, **kwargs: Any) -> Any: ... + +class AuthorizedSession(requests.Session): + credentials: Any + + def __init__( + self, + credentials: Any, + refresh_status_codes: Sequence[int] = ..., + max_refresh_attempts: int = ..., + refresh_timeout: float | None = None, + auth_request: Request | None = None, + default_host: str | None = None, + ) -> None: ... + def configure_mtls_channel(self, client_cert_callback: Any | None = None) -> None: ... + def request( + self, + method: str | bytes, + url: str | bytes, + params: ( + SupportsItems[str | bytes | int | float, str | bytes | int | float | Iterable[str | bytes | int | float] | None] + | tuple[str | bytes | int | float, str | bytes | int | float | Iterable[str | bytes | int | float] | None] + | Iterable[tuple[str | bytes | int | float, str | bytes | int | float | Iterable[str | bytes | int | float] | None]] + | str + | bytes + | None + ) = ..., + data: ( + Iterable[bytes] + | str + | bytes + | SupportsRead[str | bytes] + | list[tuple[Any, Any]] + | tuple[tuple[Any, Any], ...] + | Mapping[Any, Any] + | None + ) = ..., + headers: Mapping[str, str | bytes | None] | None = ..., + cookies: RequestsCookieJar | MutableMapping[str, str] | None = ..., + files: ( + Mapping[ + str, + SupportsRead[str | bytes] + | str + | bytes + | tuple[str | None, SupportsRead[str | bytes] | str | bytes] + | tuple[str | None, SupportsRead[str | bytes] | str | bytes, str] + | tuple[str | None, SupportsRead[str | bytes] | str | bytes, str, Mapping[str, str]], + ] + | Iterable[ + tuple[ + str, + SupportsRead[str | bytes] + | str + | bytes + | tuple[str | None, SupportsRead[str | bytes] | str | bytes] + | tuple[str | None, SupportsRead[str | bytes] | str | bytes, str] + | tuple[str | None, SupportsRead[str | bytes] | str | bytes, str, Mapping[str, str]], + ] + ] + | None + ) = ..., + auth: tuple[str, str] | AuthBase | Callable[[PreparedRequest], PreparedRequest] | None = ..., + timeout: float | tuple[float | None, float | None] | None = ..., + allow_redirects: bool = ..., + proxies: MutableMapping[str, str] | None = ..., + hooks: Mapping[str, Iterable[Callable[[Response], Any]] | Callable[[Response], Any]] | None = ..., + stream: bool | None = ..., + verify: bool | str | None = ..., + cert: str | tuple[str, str] | None = ..., + json: Any | None = ..., + ) -> Response: ... + @property + def is_mtls(self) -> bool: ... diff --git a/stubs/google-auth/google/auth/transport/urllib3.pyi b/stubs/google-auth/google/auth/transport/urllib3.pyi new file mode 100644 index 000000000000..2621ac5d5cb1 --- /dev/null +++ b/stubs/google-auth/google/auth/transport/urllib3.pyi @@ -0,0 +1,86 @@ +import types +from typing import Any, Callable, Mapping, Sequence + +import requests +import requests.adapters +from google.auth import transport + +class _RequestMethodsBase: ... + +RequestMethods = _RequestMethodsBase +_LOGGER: Any = None + +class _Response(transport.Response): + """urllib3 transport response adapter. + + Args: + response (urllib3.response.HTTPResponse): The raw urllib3 response. + """ + + def __init__(self, response: Any) -> None: ... + @property + def status(self) -> int: ... + @property + def headers(self) -> Mapping[str, str]: ... + @property + def data(self) -> bytes: ... + +class TimeoutGuard: + remaining_timeout: Any + + def __init__(self, timeout: Any, timeout_error_type: type[Exception] = requests.exceptions.Timeout) -> None: ... + def __enter__(self) -> TimeoutGuard: ... + def __exit__( + self, exc_type: type[BaseException] | None, exc_value: BaseException | None, traceback: types.TracebackType | None + ) -> None: ... + +class Request(transport.Request): + http: Any + + def __init__(self, http: Any | None = None) -> None: ... + def __del__(self) -> None: ... + def __call__( + self, + url: str, + method: str = "GET", + body: bytes | None = None, + headers: Mapping[str, str] | None = None, + timeout: float | None = None, + **kwargs: Any, + ) -> _Response: ... + +class _MutualTlsAdapter(requests.adapters.HTTPAdapter): + def __init__(self, cert: bytes, key: bytes) -> None: ... + def init_poolmanager(self, *args: Any, **kwargs: Any) -> None: ... + def proxy_manager_for(self, *args: Any, **kwargs: Any) -> Any: ... + +class _MutualTlsOffloadAdapter(requests.adapters.HTTPAdapter): + signer: Any + + def __init__(self, enterprise_cert_file_path: str) -> None: ... + def init_poolmanager(self, *args: Any, **kwargs: Any) -> None: ... + def proxy_manager_for(self, *args: Any, **kwargs: Any) -> Any: ... + +class AuthorizedHttp(RequestMethods): + http: Any + credentials: Any + + def __init__( + self, + credentials: Any, + http: Any | None = None, + refresh_status_codes: Sequence[int] = ..., + max_refresh_attempts: int = ..., + default_host: str | None = None, + ) -> None: ... + def configure_mtls_channel(self, client_cert_callback: Callable[[], tuple[bytes, bytes]] | None = ...) -> bool: ... + def urlopen(self, method: str, url: str, body: Any = None, headers: Any = None, **kwargs: Any) -> _Response: ... + def __enter__(self) -> Any: ... + def __exit__( + self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: types.TracebackType | None + ) -> None: ... + def __del__(self) -> None: ... + @property + def headers(self) -> Mapping[str, str]: ... + @headers.setter + def headers(self, value: Mapping[str, str]) -> None: ... diff --git a/stubs/google-auth/google/auth/version.pyi b/stubs/google-auth/google/auth/version.pyi new file mode 100644 index 000000000000..bda5b5a7f4cc --- /dev/null +++ b/stubs/google-auth/google/auth/version.pyi @@ -0,0 +1 @@ +__version__: str diff --git a/stubs/google-auth/google/oauth2/__init__.pyi b/stubs/google-auth/google/oauth2/__init__.pyi new file mode 100644 index 000000000000..939a5de79058 --- /dev/null +++ b/stubs/google-auth/google/oauth2/__init__.pyi @@ -0,0 +1,6 @@ +class Python37DeprecationWarning(DeprecationWarning): # pragma: NO COVER + """Deprecation warning raised when Python 3.7 runtime is detected. + Python 3.7 support will be dropped after January 1, 2024. + """ + +eol_message: str diff --git a/stubs/google-auth/google/oauth2/_client.pyi b/stubs/google-auth/google/oauth2/_client.pyi new file mode 100644 index 000000000000..d7f0762a4c7c --- /dev/null +++ b/stubs/google-auth/google/oauth2/_client.pyi @@ -0,0 +1,24 @@ +import datetime +from typing import Mapping, Sequence + +from google.auth.transport import Request + +def jwt_grant( + request: Request, token_uri: str, assertion: str, can_retry: bool = True +) -> tuple[str, datetime.datetime | None, Mapping[str, str]]: ... +def call_iam_generate_id_token_endpoint( + request: Request, iam_id_token_endpoint: str, signer_email: str, audience: str, access_token: str, universe_domain: str = ... +) -> tuple[str, datetime.datetime]: ... +def id_token_jwt_grant( + request: Request, token_uri: str, assertion: str, can_retry: bool = True +) -> tuple[str, datetime.datetime | None, Mapping[str, str]]: ... +def refresh_grant( + request: Request, + token_uri: str, + refresh_token: str, + client_id: str, + client_secret: str, + scopes: Sequence[str] | None = None, + rapt_token: str | None = None, + can_retry: bool = True, +) -> tuple[str, str, datetime.datetime | None, Mapping[str, str]]: ... diff --git a/stubs/google-auth/google/oauth2/_client_async.pyi b/stubs/google-auth/google/oauth2/_client_async.pyi new file mode 100644 index 000000000000..a9a0a7e95d4f --- /dev/null +++ b/stubs/google-auth/google/oauth2/_client_async.pyi @@ -0,0 +1,21 @@ +from datetime import datetime +from typing import Mapping, Sequence + +from google.auth.transport import Request + +async def jwt_grant( + request: Request, token_uri: str, assertion: str, can_retry: bool = True +) -> tuple[str, datetime | None, Mapping[str, str]]: ... +async def id_token_jwt_grant( + request: Request, token_uri: str, assertion: str, can_retry: bool = True +) -> tuple[str, datetime | None, Mapping[str, str]]: ... +async def refresh_grant( + request: Request, + token_uri: str, + refresh_token: str, + client_id: str, + client_secret: str, + scopes: Sequence[str] | None = None, + rapt_token: str | None = None, + can_retry: bool = True, +) -> tuple[str, str | None, datetime | None, Mapping[str, str]]: ... diff --git a/stubs/google-auth/google/oauth2/_credentials_async.pyi b/stubs/google-auth/google/oauth2/_credentials_async.pyi new file mode 100644 index 000000000000..c06190659859 --- /dev/null +++ b/stubs/google-auth/google/oauth2/_credentials_async.pyi @@ -0,0 +1,14 @@ +from _typeshed import Incomplete +from typing import Mapping + +from google.auth.transport import Request as _Request +from google.oauth2 import credentials as oauth2_credentials + +class Credentials(oauth2_credentials.Credentials): + token: Incomplete + expiry: Incomplete + + async def refresh(self, request: _Request) -> None: ... + async def before_request(self, request: _Request, method: str, url: str, headers: Mapping[str, str]) -> None: ... + +class UserAccessTokenCredentials(oauth2_credentials.UserAccessTokenCredentials): ... diff --git a/stubs/google-auth/google/oauth2/_id_token_async.pyi b/stubs/google-auth/google/oauth2/_id_token_async.pyi new file mode 100644 index 000000000000..101b62f062cd --- /dev/null +++ b/stubs/google-auth/google/oauth2/_id_token_async.pyi @@ -0,0 +1,18 @@ +from typing import Any, Mapping, Sequence + +from google.auth.transport import Request as _Request + +async def verify_token( + id_token: str | bytes, + request: _Request, + audience: str | Sequence[str] | None = None, + certs_url: str = "https://www.googleapis.com/oauth2/v1/certs", + clock_skew_in_seconds: int = 0, +) -> Mapping[str, Any]: ... +async def verify_oauth2_token( + id_token: str | bytes, request: _Request, audience: str | Sequence[str] | None = None, clock_skew_in_seconds: int = 0 +) -> Mapping[str, Any]: ... +async def verify_firebase_token( + id_token: str | bytes, request: _Request, audience: str | Sequence[str] | None = None, clock_skew_in_seconds: int = 0 +) -> Mapping[str, Any]: ... +async def fetch_id_token(request: _Request, audience: str) -> str: ... diff --git a/stubs/google-auth/google/oauth2/_reauth_async.pyi b/stubs/google-auth/google/oauth2/_reauth_async.pyi new file mode 100644 index 000000000000..4c5b27cedaf6 --- /dev/null +++ b/stubs/google-auth/google/oauth2/_reauth_async.pyi @@ -0,0 +1,19 @@ +import datetime +from typing import Mapping, Sequence + +from google.auth.transport import Request as _Request + +def is_interactive() -> bool: ... +def get_rapt_token( + request: _Request, client_id: str, client_secret: str, refresh_token: str, token_uri: str, scopes: Sequence[str] | None = None +) -> str: ... +def refresh_grant( + request: _Request, + token_uri: str, + refresh_token: str, + client_id: str, + client_secret: str, + scopes: Sequence[str] | None = None, + rapt_token: str | None = None, + enable_reauth_refresh: bool = False, +) -> tuple[str, str | None, datetime.datetime | None, Mapping[str, str], str]: ... diff --git a/stubs/google-auth/google/oauth2/_service_account_async.pyi b/stubs/google-auth/google/oauth2/_service_account_async.pyi new file mode 100644 index 000000000000..01304a5e2b06 --- /dev/null +++ b/stubs/google-auth/google/oauth2/_service_account_async.pyi @@ -0,0 +1,18 @@ +import abc +from _typeshed import Incomplete + +from google.auth import _credentials_async as credentials_async +from google.auth.transport import Request as _Request +from google.oauth2 import service_account + +class Credentials(service_account.Credentials, credentials_async.Scoped, credentials_async.Credentials, metaclass=abc.ABCMeta): + token: Incomplete + expiry: Incomplete + + async def refresh(self, request: _Request) -> None: ... + +class IDTokenCredentials(service_account.IDTokenCredentials, credentials_async.Signing, credentials_async.Credentials): + token: Incomplete + expiry: Incomplete + + async def refresh(self, request: _Request) -> None: ... diff --git a/stubs/google-auth/google/oauth2/challenges.pyi b/stubs/google-auth/google/oauth2/challenges.pyi new file mode 100644 index 000000000000..3fbe475c9c16 --- /dev/null +++ b/stubs/google-auth/google/oauth2/challenges.pyi @@ -0,0 +1,41 @@ +import abc +from typing import Mapping + +REAUTH_ORIGIN: str +SAML_CHALLENGE_MESSAGE: str +WEBAUTHN_TIMEOUT_MS: int + +def get_user_password(text: str) -> str: ... + +class ReauthChallenge(metaclass=abc.ABCMeta): + @property + @abc.abstractmethod + def name(self) -> str: ... + @property + @abc.abstractmethod + def is_locally_eligible(self) -> bool: ... + @abc.abstractmethod + def obtain_challenge_input(self, metadata: Mapping[str, object]) -> dict[str, object] | None: ... + +class PasswordChallenge(ReauthChallenge): + @property + def name(self) -> str: ... + @property + def is_locally_eligible(self) -> bool: ... + def obtain_challenge_input(self, unused_metadata: Mapping[str, object]) -> dict[str, object] | None: ... + +class SecurityKeyChallenge(ReauthChallenge): + @property + def name(self) -> str: ... + @property + def is_locally_eligible(self) -> bool: ... + def obtain_challenge_input(self, metadata: Mapping[str, object]) -> dict[str, object] | None: ... + +class SamlChallenge(ReauthChallenge): + @property + def name(self) -> str: ... + @property + def is_locally_eligible(self) -> bool: ... + def obtain_challenge_input(self, metadata: Mapping[str, object]) -> dict[str, object] | None: ... + +AVAILABLE_CHALLENGES: dict[str, ReauthChallenge] diff --git a/stubs/google-auth/google/oauth2/credentials.pyi b/stubs/google-auth/google/oauth2/credentials.pyi new file mode 100644 index 000000000000..d33ea0cea65c --- /dev/null +++ b/stubs/google-auth/google/oauth2/credentials.pyi @@ -0,0 +1,79 @@ +import datetime +from typing import Any, Coroutine, Mapping, Sequence + +import google +import google.auth +import google.auth.transport +from google.auth import credentials + +class Credentials(credentials.ReadOnlyScoped, credentials.CredentialsWithQuotaProject): + token: str | None + expiry: datetime.datetime | None + + def __init__( + self, + token: str | None, + refresh_token: str | None = None, + id_token: str | None = None, + token_uri: str | None = None, + client_id: str | None = None, + client_secret: str | None = None, + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + quota_project_id: str | None = None, + expiry: datetime.datetime | None = None, + rapt_token: str | None = None, + refresh_handler: Any | None = None, + enable_reauth_refresh: bool = False, + granted_scopes: Sequence[str] | None = None, + trust_boundary: Mapping[str, str] | None = None, + universe_domain: str | None = None, + account: str | None = "", + ) -> None: ... + @property + def refresh_token(self) -> str | None: ... + @property + def scopes(self) -> Sequence[str] | None: ... + @property + def granted_scopes(self) -> Sequence[str] | None: ... + @property + def token_uri(self) -> str | None: ... + @property + def id_token(self) -> str | None: ... + @property + def client_id(self) -> str | None: ... + @property + def client_secret(self) -> str | None: ... + @property + def requires_scopes(self) -> bool: ... + @property + def rapt_token(self) -> str | None: ... + @property + def refresh_handler(self) -> Any | None: ... + @refresh_handler.setter + def refresh_handler(self, value: Any | None) -> None: ... + @property + def account(self) -> str: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_token_uri(self, token_uri: str) -> Credentials: ... + def with_account(self, account: str) -> Credentials: ... + def with_universe_domain(self, universe_domain: str) -> Credentials: ... + def refresh(self, request: google.auth.transport.Request) -> None | Coroutine[Any, Any, None]: ... + @classmethod + def from_authorized_user_info(cls, info: Mapping[str, str], scopes: Sequence[str] | None = None) -> Credentials: ... + @classmethod + def from_authorized_user_file(cls, filename: str, scopes: Sequence[str] | None = None) -> Credentials: ... + def to_json(self, strip: Sequence[str] | None = None) -> str: ... + +class UserAccessTokenCredentials(credentials.CredentialsWithQuotaProject): + def __init__(self, account: str | None = None, quota_project_id: str | None = None) -> None: ... + def with_account(self, account: str) -> UserAccessTokenCredentials: ... + def with_quota_project(self, quota_project_id: str | None) -> UserAccessTokenCredentials: ... + token: str | None + expiry: datetime.datetime | None + + def refresh(self, request: google.auth.transport.Request) -> None: ... + def before_request( + self, request: google.auth.transport.Request, method: str, url: str, headers: Mapping[str, str] + ) -> None: ... diff --git a/stubs/google-auth/google/oauth2/gdch_credentials.pyi b/stubs/google-auth/google/oauth2/gdch_credentials.pyi new file mode 100644 index 000000000000..e6200ad33706 --- /dev/null +++ b/stubs/google-auth/google/oauth2/gdch_credentials.pyi @@ -0,0 +1,30 @@ +from _typeshed import Incomplete +from typing import Any, Mapping + +import google +import google.auth +import google.auth.transport +from google.auth import credentials +from google.auth.crypt import Signer as _Signer + +TOKEN_EXCHANGE_TYPE: str +ACCESS_TOKEN_TOKEN_TYPE: str +SERVICE_ACCOUNT_TOKEN_TYPE: str +JWT_LIFETIME: Incomplete + +class ServiceAccountCredentials(credentials.Credentials): + def __init__( + self, + signer: _Signer, + service_identity_name: str, + project: str, + audience: str | None, + token_uri: str, + ca_cert_path: str | None, + ) -> None: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str], **kwargs: Any) -> ServiceAccountCredentials: ... + @classmethod + def from_service_account_file(cls, filename: str, **kwargs: Any) -> ServiceAccountCredentials: ... + def refresh(self, request: google.auth.transport.Request) -> None: ... + def with_gdch_audience(self, audience: str) -> ServiceAccountCredentials: ... diff --git a/stubs/google-auth/google/oauth2/id_token.pyi b/stubs/google-auth/google/oauth2/id_token.pyi new file mode 100644 index 000000000000..70dc630d8358 --- /dev/null +++ b/stubs/google-auth/google/oauth2/id_token.pyi @@ -0,0 +1,19 @@ +from typing import Any, Mapping, Sequence + +from google.auth import credentials as _credentials, transport as transport + +def verify_token( + id_token: str | bytes, + request: transport.Request, + audience: str | Sequence[str] | None = None, + certs_url: str = "https://www.googleapis.com/oauth2/v1/certs", + clock_skew_in_seconds: int = 0, +) -> Mapping[str, Any]: ... +def verify_oauth2_token( + id_token: str | bytes, request: transport.Request, audience: str | Sequence[str] | None = None, clock_skew_in_seconds: int = 0 +) -> Mapping[str, Any]: ... +def verify_firebase_token( + id_token: str | bytes, request: transport.Request, audience: str | Sequence[str] | None = None, clock_skew_in_seconds: int = 0 +) -> Mapping[str, Any]: ... +def fetch_id_token_credentials(audience: str, request: transport.Request | None = None) -> _credentials.Credentials: ... +def fetch_id_token(request: transport.Request, audience: str) -> str: ... diff --git a/stubs/google-auth/google/oauth2/reauth.pyi b/stubs/google-auth/google/oauth2/reauth.pyi new file mode 100644 index 000000000000..1407f2fddc7a --- /dev/null +++ b/stubs/google-auth/google/oauth2/reauth.pyi @@ -0,0 +1,21 @@ +import datetime +from typing import Mapping, Sequence + +from google.auth.transport import Request as _Request + +RUN_CHALLENGE_RETRY_LIMIT: int + +def is_interactive() -> bool: ... +def get_rapt_token( + request: _Request, client_id: str, client_secret: str, refresh_token: str, token_uri: str, scopes: Sequence[str] | None = None +) -> str: ... +def refresh_grant( + request: _Request, + token_uri: str, + refresh_token: str, + client_id: str, + client_secret: str, + scopes: Sequence[str] | None = None, + rapt_token: str | None = None, + enable_reauth_refresh: bool = False, +) -> tuple[str, str | None, datetime.datetime | None, Mapping[str, str], str]: ... diff --git a/stubs/google-auth/google/oauth2/service_account.pyi b/stubs/google-auth/google/oauth2/service_account.pyi new file mode 100644 index 000000000000..8bbbe3a3e617 --- /dev/null +++ b/stubs/google-auth/google/oauth2/service_account.pyi @@ -0,0 +1,87 @@ +import abc +import datetime +from typing import Any, Coroutine, Mapping, Sequence + +import google +import google.auth +import google.auth.crypt +import google.auth.transport +from google.auth import credentials + +class Credentials( + credentials.Signing, + credentials.Scoped, + credentials.CredentialsWithQuotaProject, + credentials.CredentialsWithTokenUri, + credentials.CredentialsWithTrustBoundary, + metaclass=abc.ABCMeta, +): + def __init__( + self, + signer: google.auth.crypt.Signer, + service_account_email: str, + token_uri: str, + scopes: Sequence[str] | None = None, + default_scopes: Sequence[str] | None = None, + subject: str | None = None, + project_id: str | None = None, + quota_project_id: str | None = None, + additional_claims: Mapping[str, str] | None = None, + always_use_jwt_access: bool = False, + universe_domain: str | None = None, + trust_boundary: Mapping[str, str] | None = None, + ) -> None: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str], **kwargs: Any) -> Credentials: ... + @classmethod + def from_service_account_file(cls, filename: str, **kwargs: Any) -> Credentials: ... + @property + def service_account_email(self) -> str: ... + @property + def project_id(self) -> str | None: ... + @property + def requires_scopes(self) -> bool: ... + def with_scopes(self, scopes: Sequence[str], default_scopes: Sequence[str] | None = None) -> Credentials: ... + def with_always_use_jwt_access(self, always_use_jwt_access: bool) -> Credentials: ... + def with_universe_domain(self, universe_domain: str) -> Credentials: ... + def with_subject(self, subject: str) -> Credentials: ... + def with_claims(self, additional_claims: Mapping[str, str]) -> Credentials: ... + def with_quota_project(self, quota_project_id: str | None) -> Credentials: ... + def with_token_uri(self, token_uri: str) -> Credentials: ... + def with_trust_boundary(self, trust_boundary: Mapping[str, str]) -> Credentials: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer(self) -> google.auth.crypt.Signer: ... + @property + def signer_email(self) -> str: ... + def get_cred_info(self) -> Mapping[str, str] | None: ... + +class IDTokenCredentials(credentials.Signing, credentials.CredentialsWithQuotaProject, credentials.CredentialsWithTokenUri): + def __init__( + self, + signer: google.auth.crypt.Signer, + service_account_email: str, + token_uri: str, + target_audience: str, + additional_claims: Mapping[str, str] | None = None, + quota_project_id: str | None = None, + universe_domain: str | None = None, + ) -> None: ... + @classmethod + def from_service_account_info(cls, info: Mapping[str, str], **kwargs: Any) -> IDTokenCredentials: ... + @classmethod + def from_service_account_file(cls, filename: str, **kwargs: Any) -> IDTokenCredentials: ... + def with_target_audience(self, target_audience: str) -> IDTokenCredentials: ... + def with_quota_project(self, quota_project_id: str | None) -> IDTokenCredentials: ... + def with_token_uri(self, token_uri: str) -> IDTokenCredentials: ... + token: str | None + expiry: datetime.datetime | None + + def refresh(self, request: google.auth.transport.Request) -> None | Coroutine[Any, Any, None]: ... + @property + def service_account_email(self) -> str: ... + def sign_bytes(self, message: bytes) -> bytes: ... + @property + def signer(self) -> google.auth.crypt.Signer: ... + @property + def signer_email(self) -> str: ... diff --git a/stubs/google-auth/google/oauth2/sts.pyi b/stubs/google-auth/google/oauth2/sts.pyi new file mode 100644 index 000000000000..8a800a1c3e4f --- /dev/null +++ b/stubs/google-auth/google/oauth2/sts.pyi @@ -0,0 +1,24 @@ +from typing import Mapping, Sequence + +from google.auth.transport import Request as _Request +from google.oauth2 import utils + +class Client(utils.OAuthClientAuthHandler): + def __init__(self, token_exchange_endpoint: str, client_authentication: utils.ClientAuthentication | None = None) -> None: ... + def exchange_token( + self, + request: _Request, + grant_type: str, + subject_token: str, + subject_token_type: str, + resource: str | None = None, + audience: str | None = None, + scopes: Sequence[str] | None = None, + requested_token_type: str | None = None, + actor_token: str | None = None, + actor_token_type: str | None = None, + additional_options: Mapping[str, str] | None = None, + additional_headers: Mapping[str, str] | None = None, + ) -> Mapping[str, str]: ... + def refresh_token(self, request: _Request, refresh_token: str) -> Mapping[str, str]: ... + def revoke_token(self, request: _Request, token: str, token_type_hint: str, revoke_url: str) -> Mapping[str, str]: ... diff --git a/stubs/google-auth/google/oauth2/utils.pyi b/stubs/google-auth/google/oauth2/utils.pyi new file mode 100644 index 000000000000..3385e3fc5193 --- /dev/null +++ b/stubs/google-auth/google/oauth2/utils.pyi @@ -0,0 +1,21 @@ +import abc +import enum +from typing import Mapping + +class ClientAuthType(enum.Enum): + basic = 1 + request_body = 2 + +class ClientAuthentication: + client_auth_type: ClientAuthType + client_id: str + client_secret: str | None + def __init__(self, client_auth_type: ClientAuthType, client_id: str, client_secret: str | None = None) -> None: ... + +class OAuthClientAuthHandler(metaclass=abc.ABCMeta): + def __init__(self, client_authentication: ClientAuthentication | None = None) -> None: ... + def apply_client_authentication_options( + self, headers: Mapping[str, str], request_body: Mapping[str, str] | None = None, bearer_token: str | None = None + ) -> None: ... + +def handle_error_response(response_body: str) -> None: ... diff --git a/stubs/google-auth/google/oauth2/webauthn_handler.pyi b/stubs/google-auth/google/oauth2/webauthn_handler.pyi new file mode 100644 index 000000000000..69f3d27f56be --- /dev/null +++ b/stubs/google-auth/google/oauth2/webauthn_handler.pyi @@ -0,0 +1,13 @@ +import abc + +from google.oauth2.webauthn_types import GetRequest as GetRequest, GetResponse + +class WebAuthnHandler(abc.ABC, metaclass=abc.ABCMeta): + @abc.abstractmethod + def is_available(self) -> bool: ... + @abc.abstractmethod + def get(self, get_request: GetRequest) -> GetResponse: ... + +class PluginHandler(WebAuthnHandler): + def is_available(self) -> bool: ... + def get(self, get_request: GetRequest) -> GetResponse: ... diff --git a/stubs/google-auth/google/oauth2/webauthn_handler_factory.pyi b/stubs/google-auth/google/oauth2/webauthn_handler_factory.pyi new file mode 100644 index 000000000000..bc0599dfb37d --- /dev/null +++ b/stubs/google-auth/google/oauth2/webauthn_handler_factory.pyi @@ -0,0 +1,6 @@ +from google.oauth2.webauthn_handler import WebAuthnHandler as WebAuthnHandler + +class WebauthnHandlerFactory: + handlers: list[WebAuthnHandler] + def __init__(self) -> None: ... + def get_handler(self) -> WebAuthnHandler | None: ... diff --git a/stubs/google-auth/google/oauth2/webauthn_types.pyi b/stubs/google-auth/google/oauth2/webauthn_types.pyi new file mode 100644 index 000000000000..551b1af99974 --- /dev/null +++ b/stubs/google-auth/google/oauth2/webauthn_types.pyi @@ -0,0 +1,43 @@ +from dataclasses import dataclass + +@dataclass(frozen=True) +class PublicKeyCredentialDescriptor: + id: str + transports: list[str] | None = None + + def to_dict(self) -> dict[str, object]: ... + +@dataclass +class AuthenticationExtensionsClientInputs: + appid: str | None = None + + def to_dict(self) -> dict[str, object]: ... + +@dataclass +class GetRequest: + origin: str + rpid: str + challenge: str + timeout_ms: int | None = None + allow_credentials: list[PublicKeyCredentialDescriptor] | None = None + user_verification: str | None = None + extensions: AuthenticationExtensionsClientInputs | None = None + + def to_json(self) -> str: ... + +@dataclass(frozen=True) +class AuthenticatorAssertionResponse: + client_data_json: str + authenticator_data: str + signature: str + user_handle: str | None = None + +@dataclass(frozen=True) +class GetResponse: + id: str + response: AuthenticatorAssertionResponse + authenticator_attachment: str | None = None + client_extension_results: dict[str, object] | None = None + + @staticmethod + def from_json(json_str: str) -> GetResponse: ...