From ed9b1fb9944c4f9b294698ad66011989422639c5 Mon Sep 17 00:00:00 2001 From: Albert Shirima Date: Sun, 8 Sep 2024 15:00:36 +0300 Subject: [PATCH 1/5] Add replay protection feature --- appcheck/appcheck.go | 48 ++++++++++++++++++++++--- appcheck/appcheck_test.go | 74 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+), 4 deletions(-) diff --git a/appcheck/appcheck.go b/appcheck/appcheck.go index 89868916..a1ef157e 100644 --- a/appcheck/appcheck.go +++ b/appcheck/appcheck.go @@ -16,8 +16,12 @@ package appcheck import ( + "bytes" "context" + "encoding/json" "errors" + "fmt" + "net/http" "strings" "time" @@ -45,6 +49,8 @@ var ( ErrTokenIssuer = errors.New("token has incorrect issuer") // ErrTokenSubject is returned when the token subject is empty or missing. ErrTokenSubject = errors.New("token has empty or missing subject") + // ErrTokenAlreadyConsumed is returned when the token is already consumed + ErrTokenAlreadyConsumed = errors.New("token already consumed") ) // DecodedAppCheckToken represents a verified App Check token. @@ -64,8 +70,9 @@ type DecodedAppCheckToken struct { // Client is the interface for the Firebase App Check service. type Client struct { - projectID string - jwks *keyfunc.JWKS + projectID string + jwks *keyfunc.JWKS + verifyAppCheckTokenURL string } // NewClient creates a new instance of the Firebase App Check Client. @@ -83,8 +90,9 @@ func NewClient(ctx context.Context, conf *internal.AppCheckConfig) (*Client, err } return &Client{ - projectID: conf.ProjectID, - jwks: jwks, + projectID: conf.ProjectID, + jwks: jwks, + verifyAppCheckTokenURL: fmt.Sprintf("%sv1beta/projects/%s:verifyAppCheckToken", appCheckIssuer, conf.ProjectID), }, nil } @@ -166,6 +174,38 @@ func (c *Client) VerifyToken(token string) (*DecodedAppCheckToken, error) { return &appCheckToken, nil } +func (c *Client) VerifyTokenWithReplayProtection(token string) (*DecodedAppCheckToken, error) { + decodedAppCheckToken, err := c.VerifyToken(token) + + if err != nil { + return nil, fmt.Errorf("failed to verify token: %v", err) + } + + bodyReader := bytes.NewReader([]byte(fmt.Sprintf(`{"app_check_token":%s}`, token))) + + resp, err := http.Post(c.verifyAppCheckTokenURL, "application/json", bodyReader) + + if err != nil { + return nil, err + } + + defer resp.Body.Close() + + var rb struct { + AlreadyConsumed bool `json:"alreadyConsumed"` + } + + if err := json.NewDecoder(resp.Body).Decode(&rb); err != nil { + return nil, err + } + + if rb.AlreadyConsumed { + return decodedAppCheckToken, ErrTokenAlreadyConsumed + } + + return decodedAppCheckToken, nil +} + func contains(s []string, str string) bool { for _, v := range s { if v == str { diff --git a/appcheck/appcheck_test.go b/appcheck/appcheck_test.go index 6cd088c0..e7a085a9 100644 --- a/appcheck/appcheck_test.go +++ b/appcheck/appcheck_test.go @@ -17,6 +17,80 @@ import ( "github.com/google/go-cmp/cmp" ) +func TestVerifyTokenWithReplayProtection(t *testing.T) { + + projectID := "project_id" + + ts, err := setupFakeJWKS() + if err != nil { + t.Fatalf("error setting up fake JWKS server: %v", err) + } + defer ts.Close() + + privateKey, err := loadPrivateKey() + if err != nil { + t.Fatalf("error loading private key: %v", err) + } + + JWKSUrl = ts.URL + mockTime := time.Now() + + jwtToken := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.RegisteredClaims{ + Issuer: appCheckIssuer, + Audience: jwt.ClaimStrings([]string{"projects/" + projectID}), + Subject: "12345678:app:ID", + ExpiresAt: jwt.NewNumericDate(mockTime.Add(time.Hour)), + IssuedAt: jwt.NewNumericDate(mockTime), + NotBefore: jwt.NewNumericDate(mockTime.Add(-1 * time.Hour)), + }) + + // kid matches the key ID in testdata/mock.jwks.json, + // which is the public key matching to the private key + // in testdata/appcheck_pk.pem. + jwtToken.Header["kid"] = "FGQdnRlzAmKyKr6-Hg_kMQrBkj_H6i6ADnBQz4OI6BU" + + token, err := jwtToken.SignedString(privateKey) + + if err != nil { + t.Fatalf("failed to sign token: %v", err) + } + + appCheckVerifyTestsTable := []struct { + label string + mockServerResponse string + expectedError error + }{ + {label: "testWhenAlreadyConsumedResponseIsTrue", mockServerResponse: `{"alreadyConsumed": true}`, expectedError: ErrTokenAlreadyConsumed}, + {label: "testWhenAlreadyConsumedResponseIsFalse", mockServerResponse: `{"alreadyConsumed": false}`, expectedError: nil}, + } + + for _, tt := range appCheckVerifyTestsTable { + + t.Run(tt.label, func(t *testing.T) { + appCheckVerifyMockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte(tt.mockServerResponse)) + })) + + client, err := NewClient(context.Background(), &internal.AppCheckConfig{ + ProjectID: projectID, + }) + + if err != nil { + t.Fatalf("error creating new client: %v", err) + } + + client.verifyAppCheckTokenURL = appCheckVerifyMockServer.URL + + _, err = client.VerifyTokenWithReplayProtection(token) + + if !errors.Is(err, tt.expectedError) { + t.Errorf("failed to verify token; Expected: %v, but got: %v", tt.expectedError, err) + } + }) + + } +} + func TestVerifyTokenHasValidClaims(t *testing.T) { ts, err := setupFakeJWKS() if err != nil { From b8487baf7b249f0f8e0ab5d1a81c8a3e430070d3 Mon Sep 17 00:00:00 2001 From: Albert Shirima Date: Mon, 9 Sep 2024 22:39:09 +0300 Subject: [PATCH 2/5] refactor code and description --- appcheck/appcheck.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/appcheck/appcheck.go b/appcheck/appcheck.go index a1ef157e..69129c3e 100644 --- a/appcheck/appcheck.go +++ b/appcheck/appcheck.go @@ -174,11 +174,14 @@ func (c *Client) VerifyToken(token string) (*DecodedAppCheckToken, error) { return &appCheckToken, nil } +// VerifyTokenWithReplayProtection checks the given App Check token as follows: +// - Uses VerifyToken to validate the given token as described. if verification failed, appropriate error will be returned. +// - Checks if the token token has been consumed. if already consumed the pointer to decoded token is returned with ErrTokenAlreadyConsumed. func (c *Client) VerifyTokenWithReplayProtection(token string) (*DecodedAppCheckToken, error) { decodedAppCheckToken, err := c.VerifyToken(token) if err != nil { - return nil, fmt.Errorf("failed to verify token: %v", err) + return nil, err } bodyReader := bytes.NewReader([]byte(fmt.Sprintf(`{"app_check_token":%s}`, token))) From 6c999a4f18c70a609651d60b0e318dc5100ce7b5 Mon Sep 17 00:00:00 2001 From: Albert Shirima Date: Tue, 10 Sep 2024 21:13:08 +0300 Subject: [PATCH 3/5] refactor code and cleanup as per feedback --- appcheck/appcheck.go | 50 +++++++++++++++++++++++++++++---------- appcheck/appcheck_test.go | 10 ++++---- 2 files changed, 43 insertions(+), 17 deletions(-) diff --git a/appcheck/appcheck.go b/appcheck/appcheck.go index 69129c3e..7323758b 100644 --- a/appcheck/appcheck.go +++ b/appcheck/appcheck.go @@ -36,6 +36,8 @@ var JWKSUrl = "https://firebaseappcheck.googleapis.com/v1beta/jwks" const appCheckIssuer = "https://firebaseappcheck.googleapis.com/" +const tokenVerificationUrlFormat = "https://firebaseappcheck.googleapis.com/v1beta/projects/%s:verifyAppCheckToken" + var ( // ErrIncorrectAlgorithm is returned when the token is signed with a non-RSA256 algorithm. ErrIncorrectAlgorithm = errors.New("token has incorrect algorithm") @@ -70,9 +72,9 @@ type DecodedAppCheckToken struct { // Client is the interface for the Firebase App Check service. type Client struct { - projectID string - jwks *keyfunc.JWKS - verifyAppCheckTokenURL string + projectID string + jwks *keyfunc.JWKS + tokenVerificationUrl string } // NewClient creates a new instance of the Firebase App Check Client. @@ -90,9 +92,9 @@ func NewClient(ctx context.Context, conf *internal.AppCheckConfig) (*Client, err } return &Client{ - projectID: conf.ProjectID, - jwks: jwks, - verifyAppCheckTokenURL: fmt.Sprintf("%sv1beta/projects/%s:verifyAppCheckToken", appCheckIssuer, conf.ProjectID), + projectID: conf.ProjectID, + jwks: jwks, + tokenVerificationUrl: fmt.Sprintf(tokenVerificationUrlFormat, conf.ProjectID), }, nil } @@ -174,10 +176,34 @@ func (c *Client) VerifyToken(token string) (*DecodedAppCheckToken, error) { return &appCheckToken, nil } -// VerifyTokenWithReplayProtection checks the given App Check token as follows: -// - Uses VerifyToken to validate the given token as described. if verification failed, appropriate error will be returned. -// - Checks if the token token has been consumed. if already consumed the pointer to decoded token is returned with ErrTokenAlreadyConsumed. -func (c *Client) VerifyTokenWithReplayProtection(token string) (*DecodedAppCheckToken, error) { +// VerifyOneTimeToken verifies the given App Check token and consumes it, so that it cannot be consumed again. +// +// VerifyOneTimeToken considers an App Check token string to be valid if all the following conditions are met: +// - The token string is a valid RS256 JWT. +// - The JWT contains valid issuer (iss) and audience (aud) claims that match the issuerPrefix +// and projectID of the tokenVerifier. +// - The JWT contains a valid subject (sub) claim. +// - The JWT is not expired, and it has been issued some time in the past. +// - The JWT is signed by a Firebase App Check backend server as determined by the keySource. +// +// If any of the above conditions are not met, an error is returned, regardless whether the token was +// previously consumed or not. +// +// This method currently only supports App Check tokens exchanged from the following attestation +// providers: +// +// - Play Integrity API +// - Apple App Attest +// - Apple DeviceCheck (DCDevice tokens) +// - reCAPTCHA Enterprise +// - reCAPTCHA v3 +// - Custom providers +// +// App Check tokens exchanged from debug secrets are also supported. Calling this method on an +// otherwise valid App Check token with an unsupported provider will cause an error to be returned. +// +// If the token was already consumed prior to this call, an error is returned. +func (c *Client) VerifyOneTimeToken(token string) (*DecodedAppCheckToken, error) { decodedAppCheckToken, err := c.VerifyToken(token) if err != nil { @@ -186,7 +212,7 @@ func (c *Client) VerifyTokenWithReplayProtection(token string) (*DecodedAppCheck bodyReader := bytes.NewReader([]byte(fmt.Sprintf(`{"app_check_token":%s}`, token))) - resp, err := http.Post(c.verifyAppCheckTokenURL, "application/json", bodyReader) + resp, err := http.Post(c.tokenVerificationUrl, "application/json", bodyReader) if err != nil { return nil, err @@ -203,7 +229,7 @@ func (c *Client) VerifyTokenWithReplayProtection(token string) (*DecodedAppCheck } if rb.AlreadyConsumed { - return decodedAppCheckToken, ErrTokenAlreadyConsumed + return nil, ErrTokenAlreadyConsumed } return decodedAppCheckToken, nil diff --git a/appcheck/appcheck_test.go b/appcheck/appcheck_test.go index e7a085a9..9fe4f6c7 100644 --- a/appcheck/appcheck_test.go +++ b/appcheck/appcheck_test.go @@ -17,7 +17,7 @@ import ( "github.com/google/go-cmp/cmp" ) -func TestVerifyTokenWithReplayProtection(t *testing.T) { +func TestVerifyOneTimeToken(t *testing.T) { projectID := "project_id" @@ -37,8 +37,8 @@ func TestVerifyTokenWithReplayProtection(t *testing.T) { jwtToken := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.RegisteredClaims{ Issuer: appCheckIssuer, - Audience: jwt.ClaimStrings([]string{"projects/" + projectID}), - Subject: "12345678:app:ID", + Audience: jwt.ClaimStrings([]string{"projects/12345678", "projects/" + projectID}), + Subject: "1:12345678:android:abcdef", ExpiresAt: jwt.NewNumericDate(mockTime.Add(time.Hour)), IssuedAt: jwt.NewNumericDate(mockTime), NotBefore: jwt.NewNumericDate(mockTime.Add(-1 * time.Hour)), @@ -79,9 +79,9 @@ func TestVerifyTokenWithReplayProtection(t *testing.T) { t.Fatalf("error creating new client: %v", err) } - client.verifyAppCheckTokenURL = appCheckVerifyMockServer.URL + client.tokenVerificationUrl = appCheckVerifyMockServer.URL - _, err = client.VerifyTokenWithReplayProtection(token) + _, err = client.VerifyOneTimeToken(token) if !errors.Is(err, tt.expectedError) { t.Errorf("failed to verify token; Expected: %v, but got: %v", tt.expectedError, err) From 604af8d6b510c3c4eec91af058e26dae2fb00705 Mon Sep 17 00:00:00 2001 From: Albert Shirima Date: Wed, 11 Sep 2024 17:49:00 +0300 Subject: [PATCH 4/5] Refactor token verifier URL generation --- appcheck/appcheck.go | 20 ++++++++++++-------- appcheck/appcheck_test.go | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/appcheck/appcheck.go b/appcheck/appcheck.go index 7323758b..0bb324b1 100644 --- a/appcheck/appcheck.go +++ b/appcheck/appcheck.go @@ -36,7 +36,7 @@ var JWKSUrl = "https://firebaseappcheck.googleapis.com/v1beta/jwks" const appCheckIssuer = "https://firebaseappcheck.googleapis.com/" -const tokenVerificationUrlFormat = "https://firebaseappcheck.googleapis.com/v1beta/projects/%s:verifyAppCheckToken" +const tokenVerifierBaseUrl = "https://firebaseappcheck.googleapis.com" var ( // ErrIncorrectAlgorithm is returned when the token is signed with a non-RSA256 algorithm. @@ -72,9 +72,9 @@ type DecodedAppCheckToken struct { // Client is the interface for the Firebase App Check service. type Client struct { - projectID string - jwks *keyfunc.JWKS - tokenVerificationUrl string + projectID string + jwks *keyfunc.JWKS + tokenVerifierUrl string } // NewClient creates a new instance of the Firebase App Check Client. @@ -92,9 +92,9 @@ func NewClient(ctx context.Context, conf *internal.AppCheckConfig) (*Client, err } return &Client{ - projectID: conf.ProjectID, - jwks: jwks, - tokenVerificationUrl: fmt.Sprintf(tokenVerificationUrlFormat, conf.ProjectID), + projectID: conf.ProjectID, + jwks: jwks, + tokenVerifierUrl: buildTokenVerifierUrl(conf.ProjectID), }, nil } @@ -212,7 +212,7 @@ func (c *Client) VerifyOneTimeToken(token string) (*DecodedAppCheckToken, error) bodyReader := bytes.NewReader([]byte(fmt.Sprintf(`{"app_check_token":%s}`, token))) - resp, err := http.Post(c.tokenVerificationUrl, "application/json", bodyReader) + resp, err := http.Post(c.tokenVerifierUrl, "application/json", bodyReader) if err != nil { return nil, err @@ -235,6 +235,10 @@ func (c *Client) VerifyOneTimeToken(token string) (*DecodedAppCheckToken, error) return decodedAppCheckToken, nil } +func buildTokenVerifierUrl(projectId string) string { + return fmt.Sprintf("%s/v1beta/projects/%s:verifyAppCheckToken", tokenVerifierBaseUrl, projectId) +} + func contains(s []string, str string) bool { for _, v := range s { if v == str { diff --git a/appcheck/appcheck_test.go b/appcheck/appcheck_test.go index 9fe4f6c7..e984956a 100644 --- a/appcheck/appcheck_test.go +++ b/appcheck/appcheck_test.go @@ -79,7 +79,7 @@ func TestVerifyOneTimeToken(t *testing.T) { t.Fatalf("error creating new client: %v", err) } - client.tokenVerificationUrl = appCheckVerifyMockServer.URL + client.tokenVerifierUrl = appCheckVerifyMockServer.URL _, err = client.VerifyOneTimeToken(token) From 97e1f4d142f6ff60e9e409fe8dc8fec601e3d245 Mon Sep 17 00:00:00 2001 From: Albert Shirima Date: Sun, 30 Nov 2025 11:12:55 +0300 Subject: [PATCH 5/5] Refactor code and cleanup --- appcheck/appcheck.go | 48 ++++++++++++++----------------- appcheck/appcheck_test.go | 34 +++++++++++++++++----- firebase.go | 1 + go.mod | 60 +++++++++++++++++++-------------------- go.sum | 58 +++++++++++++++++++++++++++++++++++++ internal/internal.go | 1 + 6 files changed, 139 insertions(+), 63 deletions(-) diff --git a/appcheck/appcheck.go b/appcheck/appcheck.go index a194a04a..9833d36c 100644 --- a/appcheck/appcheck.go +++ b/appcheck/appcheck.go @@ -16,12 +16,9 @@ package appcheck import ( - "bytes" "context" - "encoding/json" "errors" "fmt" - "net/http" "strings" "time" @@ -36,7 +33,7 @@ var JWKSUrl = "https://firebaseappcheck.googleapis.com/v1beta/jwks" const appCheckIssuer = "https://firebaseappcheck.googleapis.com/" -const tokenVerifierBaseUrl = "https://firebaseappcheck.googleapis.com" +var verifyTokenURL = "https://firebaseappcheck.googleapis.com/v1beta/projects/%s:verifyAppCheckToken" var ( // ErrIncorrectAlgorithm is returned when the token is signed with a non-RSA256 algorithm. @@ -72,9 +69,9 @@ type DecodedAppCheckToken struct { // Client is the interface for the Firebase App Check service. type Client struct { - projectID string - jwks *keyfunc.JWKS - tokenVerifierUrl string + projectID string + jwks *keyfunc.JWKS + httpClient *internal.HTTPClient } // NewClient creates a new instance of the Firebase App Check Client. @@ -91,10 +88,15 @@ func NewClient(ctx context.Context, conf *internal.AppCheckConfig) (*Client, err return nil, err } + hc, _, err := internal.NewHTTPClient(ctx, conf.Opts...) + if err != nil { + return nil, err + } + return &Client{ - projectID: conf.ProjectID, - jwks: jwks, - tokenVerifierUrl: buildTokenVerifierUrl(conf.ProjectID), + projectID: conf.ProjectID, + jwks: jwks, + httpClient: hc, }, nil } @@ -203,42 +205,36 @@ func (c *Client) VerifyToken(token string) (*DecodedAppCheckToken, error) { // otherwise valid App Check token with an unsupported provider will cause an error to be returned. // // If the token was already consumed prior to this call, an error is returned. -func (c *Client) VerifyOneTimeToken(token string) (*DecodedAppCheckToken, error) { +func (c *Client) VerifyOneTimeToken(ctx context.Context, token string) (*DecodedAppCheckToken, error) { decodedAppCheckToken, err := c.VerifyToken(token) if err != nil { return nil, err } - bodyReader := bytes.NewReader([]byte(fmt.Sprintf(`{"app_check_token":%s}`, token))) - - resp, err := http.Post(c.tokenVerifierUrl, "application/json", bodyReader) - - if err != nil { - return nil, err + req := &internal.Request{ + Method: "POST", + URL: fmt.Sprintf(verifyTokenURL, c.projectID), + Body: internal.NewJSONEntity(map[string]string{ + "app_check_token": token, + }), } - defer resp.Body.Close() - - var rb struct { + var resp struct { AlreadyConsumed bool `json:"alreadyConsumed"` } - if err := json.NewDecoder(resp.Body).Decode(&rb); err != nil { + if _, err := c.httpClient.DoAndUnmarshal(ctx, req, &resp); err != nil { return nil, err } - if rb.AlreadyConsumed { + if resp.AlreadyConsumed { return nil, ErrTokenAlreadyConsumed } return decodedAppCheckToken, nil } -func buildTokenVerifierUrl(projectId string) string { - return fmt.Sprintf("%s/v1beta/projects/%s:verifyAppCheckToken", tokenVerifierBaseUrl, projectId) -} - func contains(s []string, str string) bool { for _, v := range s { if v == str { diff --git a/appcheck/appcheck_test.go b/appcheck/appcheck_test.go index e984956a..69d1f0f3 100644 --- a/appcheck/appcheck_test.go +++ b/appcheck/appcheck_test.go @@ -1,11 +1,13 @@ package appcheck import ( + "bytes" "context" "crypto/rsa" "crypto/x509" "encoding/pem" "errors" + "io" "net/http" "net/http/httptest" "os" @@ -15,6 +17,7 @@ import ( "firebase.google.com/go/v4/internal" "github.com/golang-jwt/jwt/v4" "github.com/google/go-cmp/cmp" + "google.golang.org/api/option" ) func TestVerifyOneTimeToken(t *testing.T) { @@ -67,24 +70,32 @@ func TestVerifyOneTimeToken(t *testing.T) { for _, tt := range appCheckVerifyTestsTable { t.Run(tt.label, func(t *testing.T) { - appCheckVerifyMockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte(tt.mockServerResponse)) - })) + + mockHttpClient := &http.Client{ + Transport: &mockHTTPResponse{ + Response: http.Response{ + StatusCode: 200, + Body: io.NopCloser(bytes.NewBufferString(tt.mockServerResponse)), + }, + Err: nil, + }, + } client, err := NewClient(context.Background(), &internal.AppCheckConfig{ ProjectID: projectID, + Opts: []option.ClientOption{ + option.WithHTTPClient(mockHttpClient), + }, }) if err != nil { t.Fatalf("error creating new client: %v", err) } - client.tokenVerifierUrl = appCheckVerifyMockServer.URL - - _, err = client.VerifyOneTimeToken(token) + _, err = client.VerifyOneTimeToken(context.Background(), token) if !errors.Is(err, tt.expectedError) { - t.Errorf("failed to verify token; Expected: %v, but got: %v", tt.expectedError, err) + t.Errorf("Expected error: %v, but got: %v", tt.expectedError, err) } }) @@ -361,3 +372,12 @@ func loadPrivateKey() (*rsa.PrivateKey, error) { } return privateKey, nil } + +type mockHTTPResponse struct { + Response http.Response + Err error +} + +func (m *mockHTTPResponse) RoundTrip(*http.Request) (*http.Response, error) { + return &m.Response, m.Err +} diff --git a/firebase.go b/firebase.go index 9373ae23..675d7e51 100644 --- a/firebase.go +++ b/firebase.go @@ -135,6 +135,7 @@ func (a *App) Messaging(ctx context.Context) (*messaging.Client, error) { func (a *App) AppCheck(ctx context.Context) (*appcheck.Client, error) { conf := &internal.AppCheckConfig{ ProjectID: a.projectID, + Opts: a.opts, } return appcheck.NewClient(ctx, conf) } diff --git a/go.mod b/go.mod index f78ff080..937105e3 100644 --- a/go.mod +++ b/go.mod @@ -1,64 +1,64 @@ module firebase.google.com/go/v4 -go 1.23.0 +go 1.24.0 require ( - cloud.google.com/go/firestore v1.18.0 - cloud.google.com/go/storage v1.53.0 + cloud.google.com/go/firestore v1.20.0 + cloud.google.com/go/storage v1.56.0 github.com/MicahParks/keyfunc v1.9.0 github.com/golang-jwt/jwt/v4 v4.5.2 github.com/google/go-cmp v0.7.0 golang.org/x/oauth2 v0.30.0 - google.golang.org/api v0.231.0 + google.golang.org/api v0.247.0 google.golang.org/appengine/v2 v2.0.6 ) require ( - cel.dev/expr v0.23.1 // indirect - cloud.google.com/go v0.121.0 // indirect - cloud.google.com/go/auth v0.16.1 // indirect + cel.dev/expr v0.24.0 // indirect + cloud.google.com/go v0.121.6 // indirect + cloud.google.com/go/auth v0.16.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect - cloud.google.com/go/compute/metadata v0.6.0 // indirect + cloud.google.com/go/compute/metadata v0.8.0 // indirect cloud.google.com/go/iam v1.5.2 // indirect cloud.google.com/go/longrunning v0.6.7 // indirect cloud.google.com/go/monitoring v1.24.2 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect - github.com/googleapis/gax-go/v2 v2.14.1 // indirect + github.com/googleapis/gax-go/v2 v2.15.0 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect github.com/zeebo/errs v1.4.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect - go.opentelemetry.io/otel v1.35.0 // indirect - go.opentelemetry.io/otel/metric v1.35.0 // indirect - go.opentelemetry.io/otel/sdk v1.35.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect - go.opentelemetry.io/otel/trace v1.35.0 // indirect - golang.org/x/crypto v0.40.0 // indirect - golang.org/x/net v0.42.0 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect + go.opentelemetry.io/otel v1.36.0 // indirect + go.opentelemetry.io/otel/metric v1.36.0 // indirect + go.opentelemetry.io/otel/sdk v1.36.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect + go.opentelemetry.io/otel/trace v1.36.0 // indirect + golang.org/x/crypto v0.41.0 // indirect + golang.org/x/net v0.43.0 // indirect golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/text v0.27.0 // indirect - golang.org/x/time v0.11.0 // indirect - google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 // indirect - google.golang.org/grpc v1.72.0 // indirect - google.golang.org/protobuf v1.36.6 // indirect + golang.org/x/sys v0.35.0 // indirect + golang.org/x/text v0.28.0 // indirect + golang.org/x/time v0.12.0 // indirect + google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect + google.golang.org/grpc v1.74.2 // indirect + google.golang.org/protobuf v1.36.7 // indirect ) diff --git a/go.sum b/go.sum index 87cca0b3..e93ccf06 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,25 @@ cel.dev/expr v0.23.1 h1:K4KOtPCJQjVggkARsjG9RWXP6O4R73aHeJMa/dmCQQg= cel.dev/expr v0.23.1/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= +cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= +cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.121.0 h1:pgfwva8nGw7vivjZiRfrmglGWiCJBP+0OmDpenG/Fwg= cloud.google.com/go v0.121.0/go.mod h1:rS7Kytwheu/y9buoDmu5EIpMMCI4Mb8ND4aeN4Vwj7Q= +cloud.google.com/go v0.121.6 h1:waZiuajrI28iAf40cWgycWNgaXPO06dupuS+sgibK6c= +cloud.google.com/go v0.121.6/go.mod h1:coChdst4Ea5vUpiALcYKXEpR1S9ZgXbhEzzMcMR66vI= cloud.google.com/go/auth v0.16.1 h1:XrXauHMd30LhQYVRHLGvJiYeczweKQXZxsTbV9TiguU= cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= +cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= +cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= +cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= +cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= cloud.google.com/go/firestore v1.18.0 h1:cuydCaLS7Vl2SatAeivXyhbhDEIR8BDmtn4egDhIn2s= cloud.google.com/go/firestore v1.18.0/go.mod h1:5ye0v48PhseZBdcl0qbl3uttu7FIEwEYVaWm0UIEOEU= +cloud.google.com/go/firestore v1.20.0 h1:JLlT12QP0fM2SJirKVyu2spBCO8leElaW0OOtPm6HEo= +cloud.google.com/go/firestore v1.20.0/go.mod h1:jqu4yKdBmDN5srneWzx3HlKrHFWFdlkgjgQ6BKIOFQo= cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= @@ -20,16 +30,23 @@ cloud.google.com/go/monitoring v1.24.2 h1:5OTsoJ1dXYIiMiuL+sYscLc9BumrL3CarVLL7d cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U= cloud.google.com/go/storage v1.53.0 h1:gg0ERZwL17pJ+Cz3cD2qS60w1WMDnwcm5YPAIQBHUAw= cloud.google.com/go/storage v1.53.0/go.mod h1:7/eO2a/srr9ImZW9k5uufcNahT2+fPb8w5it1i5boaA= +cloud.google.com/go/storage v1.56.0 h1:iixmq2Fse2tqxMbWhLWC9HfBj1qdxqAmiK8/eqtsLxI= +cloud.google.com/go/storage v1.56.0/go.mod h1:Tpuj6t4NweCLzlNbw9Z9iwxEkrSem20AetIeH/shgVU= cloud.google.com/go/trace v1.11.6 h1:2O2zjPzqPYAHrn3OKl029qlqG6W8ZdYaOWRyr8NgMT4= cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 h1:ErKg/3iS1AKcTkf3yixlZ54f9U1rljCkQyEXWUnIUxc= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0/go.mod h1:yAZHSGnqScoU556rBOVkwLze6WP5N+U11RHuWaGVxwY= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 h1:fYE9p3esPxA/C0rQ0AHhP0drtPXDRhaWiwg1DPqO7IU= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0/go.mod h1:BnBReJLvVYx2CS/UHOgVz2BXKXD9wsQPxZug20nZhd0= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 h1:owcC2UnmsZycprQ5RfRgjydWhuoxg71LUfyiQdijZuM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0/go.mod h1:ZPpqegjbE99EPKsu3iUWV22A04wzGPcAY/ziSIQEEgs= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.51.0 h1:OqVGm6Ei3x5+yZmSJG1Mh2NwHvpVmZ08CB5qJhT9Nuk= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.51.0/go.mod h1:SZiPHWGOOk3bl8tkevxkoiwPgsIl6CwrWcbwjfHZpdM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0 h1:4LP6hvB4I5ouTbGgWtixJhgED6xdf67twf9PoY96Tbg= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 h1:6/0iUd0xrnX7qt+mLNRwg5c0PGv8wpE8K90ryANQwMI= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 h1:Ron4zCA/yk6U7WOBXhTJcDpsUBG9npumK6xw2auFltQ= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0/go.mod h1:cSgYe11MCNYunTnRXrKiR/tHc0eoKjICUuWpNZoVCOo= github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o= github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -53,6 +70,8 @@ github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JS github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= @@ -74,6 +93,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= +github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= +github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -89,32 +110,51 @@ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJyS go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/detectors/gcp v1.35.0 h1:bGvFt68+KTiAKFlacHW6AhA56GF2rS0bdD3aJYEnmzA= go.opentelemetry.io/contrib/detectors/gcp v1.35.0/go.mod h1:qGWP8/+ILwMRIUf9uIVLloR1uo5ZYAslM4O6OqUi1DA= +go.opentelemetry.io/contrib/detectors/gcp v1.36.0 h1:F7q2tNlCaHY9nMKHR6XH9/qkp8FktLnIcy6jJNyOCQw= +go.opentelemetry.io/contrib/detectors/gcp v1.36.0/go.mod h1:IbBN8uAIIx734PTonTPxAxnjc2pQTxWNkwfstZ+6H2k= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= +go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= +go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0 h1:PB3Zrjs1sG1GBX51SXyTSoOTqcDglmsk7nT6tkKPb/k= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0/go.mod h1:U2R3XyVPzn0WX7wOIypPuptulsMcPDPs/oiSVOMVnHY= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0 h1:rixTyDGXFxRy1xzhKrotaHy3/KXdPhlWARrCgK+eqUY= go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= +go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= +go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= +go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= +go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= +go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= +go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= +golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= +golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -128,6 +168,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -136,8 +178,12 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= +golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0= golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= +golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -145,19 +191,31 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.231.0 h1:LbUD5FUl0C4qwia2bjXhCMH65yz1MLPzA/0OYEsYY7Q= google.golang.org/api v0.231.0/go.mod h1:H52180fPI/QQlUc0F4xWfGZILdv09GCWKt2bcsn164A= +google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= +google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= google.golang.org/appengine/v2 v2.0.6 h1:LvPZLGuchSBslPBp+LAhihBeGSiRh1myRoYK4NtuBIw= google.golang.org/appengine/v2 v2.0.6/go.mod h1:WoEXGoXNfa0mLvaH5sV3ZSGXwVmy8yf7Z1JKf3J3wLI= google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 h1:1tXaIXCracvtsRxSBsYDiSBN0cuJvM7QYW+MrpIRY78= google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:49MsLSx0oWMOZqcpB3uL8ZOkAh1+TndpJ8ONoCBWiZk= +google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= +google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 h1:vPV0tzlsK6EzEDHNNH5sa7Hs9bd7iXR7B1tSiPepkV0= google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:pKLAc5OolXC3ViWGI62vvC0n10CpwAtRcTNCFwTKBEw= +google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= +google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 h1:IqsN8hx+lWLqlN+Sc3DoMy/watjofWiU8sRFgQ8fhKM= google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM= google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= +google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= +google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/internal.go b/internal/internal.go index 58450f45..e777bd68 100644 --- a/internal/internal.go +++ b/internal/internal.go @@ -84,6 +84,7 @@ type RemoteConfigClientConfig struct { // AppCheckConfig represents the configuration of App Check service. type AppCheckConfig struct { ProjectID string + Opts []option.ClientOption } // MockTokenSource is a TokenSource implementation that can be used for testing.