google-auth 2.49.0.dev0__tar.gz → 3.0.0.dev0__tar.gz

{google_auth-2.49.0.dev0/google_auth.egg-info → google_auth-3.0.0.dev0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: google-auth
-Version: 2.49.0.dev0
+Version: 3.0.0.dev0
 Summary: Google Authentication Library
 Home-page: https://github.com/googleapis/google-auth-library-python
 Author: Google Cloud Platform
@@ -8,6 +8,7 @@ Author-email: googleapis-packages@google.com
 License: Apache 2.0
 Keywords: google auth oauth client
 Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
@@ -23,12 +24,13 @@ Classifier: Operating System :: Microsoft :: Windows
 Classifier: Operating System :: MacOS :: MacOS X
 Classifier: Operating System :: OS Independent
 Classifier: Topic :: Internet :: WWW/HTTP
-Requires-Python: >=3.8
+Requires-Python: >=3.7
 License-File: LICENSE
+Requires-Dist: cachetools<7.0,>=2.0.0
 Requires-Dist: pyasn1-modules>=0.2.1
 Requires-Dist: cryptography>=38.0.3
+Requires-Dist: cryptography<39.0.0; python_version < "3.8"
 Provides-Extra: cryptography
-Requires-Dist: cryptography>=38.0.3; extra == "cryptography"
 Provides-Extra: aiohttp
 Requires-Dist: aiohttp<4.0.0,>=3.6.2; extra == "aiohttp"
 Requires-Dist: requests<3.0.0,>=2.20.0; extra == "aiohttp"
@@ -46,6 +48,7 @@ Provides-Extra: testing
 Requires-Dist: grpcio; extra == "testing"
 Requires-Dist: flask; extra == "testing"
 Requires-Dist: freezegun; extra == "testing"
+Requires-Dist: mock; extra == "testing"
 Requires-Dist: oauth2client; extra == "testing"
 Requires-Dist: pyjwt>=2.0; extra == "testing"
 Requires-Dist: pytest; extra == "testing"
@@ -62,7 +65,6 @@ Requires-Dist: aioresponses; extra == "testing"
 Requires-Dist: pytest-asyncio; extra == "testing"
 Requires-Dist: pyopenssl<24.3.0; extra == "testing"
 Requires-Dist: aiohttp<3.10.0; extra == "testing"
-Requires-Dist: rsa<5,>=3.1.4; extra == "testing"
 Provides-Extra: urllib3
 Requires-Dist: urllib3; extra == "urllib3"
 Requires-Dist: packaging; extra == "urllib3"
@@ -104,16 +106,15 @@ Note that the extras pyopenssl and enterprise_cert should not be used together b
 
 Supported Python Versions
 ^^^^^^^^^^^^^^^^^^^^^^^^^
-Python >= 3.8
+Python >= 3.7
 
 **NOTE**:
-Python 3.8 and Python 3.9 were marked as `unsupported`_ by the python community in 
-October 2024 and October 2025, respectively.
-We recommend that all developers upgrade to Python 3.10 and newer as soon as
-they can. Support for end-of-life Python runtimes will be removed from this
-library in future updates.
-Previous releases that support end-of-life Python versions will continue to be available
-for download, but future releases will only target supported versions.
+Python 3.7 was marked as `unsupported`_ by the python community in June 2023.
+We recommend that all developers upgrade to Python 3.8 and newer as soon as
+they can. Support for Python 3.7 will be removed from this library after
+January 1 2024. Previous releases that support Python 3.7 will continue to be available
+for download, but releases after January 1 2024 will only target Python 3.8 and
+newer.
 
 .. _unsupported: https://devguide.python.org/versions/#unsupported-versions
 
@@ -128,10 +129,6 @@ Unsupported Python Versions
 - Python 3.6:   The last version of this library with support for Python 3.6
   was `google.auth == 2.22.0`.
 
-- Python 3.7:   The last version of this library with support for Python 3.7
-  was `google.auth == 2.45.0`.
-
-
 Documentation
 -------------
 

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/README.rst

@@ -35,16 +35,15 @@ Note that the extras pyopenssl and enterprise_cert should not be used together b
 
 Supported Python Versions
 ^^^^^^^^^^^^^^^^^^^^^^^^^
-Python >= 3.8
+Python >= 3.7
 
 **NOTE**:
-Python 3.8 and Python 3.9 were marked as `unsupported`_ by the python community in 
-October 2024 and October 2025, respectively.
-We recommend that all developers upgrade to Python 3.10 and newer as soon as
-they can. Support for end-of-life Python runtimes will be removed from this
-library in future updates.
-Previous releases that support end-of-life Python versions will continue to be available
-for download, but future releases will only target supported versions.
+Python 3.7 was marked as `unsupported`_ by the python community in June 2023.
+We recommend that all developers upgrade to Python 3.8 and newer as soon as
+they can. Support for Python 3.7 will be removed from this library after
+January 1 2024. Previous releases that support Python 3.7 will continue to be available
+for download, but releases after January 1 2024 will only target Python 3.8 and
+newer.
 
 .. _unsupported: https://devguide.python.org/versions/#unsupported-versions
 
@@ -59,10 +58,6 @@ Unsupported Python Versions
 - Python 3.6:   The last version of this library with support for Python 3.6
   was `google.auth == 2.22.0`.
 
-- Python 3.7:   The last version of this library with support for Python 3.7
-  was `google.auth == 2.45.0`.
-
-
 Documentation
 -------------
 

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/__init__.py

@@ -41,17 +41,13 @@ class Python37DeprecationWarning(DeprecationWarning):  # pragma: NO COVER
     pass
 
 
-# Raise warnings for deprecated versions
-eol_message = (
-    "You are using a Python version {} past its end of life. Google will update "
-    "google-auth with critical bug fixes on a best-effort basis, but not "
-    "with any other fixes or features. Please upgrade your Python version, "
-    "and then update google-auth."
-)
-if sys.version_info.major == 3 and sys.version_info.minor == 8:  # pragma: NO COVER
-    warnings.warn(eol_message.format("3.8"), FutureWarning)
-elif sys.version_info.major == 3 and sys.version_info.minor == 9:  # pragma: NO COVER
-    warnings.warn(eol_message.format("3.9"), FutureWarning)
+# Checks if the current runtime is Python 3.7.
+if sys.version_info.major == 3 and sys.version_info.minor == 7:  # pragma: NO COVER
+    message = (
+        "After January 1, 2024, new releases of this library will drop support "
+        "for Python 3.7."
+    )
+    warnings.warn(message, Python37DeprecationWarning)
 
 # Set default logging handler to avoid "No handler found" warnings.
 logging.getLogger(__name__).addHandler(logging.NullHandler())

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/_agent_identity_utils.py

@@ -24,6 +24,7 @@ from urllib.parse import quote, urlparse
 
 from google.auth import environment_vars
 from google.auth import exceptions
+from google.auth.transport import _mtls_helper
 
 
 _LOGGER = logging.getLogger(__name__)
@@ -262,6 +263,14 @@ def should_request_bound_token(cert):
     return is_agent_cert and is_opted_in
 
 
+def call_client_cert_callback():
+    """Calls the client cert callback and returns the certificate and key."""
+    _, cert_bytes, key_bytes, passphrase = _mtls_helper.get_client_ssl_credentials(
+        generate_encrypted_key=True
+    )
+    return cert_bytes, key_bytes
+
+
 def get_cached_cert_fingerprint(cached_cert):
     """Returns the fingerprint of the cached certificate."""
     if cached_cert:

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/_default.py

@@ -16,23 +16,17 @@
 
 Implements application default credentials and project ID detection.
 """
-from __future__ import annotations
 
 import io
 import json
 import logging
 import os
-from typing import Optional, Sequence, TYPE_CHECKING
 import warnings
 
 from google.auth import environment_vars
 from google.auth import exceptions
 import google.auth.transport._http_client
 
-if TYPE_CHECKING:  # pragma: NO COVER
-    from google.auth.credentials import Credentials  # noqa: F401
-    from google.auth.transport import Request  # noqa: F401
-
 _LOGGER = logging.getLogger(__name__)
 
 # Valid types accepted for file-based credentials.
@@ -330,24 +324,23 @@ def _get_explicit_environ_credentials(quota_project_id=None):
     from google.auth import _cloud_sdk
 
     cloud_sdk_adc_path = _cloud_sdk.get_application_default_credentials_path()
-    explicit_file = os.environ.get(environment_vars.CREDENTIALS, "")
+    explicit_file = os.environ.get(environment_vars.CREDENTIALS)
 
     _LOGGER.debug(
-        "Checking '%s' for explicit credentials as part of auth process...",
-        explicit_file,
+        "Checking %s for explicit credentials as part of auth process...", explicit_file
     )
 
-    if explicit_file != "" and explicit_file == cloud_sdk_adc_path:
+    if explicit_file is not None and explicit_file == cloud_sdk_adc_path:
         # Cloud sdk flow calls gcloud to fetch project id, so if the explicit
         # file path is cloud sdk credentials path, then we should fall back
         # to cloud sdk flow, otherwise project id cannot be obtained.
         _LOGGER.debug(
-            "Explicit credentials path '%s' is the same as Cloud SDK credentials path, fall back to Cloud SDK credentials flow...",
+            "Explicit credentials path %s is the same as Cloud SDK credentials path, fall back to Cloud SDK credentials flow...",
             explicit_file,
         )
         return _get_gcloud_sdk_credentials(quota_project_id=quota_project_id)
 
-    if explicit_file != "":
+    if explicit_file is not None:
         with warnings.catch_warnings():
             warnings.simplefilter("ignore", DeprecationWarning)
             credentials, project_id = load_credentials_from_file(
@@ -355,6 +348,7 @@ def _get_explicit_environ_credentials(quota_project_id=None):
                 quota_project_id=quota_project_id,
             )
             credentials._cred_file_path = f"{explicit_file} file via the GOOGLE_APPLICATION_CREDENTIALS environment variable"
+
             return credentials, project_id
 
     else:
@@ -594,12 +588,7 @@ def _apply_quota_project_id(credentials, quota_project_id):
     return credentials
 
 
-def default(
-    scopes: Optional[Sequence[str]] = None,
-    request: Optional["google.auth.transport.Request"] = None,
-    quota_project_id: Optional[str] = None,
-    default_scopes: Optional[Sequence[str]] = None,
-) -> tuple["google.auth.credentials.Credentials", Optional[str]]:
+def default(scopes=None, request=None, quota_project_id=None, default_scopes=None):
     """Gets the default credentials for the current environment.
 
     `Application Default Credentials`_ provides an easy way to obtain

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/_helpers.py

@@ -124,26 +124,6 @@ def utcnow():
     return now
 
 
-def utcfromtimestamp(timestamp):
-    """Returns the UTC datetime from a timestamp.
-
-    Args:
-        timestamp (float): The timestamp to convert.
-
-    Returns:
-        datetime: The time in UTC.
-    """
-    # We used datetime.utcfromtimestamp() before, since it's deprecated from
-    # python 3.12, we are using datetime.fromtimestamp(timestamp, timezone.utc)
-    # now. "utcfromtimestamp()" is offset-native (no timezone info), but
-    # "fromtimestamp(timestamp, timezone.utc)" is offset-aware (with timezone
-    # info). This will cause datetime comparison problem. For backward
-    # compatibility, we need to remove the timezone info.
-    dt = datetime.datetime.fromtimestamp(timestamp, tz=datetime.timezone.utc)
-    dt = dt.replace(tzinfo=None)
-    return dt
-
-
 def datetime_to_secs(value):
     """Convert a datetime object to the number of seconds since the UNIX epoch.
 
@@ -354,8 +334,7 @@ def is_python_3():
     Returns:
         bool: True if the Python interpreter is Python 3 and False otherwise.
     """
-
-    return sys.version_info > (3, 0)  # pragma: NO COVER
+    return sys.version_info > (3, 0)
 
 
 def _hash_sensitive_info(data: Union[dict, list]) -> Union[dict, list, str]:

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/aio/transport/aiohttp.py

@@ -104,7 +104,7 @@ class Request(transport.Request):
         # Custom aiohttp Session Example:
         session = session=aiohttp.ClientSession(auto_decompress=False)
         request = google.auth.aio.transport.aiohttp.Request(session=session)
-        auth_session = google.auth.aio.transport.sessions.AsyncAuthorizedSession(auth_request=request)
+        auth_sesion = google.auth.aio.transport.sessions.AsyncAuthorizedSession(auth_request=request)
 
     Args:
         session (aiohttp.ClientSession): An instance :class:`aiohttp.ClientSession` used

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/aio/transport/sessions.py

@@ -159,7 +159,7 @@ class AsyncAuthorizedSession:
                 at ``max_allowed_time``. It might take longer, for example, if
                 an underlying request takes a lot of time, but the request
                 itself does not timeout, e.g. if a large file is being
-                transmitted. The timeout error will be raised after such
+                transmitted. The timout error will be raised after such
                 request completes.
 
         Returns:

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/app_engine.py

@@ -22,6 +22,7 @@ Engine in the standard environment using the `App Identity API`_.
     https://cloud.google.com/appengine/docs/python/appidentity/
 """
 
+import datetime
 
 from google.auth import _helpers
 from google.auth import credentials
@@ -127,7 +128,7 @@ class Credentials(
         scopes = self._scopes if self._scopes is not None else self._default_scopes
         # pylint: disable=unused-argument
         token, ttl = app_identity.get_access_token(scopes, self._service_account_id)
-        expiry = _helpers.utcfromtimestamp(ttl)
+        expiry = datetime.datetime.utcfromtimestamp(ttl)
 
         self.token, self.expiry = token, expiry
 

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/aws.py

@@ -530,10 +530,9 @@ class _DefaultAwsSecurityCredentialsSupplier(AwsSecurityCredentialsSupplier):
             google.auth.exceptions.RefreshError: If an error occurs while
                 retrieving the AWS security credentials.
         """
+        headers = {"Content-Type": "application/json"}
         if imdsv2_session_token is not None:
-            headers = {"X-aws-ec2-metadata-token": imdsv2_session_token}
-        else:
-            headers = None
+            headers["X-aws-ec2-metadata-token"] = imdsv2_session_token
 
         response = request(
             url="{}/{}".format(self._security_credentials_url, role_name),

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/compute_engine/_metadata.py

@@ -97,23 +97,10 @@ _METADATA_HEADERS = {_METADATA_FLAVOR_HEADER: _METADATA_FLAVOR_VALUE}
 # Timeout in seconds to wait for the GCE metadata server when detecting the
 # GCE environment.
 try:
-    _METADATA_DEFAULT_TIMEOUT = int(os.getenv(environment_vars.GCE_METADATA_TIMEOUT, 3))
+    _METADATA_DEFAULT_TIMEOUT = int(os.getenv("GCE_METADATA_TIMEOUT", 3))
 except ValueError:  # pragma: NO COVER
     _METADATA_DEFAULT_TIMEOUT = 3
 
-# The number of tries to perform when waiting for the GCE metadata server
-# when detecting the GCE environment.
-try:
-    _METADATA_DETECT_RETRIES = int(
-        os.getenv(environment_vars.GCE_METADATA_DETECT_RETRIES, 3)
-    )
-except ValueError:  # pragma: NO COVER
-    _METADATA_DETECT_RETRIES = 3
-
-# This is used to disable checking for the GCE metadata server and directly
-# assuming it's not available.
-_NO_GCE_CHECK = os.getenv(environment_vars.NO_GCE_CHECK) == "true"
-
 # Detect GCE Residency
 _GOOGLE = "Google"
 _GCE_PRODUCT_NAME_FILE = "/sys/class/dmi/id/product_name"
@@ -129,9 +116,6 @@ def is_on_gce(request):
     Returns:
         bool: True if the code runs on Google Compute Engine, False otherwise.
     """
-    if _NO_GCE_CHECK:
-        return False
-
     if ping(request):
         return True
 
@@ -186,9 +170,7 @@ def _prepare_request_for_mds(request, use_mtls=False) -> None:
             request.session.mount(f"https://{host}/", adapter)
 
 
-def ping(
-    request, timeout=_METADATA_DEFAULT_TIMEOUT, retry_count=_METADATA_DETECT_RETRIES
-):
+def ping(request, timeout=_METADATA_DEFAULT_TIMEOUT, retry_count=3):
     """Checks to see if the metadata server is available.
 
     Args:
@@ -312,7 +294,7 @@ def get(
     url = _helpers.update_query(base_url, query_params)
 
     backoff = ExponentialBackoff(total_attempts=retry_count)
-    last_exception = None
+    failure_reason = None
     for attempt in backoff:
         try:
             response = request(
@@ -326,10 +308,13 @@ def get(
                     retry_count,
                     response.status,
                 )
-                last_exception = None
+                failure_reason = (
+                    response.data.decode("utf-8")
+                    if hasattr(response.data, "decode")
+                    else response.data
+                )
                 continue
             else:
-                last_exception = None
                 break
 
         except exceptions.TransportError as e:
@@ -340,27 +325,14 @@ def get(
                 retry_count,
                 e,
             )
-            last_exception = e
+            failure_reason = e
     else:
-        if last_exception:
-            raise exceptions.TransportError(
-                "Failed to retrieve {} from the Google Compute Engine "
-                "metadata service. Compute Engine Metadata server unavailable. "
-                "Last exception: {}".format(url, last_exception)
-            ) from last_exception
-        else:
-            error_details = (
-                response.data.decode("utf-8")
-                if hasattr(response.data, "decode")
-                else response.data
-            )
-            raise exceptions.TransportError(
-                "Failed to retrieve {} from the Google Compute Engine "
-                "metadata service. Compute Engine Metadata server unavailable. "
-                "Response status: {}\nResponse details:\n{}".format(
-                    url, response.status, error_details
-                )
+        raise exceptions.TransportError(
+            "Failed to retrieve {} from the Google Compute Engine "
+            "metadata service. Compute Engine Metadata server unavailable due to {}".format(
+                url, failure_reason
             )
+        )
 
     content = _helpers.from_bytes(response.data)
 

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/compute_engine/credentials.py

@@ -123,7 +123,7 @@ class Credentials(
     def _metric_header_for_usage(self):
         return metrics.CRED_TYPE_SA_MDS
 
-    def _perform_refresh_token(self, request):
+    def _refresh_token(self, request):
         """Refresh the access token and scopes.
 
         Args:
@@ -498,7 +498,7 @@ class IDTokenCredentials(
             raise new_exc from caught_exc
 
         _, payload, _, _ = jwt._unverified_decode(id_token)
-        return id_token, _helpers.utcfromtimestamp(payload["exp"])
+        return id_token, datetime.datetime.utcfromtimestamp(payload["exp"])
 
     def refresh(self, request):
         """Refreshes the ID token.

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/credentials.py

@@ -294,7 +294,7 @@ class CredentialsWithTrustBoundary(Credentials):
     """Abstract base for credentials supporting ``with_trust_boundary`` factory"""
 
     @abc.abstractmethod
-    def _perform_refresh_token(self, request):
+    def _refresh_token(self, request):
         """Refreshes the access token.
 
         Args:
@@ -305,7 +305,7 @@ class CredentialsWithTrustBoundary(Credentials):
             google.auth.exceptions.RefreshError: If the credentials could
                 not be refreshed.
         """
-        raise NotImplementedError("_perform_refresh_token must be implemented")
+        raise NotImplementedError("_refresh_token must be implemented")
 
     def with_trust_boundary(self, trust_boundary):
         """Returns a copy of these credentials with a modified trust boundary.
@@ -364,7 +364,7 @@ class CredentialsWithTrustBoundary(Credentials):
         This method calls the subclass's token refresh logic and then
         refreshes the trust boundary if applicable.
         """
-        self._perform_refresh_token(request)
+        self._refresh_token(request)
         self._refresh_trust_boundary(request)
 
     def _refresh_trust_boundary(self, request):

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/crypt/__init__.py

@@ -42,18 +42,27 @@ from google.auth.crypt import es
 from google.auth.crypt import es256
 from google.auth.crypt import rsa
 
-EsSigner = es.EsSigner
-EsVerifier = es.EsVerifier
-ES256Signer = es256.ES256Signer
-ES256Verifier = es256.ES256Verifier
-
-
 # Aliases to maintain the v1.0.0 interface, as the crypt module was split
 # into submodules.
 Signer = base.Signer
 Verifier = base.Verifier
 RSASigner = rsa.RSASigner
 RSAVerifier = rsa.RSAVerifier
+EsSigner = es.EsSigner
+EsVerifier = es.EsVerifier
+ES256Signer = es256.ES256Signer
+ES256Verifier = es256.ES256Verifier
+
+__all__ = [
+    "EsSigner",
+    "EsVerifier",
+    "ES256Signer",
+    "ES256Verifier",
+    "RSASigner",
+    "RSAVerifier",
+    "Signer",
+    "Verifier",
+]
 
 
 def verify_signature(message, signature, certs, verifier_cls=rsa.RSAVerifier):
@@ -82,15 +91,3 @@ def verify_signature(message, signature, certs, verifier_cls=rsa.RSAVerifier):
         if verifier.verify(message, signature):
             return True
     return False
-
-
-__all__ = [
-    "EsSigner",
-    "EsVerifier",
-    "ES256Signer",
-    "ES256Verifier",
-    "RSASigner",
-    "RSAVerifier",
-    "Signer",
-    "Verifier",
-]

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/crypt/_cryptography_rsa.py

@@ -66,7 +66,7 @@ class RSAVerifier(base.Verifier):
                 x509 public key certificate.
 
         Returns:
-            Verifier: The constructed verifier.
+            google.auth.crypt.base.Verifier: The constructed verifier.
 
         Raises:
             ValueError: If the public key can't be parsed.

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/crypt/es.py

@@ -102,7 +102,7 @@ class EsVerifier(base.Verifier):
 
     @classmethod
     def from_string(cls, public_key: Union[str, bytes]) -> "EsVerifier":
-        """Construct a Verifier instance from a public key or public
+        """Construct an Verifier instance from a public key or public
         certificate string.
 
         Args:
@@ -110,7 +110,7 @@ class EsVerifier(base.Verifier):
                 x509 public key certificate.
 
         Returns:
-            google.auth.crypt.Verifier: The constructed verifier.
+            google.auth.crypt.base.Verifier: The constructed verifier.
 
         Raises:
             ValueError: If the public key can't be parsed.

google_auth-3.0.0.dev0/google/auth/crypt/rsa.py

@@ -0,0 +1,20 @@
+# Copyright 2017 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""RSA cryptography signer and verifier."""
+
+from google.auth.crypt import _cryptography_rsa
+
+RSASigner = _cryptography_rsa.RSASigner
+RSAVerifier = _cryptography_rsa.RSAVerifier

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/environment_vars.py

@@ -60,22 +60,6 @@ GCE_METADATA_IP = "GCE_METADATA_IP"
 """Environment variable providing an alternate ip:port to be used for ip-only
 GCE metadata requests."""
 
-GCE_METADATA_TIMEOUT = "GCE_METADATA_TIMEOUT"
-"""Environment variable defining the timeout in seconds to wait for the
-GCE metadata server when detecting the GCE environment.
-"""
-
-GCE_METADATA_DETECT_RETRIES = "GCE_METADATA_DETECT_RETRIES"
-"""Environment variable representing the number of retries that should be
-attempted on metadata lookup.
-"""
-
-NO_GCE_CHECK = "NO_GCE_CHECK"
-"""Environment variable controlling whether to check if running on GCE or not.
-
-The default value is false. Users have to explicitly set this value to true
-in order to disable the GCE check."""
-
 GCE_METADATA_MTLS_MODE = "GCE_METADATA_MTLS_MODE"
 """Environment variable controlling the mTLS behavior for GCE metadata requests.
 

{google_auth-2.49.0.dev0 → google_auth-3.0.0.dev0}/google/auth/external_account.py

@@ -420,7 +420,7 @@ class Credentials(
         source credentials and the impersonated credentials. For non-impersonated
         credentials, it will refresh the access token and the trust boundary.
         """
-        self._perform_refresh_token(request)
+        self._refresh_token(request)
         self._handle_trust_boundary(request)
 
     def _handle_trust_boundary(self, request):
@@ -432,7 +432,7 @@ class Credentials(
             # Otherwise, refresh the trust boundary for the external account.
             self._refresh_trust_boundary(request)
 
-    def _perform_refresh_token(self, request, cert_fingerprint=None):
+    def _refresh_token(self, request, cert_fingerprint=None):
         scopes = self._scopes if self._scopes is not None else self._default_scopes
 
         # Inject client certificate into request.