feat: update all protos and pb2 files (#92)

* feat: update all protos and pb2 files

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

packages/googleapis-common-protos/google/api/annotations.proto

@@ -1,4 +1,4 @@
-// Copyright (c) 2015, Google Inc.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

packages/googleapis-common-protos/google/api/auth.proto

@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC.
+// Copyright 2015 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,18 +16,16 @@ syntax = "proto3";
 
 package google.api;
 
-import "google/api/annotations.proto";
-
 option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
 option java_multiple_files = true;
 option java_outer_classname = "AuthProto";
 option java_package = "com.google.api";
 option objc_class_prefix = "GAPI";
 
-
-// `Authentication` defines the authentication configuration for an API.
+// `Authentication` defines the authentication configuration for API methods
+// provided by an API service.
 //
-// Example for an API targeted for external use:
+// Example:
 //
 //     name: calendar.googleapis.com
 //     authentication:
@@ -39,6 +37,9 @@ option objc_class_prefix = "GAPI";
 //       - selector: "*"
 //         requirements:
 //           provider_id: google_calendar_auth
+//       - selector: google.calendar.Delegate
+//         oauth:
+//           canonical_scopes: https://www.googleapis.com/auth/calendar.read
 message Authentication {
   // A list of authentication rules that apply to individual API methods.
   //
@@ -68,14 +69,37 @@ message AuthenticationRule {
   OAuthRequirements oauth = 2;
 
   // If true, the service accepts API keys without any other credential.
+  // This flag only applies to HTTP and gRPC requests.
   bool allow_without_credential = 5;
 
   // Requirements for additional authentication providers.
   repeated AuthRequirement requirements = 7;
 }
 
-// Configuration for an anthentication provider, including support for
-// [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+// Specifies a location to extract JWT from an API request.
+message JwtLocation {
+  oneof in {
+    // Specifies HTTP header name to extract JWT token.
+    string header = 1;
+
+    // Specifies URL query parameter name to extract JWT token.
+    string query = 2;
+  }
+
+  // The value prefix. The value format is "value_prefix{token}"
+  // Only applies to "in" header type. Must be empty for "in" query type.
+  // If not empty, the header value has to match (case sensitive) this prefix.
+  // If not matched, JWT will not be extracted. If matched, JWT will be
+  // extracted after the prefix is removed.
+  //
+  // For example, for "Authorization: Bearer {JWT}",
+  // value_prefix="Bearer " with a space at the end.
+  string value_prefix = 3;
+}
+
+// Configuration for an authentication provider, including support for
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
 message AuthProvider {
   // The unique identifier of the auth provider. It will be referred to by
   // `AuthRequirement.provider_id`.
@@ -92,34 +116,60 @@ message AuthProvider {
   string issuer = 2;
 
   // URL of the provider's public key set to validate signature of the JWT. See
-  // [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+  // [OpenID
+  // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
   // Optional if the key set document:
   //  - can be retrieved from
-  //    [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html
+  //    [OpenID
+  //    Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)
   //    of the issuer.
-  //  - can be inferred from the email domain of the issuer (e.g. a Google service account).
+  //  - can be inferred from the email domain of the issuer (e.g. a Google
+  //  service account).
   //
   // Example: https://www.googleapis.com/oauth2/v1/certs
   string jwks_uri = 3;
 
   // The list of JWT
   // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
   // that are allowed to access. A JWT containing any of these audiences will
-  // be accepted. When this setting is absent, only JWTs with audience
-  // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
-  // will be accepted. For example, if no audiences are in the setting,
-  // LibraryService API will only accept JWTs with the following audience
-  // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
+  // be accepted. When this setting is absent, JWTs with audiences:
+  //   - "https://[service.name]/[google.protobuf.Api.name]"
+  //   - "https://[service.name]/"
+  // will be accepted.
+  // For example, if no audiences are in the setting, LibraryService API will
+  // accept JWTs with the following audiences:
+  //   -
+  //   https://library-example.googleapis.com/google.example.library.v1.LibraryService
+  //   - https://library-example.googleapis.com/
   //
   // Example:
   //
   //     audiences: bookstore_android.apps.googleusercontent.com,
   //                bookstore_web.apps.googleusercontent.com
   string audiences = 4;
 
-  // Redirect URL if JWT token is required but no present or is expired.
+  // Redirect URL if JWT token is required but not present or is expired.
   // Implement authorizationUrl of securityDefinitions in OpenAPI spec.
   string authorization_url = 5;
+
+  // Defines the locations to extract the JWT.
+  //
+  // JWT locations can be either from HTTP headers or URL query parameters.
+  // The rule is that the first match wins. The checking order is: checking
+  // all headers first, then URL query parameters.
+  //
+  // If not specified,  default to use following 3 locations:
+  //    1) Authorization: Bearer
+  //    2) x-goog-iap-jwt-assertion
+  //    3) access_token query parameter
+  //
+  // Default locations can be specified as followings:
+  //    jwt_locations:
+  //    - header: Authorization
+  //      value_prefix: "Bearer "
+  //    - header: x-goog-iap-jwt-assertion
+  //    - query: access_token
+  repeated JwtLocation jwt_locations = 6;
 }
 
 // OAuth scopes are a way to define data and permissions on data. For example,
@@ -152,7 +202,8 @@ message OAuthRequirements {
 }
 
 // User-defined authentication requirements, including support for
-// [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
 message AuthRequirement {
   // [id][google.api.AuthProvider.id] from authentication provider.
   //

packages/googleapis-common-protos/google/api/auth_pb2.py

@@ -27,17 +27,13 @@
 _sym_db = _symbol_database.Default()
 
 
-from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
-
-
 DESCRIPTOR = _descriptor.FileDescriptor(
     name="google/api/auth.proto",
     package="google.api",
     syntax="proto3",
     serialized_options=b"\n\016com.google.apiB\tAuthProtoP\001ZEgoogle.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig\242\002\004GAPI",
     create_key=_descriptor._internal_create_key,
-    serialized_pb=b'\n\x15google/api/auth.proto\x12\ngoogle.api\x1a\x1cgoogle/api/annotations.proto"l\n\x0e\x41uthentication\x12-\n\x05rules\x18\x03 \x03(\x0b\x32\x1e.google.api.AuthenticationRule\x12+\n\tproviders\x18\x04 \x03(\x0b\x32\x18.google.api.AuthProvider"\xa9\x01\n\x12\x41uthenticationRule\x12\x10\n\x08selector\x18\x01 \x01(\t\x12,\n\x05oauth\x18\x02 \x01(\x0b\x32\x1d.google.api.OAuthRequirements\x12 \n\x18\x61llow_without_credential\x18\x05 \x01(\x08\x12\x31\n\x0crequirements\x18\x07 \x03(\x0b\x32\x1b.google.api.AuthRequirement"j\n\x0c\x41uthProvider\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0e\n\x06issuer\x18\x02 \x01(\t\x12\x10\n\x08jwks_uri\x18\x03 \x01(\t\x12\x11\n\taudiences\x18\x04 \x01(\t\x12\x19\n\x11\x61uthorization_url\x18\x05 \x01(\t"-\n\x11OAuthRequirements\x12\x18\n\x10\x63\x61nonical_scopes\x18\x01 \x01(\t"9\n\x0f\x41uthRequirement\x12\x13\n\x0bprovider_id\x18\x01 \x01(\t\x12\x11\n\taudiences\x18\x02 \x01(\tBk\n\x0e\x63om.google.apiB\tAuthProtoP\x01ZEgoogle.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig\xa2\x02\x04GAPIb\x06proto3',
-    dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR],
+    serialized_pb=b'\n\x15google/api/auth.proto\x12\ngoogle.api"l\n\x0e\x41uthentication\x12-\n\x05rules\x18\x03 \x03(\x0b\x32\x1e.google.api.AuthenticationRule\x12+\n\tproviders\x18\x04 \x03(\x0b\x32\x18.google.api.AuthProvider"\xa9\x01\n\x12\x41uthenticationRule\x12\x10\n\x08selector\x18\x01 \x01(\t\x12,\n\x05oauth\x18\x02 \x01(\x0b\x32\x1d.google.api.OAuthRequirements\x12 \n\x18\x61llow_without_credential\x18\x05 \x01(\x08\x12\x31\n\x0crequirements\x18\x07 \x03(\x0b\x32\x1b.google.api.AuthRequirement"L\n\x0bJwtLocation\x12\x10\n\x06header\x18\x01 \x01(\tH\x00\x12\x0f\n\x05query\x18\x02 \x01(\tH\x00\x12\x14\n\x0cvalue_prefix\x18\x03 \x01(\tB\x04\n\x02in"\x9a\x01\n\x0c\x41uthProvider\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0e\n\x06issuer\x18\x02 \x01(\t\x12\x10\n\x08jwks_uri\x18\x03 \x01(\t\x12\x11\n\taudiences\x18\x04 \x01(\t\x12\x19\n\x11\x61uthorization_url\x18\x05 \x01(\t\x12.\n\rjwt_locations\x18\x06 \x03(\x0b\x32\x17.google.api.JwtLocation"-\n\x11OAuthRequirements\x12\x18\n\x10\x63\x61nonical_scopes\x18\x01 \x01(\t"9\n\x0f\x41uthRequirement\x12\x13\n\x0bprovider_id\x18\x01 \x01(\t\x12\x11\n\taudiences\x18\x02 \x01(\tBk\n\x0e\x63om.google.apiB\tAuthProtoP\x01ZEgoogle.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig\xa2\x02\x04GAPIb\x06proto3',
 )
 
 
@@ -96,8 +92,8 @@
     syntax="proto3",
     extension_ranges=[],
     oneofs=[],
-    serialized_start=67,
-    serialized_end=175,
+    serialized_start=37,
+    serialized_end=145,
 )
 
 
@@ -194,8 +190,96 @@
     syntax="proto3",
     extension_ranges=[],
     oneofs=[],
-    serialized_start=178,
-    serialized_end=347,
+    serialized_start=148,
+    serialized_end=317,
+)
+
+
+_JWTLOCATION = _descriptor.Descriptor(
+    name="JwtLocation",
+    full_name="google.api.JwtLocation",
+    filename=None,
+    file=DESCRIPTOR,
+    containing_type=None,
+    create_key=_descriptor._internal_create_key,
+    fields=[
+        _descriptor.FieldDescriptor(
+            name="header",
+            full_name="google.api.JwtLocation.header",
+            index=0,
+            number=1,
+            type=9,
+            cpp_type=9,
+            label=1,
+            has_default_value=False,
+            default_value=b"".decode("utf-8"),
+            message_type=None,
+            enum_type=None,
+            containing_type=None,
+            is_extension=False,
+            extension_scope=None,
+            serialized_options=None,
+            file=DESCRIPTOR,
+            create_key=_descriptor._internal_create_key,
+        ),
+        _descriptor.FieldDescriptor(
+            name="query",
+            full_name="google.api.JwtLocation.query",
+            index=1,
+            number=2,
+            type=9,
+            cpp_type=9,
+            label=1,
+            has_default_value=False,
+            default_value=b"".decode("utf-8"),
+            message_type=None,
+            enum_type=None,
+            containing_type=None,
+            is_extension=False,
+            extension_scope=None,
+            serialized_options=None,
+            file=DESCRIPTOR,
+            create_key=_descriptor._internal_create_key,
+        ),
+        _descriptor.FieldDescriptor(
+            name="value_prefix",
+            full_name="google.api.JwtLocation.value_prefix",
+            index=2,
+            number=3,
+            type=9,
+            cpp_type=9,
+            label=1,
+            has_default_value=False,
+            default_value=b"".decode("utf-8"),
+            message_type=None,
+            enum_type=None,
+            containing_type=None,
+            is_extension=False,
+            extension_scope=None,
+            serialized_options=None,
+            file=DESCRIPTOR,
+            create_key=_descriptor._internal_create_key,
+        ),
+    ],
+    extensions=[],
+    nested_types=[],
+    enum_types=[],
+    serialized_options=None,
+    is_extendable=False,
+    syntax="proto3",
+    extension_ranges=[],
+    oneofs=[
+        _descriptor.OneofDescriptor(
+            name="in",
+            full_name="google.api.JwtLocation.in",
+            index=0,
+            containing_type=None,
+            create_key=_descriptor._internal_create_key,
+            fields=[],
+        )
+    ],
+    serialized_start=319,
+    serialized_end=395,
 )
 
 
@@ -302,6 +386,25 @@
             file=DESCRIPTOR,
             create_key=_descriptor._internal_create_key,
         ),
+        _descriptor.FieldDescriptor(
+            name="jwt_locations",
+            full_name="google.api.AuthProvider.jwt_locations",
+            index=5,
+            number=6,
+            type=11,
+            cpp_type=10,
+            label=3,
+            has_default_value=False,
+            default_value=[],
+            message_type=None,
+            enum_type=None,
+            containing_type=None,
+            is_extension=False,
+            extension_scope=None,
+            serialized_options=None,
+            file=DESCRIPTOR,
+            create_key=_descriptor._internal_create_key,
+        ),
     ],
     extensions=[],
     nested_types=[],
@@ -311,8 +414,8 @@
     syntax="proto3",
     extension_ranges=[],
     oneofs=[],
-    serialized_start=349,
-    serialized_end=455,
+    serialized_start=398,
+    serialized_end=552,
 )
 
 
@@ -352,8 +455,8 @@
     syntax="proto3",
     extension_ranges=[],
     oneofs=[],
-    serialized_start=457,
-    serialized_end=502,
+    serialized_start=554,
+    serialized_end=599,
 )
 
 
@@ -412,16 +515,26 @@
     syntax="proto3",
     extension_ranges=[],
     oneofs=[],
-    serialized_start=504,
-    serialized_end=561,
+    serialized_start=601,
+    serialized_end=658,
 )
 
 _AUTHENTICATION.fields_by_name["rules"].message_type = _AUTHENTICATIONRULE
 _AUTHENTICATION.fields_by_name["providers"].message_type = _AUTHPROVIDER
 _AUTHENTICATIONRULE.fields_by_name["oauth"].message_type = _OAUTHREQUIREMENTS
 _AUTHENTICATIONRULE.fields_by_name["requirements"].message_type = _AUTHREQUIREMENT
+_JWTLOCATION.oneofs_by_name["in"].fields.append(_JWTLOCATION.fields_by_name["header"])
+_JWTLOCATION.fields_by_name["header"].containing_oneof = _JWTLOCATION.oneofs_by_name[
+    "in"
+]
+_JWTLOCATION.oneofs_by_name["in"].fields.append(_JWTLOCATION.fields_by_name["query"])
+_JWTLOCATION.fields_by_name["query"].containing_oneof = _JWTLOCATION.oneofs_by_name[
+    "in"
+]
+_AUTHPROVIDER.fields_by_name["jwt_locations"].message_type = _JWTLOCATION
 DESCRIPTOR.message_types_by_name["Authentication"] = _AUTHENTICATION
 DESCRIPTOR.message_types_by_name["AuthenticationRule"] = _AUTHENTICATIONRULE
+DESCRIPTOR.message_types_by_name["JwtLocation"] = _JWTLOCATION
 DESCRIPTOR.message_types_by_name["AuthProvider"] = _AUTHPROVIDER
 DESCRIPTOR.message_types_by_name["OAuthRequirements"] = _OAUTHREQUIREMENTS
 DESCRIPTOR.message_types_by_name["AuthRequirement"] = _AUTHREQUIREMENT
@@ -449,6 +562,17 @@
 )
 _sym_db.RegisterMessage(AuthenticationRule)
 
+JwtLocation = _reflection.GeneratedProtocolMessageType(
+    "JwtLocation",
+    (_message.Message,),
+    {
+        "DESCRIPTOR": _JWTLOCATION,
+        "__module__": "google.api.auth_pb2"
+        # @@protoc_insertion_point(class_scope:google.api.JwtLocation)
+    },
+)
+_sym_db.RegisterMessage(JwtLocation)
+
 AuthProvider = _reflection.GeneratedProtocolMessageType(
     "AuthProvider",
     (_message.Message,),