Merge branch 'main' into feat/deleteSourceObjects-compose-10602500430278326901

Author: nidhiii-27

.github/workflows/generated_files_sync.yaml

@@ -175,6 +175,7 @@ jobs:
             |grep --invert-match samples \
             |grep --invert-match benchmark \
             |grep --invert-match grafeas \
+            |grep --invert-match '/tools/' \
             |grep --invert-match 'cloud-build.*v2' \
             |grep --invert-match 'google/monitoring/v3/DroppedLabelsOuterClass.java' \
             |grep --invert-match 'google/cloud/policytroubleshooter/v1/Explanations.java')

.gitignore

@@ -58,6 +58,7 @@ nosetests.xml
 .settings
 .DS_Store
 .classpath
+.vscode
 
 # API key file containing value of GOOGLE_API_KEY for integration tests
 api_key
@@ -79,4 +80,4 @@ monorepo
 *.tfstate.*.backup
 *.tfstate.lock.info
 
-.jqwik-database
+.jqwik-database

.kokoro/presubmit/java-pubsub-graalvm-native-presubmit.cfg

@@ -0,0 +1,42 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Configure the docker image for kokoro-trampoline.
+env_vars: {
+  key: "TRAMPOLINE_IMAGE"
+  value: "gcr.io/cloud-devrel-public-resources/graalvm_sdk_platform_a:3.61.0" # {x-version-update:google-cloud-shared-dependencies:current}
+}
+
+env_vars: {
+  key: "JOB_TYPE"
+  value: "graalvm-single"
+}
+
+# TODO: remove this after we've migrated all tests and scripts
+env_vars: {
+  key: "GCLOUD_PROJECT"
+  value: "gcloud-devel"
+}
+
+env_vars: {
+  key: "GOOGLE_CLOUD_PROJECT"
+  value: "gcloud-devel"
+}
+
+env_vars: {
+  key: "GOOGLE_APPLICATION_CREDENTIALS"
+  value: "secret_manager/java-it-service-account"
+}
+
+env_vars: {
+  key: "SECRET_MANAGER_KEYS"
+  value: "java-it-service-account"
+}
+
+env_vars: {
+  key: "IT_SERVICE_ACCOUNT_EMAIL"
+  value: "it-service-account@gcloud-devel.iam.gserviceaccount.com"
+}
+env_vars: {
+  key: "BUILD_SUBDIR"
+  value: "java-pubsub"
+}

.kokoro/presubmit/java-pubsub-integration.cfg

@@ -0,0 +1,39 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Configure the docker image for kokoro-trampoline.
+env_vars: {
+  key: "TRAMPOLINE_IMAGE"
+  value: "gcr.io/cloud-devrel-kokoro-resources/java8"
+}
+
+env_vars: {
+  key: "JOB_TYPE"
+  value: "integration-single"
+}
+
+# TODO: remove this after we've migrated all tests and scripts
+env_vars: {
+  key: "GCLOUD_PROJECT"
+  value: "gcloud-devel"
+}
+
+env_vars: {
+  key: "GOOGLE_CLOUD_PROJECT"
+  value: "gcloud-devel"
+}
+
+env_vars: {
+  key: "GOOGLE_APPLICATION_CREDENTIALS"
+  value: "secret_manager/java-it-service-account"
+}
+
+env_vars: {
+  key: "SECRET_MANAGER_KEYS"
+  value: "java-it-service-account"
+}
+
+
+env_vars: {
+  key: "BUILD_SUBDIR"
+  value: "java-pubsub"
+}

google-cloud-pom-parent/pom.xml

@@ -108,22 +108,6 @@
                   <goals>
                     <goal>enforce</goal>
                   </goals>
-                  <configuration>
-                    <rules>
-                      <requireUpperBoundDeps>
-                        <excludes>
-                          <exclude>io.opentelemetry:opentelemetry-api</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-sdk-metrics</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-sdk-logs</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-context</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-sdk-trace</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-sdk-common</exclude>
-                          <exclude>io.opentelemetry:opentelemetry-sdk</exclude>
-                        </excludes>
-                      </requireUpperBoundDeps>
-                    </rules>
-                  </configuration>
                   </execution>
                 </executions>
             </plugin>

java-bigquery/google-cloud-bigquery-jdbc/.gitignore

@@ -1,4 +1,7 @@
 drivers/**
 target-it/**
 *logs*/**
-**/ITBigQueryJDBCLocalTest.java
+**/ITBigQueryJDBCLocalTest.java
+
+tools/**/*.class
+tools/**/*.jfr

java-bigquery/google-cloud-bigquery-jdbc/pom.xml

@@ -307,6 +307,11 @@
       <artifactId>mockito-core</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-inline</artifactId>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-junit-jupiter</artifactId>

java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryConnection.java

@@ -143,6 +143,7 @@ public class BigQueryConnection extends BigQueryNoOpsConnection {
   String partnerToken;
   DatabaseMetaData databaseMetaData;
   Boolean reqGoogleDriveScope;
+  private boolean isReadOnlyTokenUsed = false;
 
   BigQueryConnection(String url) throws IOException {
     this(url, DataSource.fromUrl(url));
@@ -172,6 +173,7 @@ public class BigQueryConnection extends BigQueryNoOpsConnection {
       this.jobTimeoutInSeconds = ds.getJobTimeout();
       this.authProperties =
           BigQueryJdbcOAuthUtility.parseOAuthProperties(ds, this.connectionClassName);
+      this.isReadOnlyTokenUsed = checkIsReadOnlyTokenUsed(this.authProperties);
       this.catalog = ds.getProjectId();
       this.universeDomain = ds.getUniverseDomain();
 
@@ -1193,4 +1195,18 @@ public CallableStatement prepareCall(
     }
     return prepareCall(sql);
   }
+
+  public boolean isReadOnlyTokenUsed() {
+    return this.isReadOnlyTokenUsed;
+  }
+
+  private boolean checkIsReadOnlyTokenUsed(Map<String, String> authProps) {
+    String readonlyValue =
+        authProps.get(BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_READONLY_PROPERTY_NAME);
+    if (readonlyValue != null) {
+      return BigQueryJdbcUrlUtility.convertIntToBoolean(
+          readonlyValue, BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_READONLY_PROPERTY_NAME);
+    }
+    return false;
+  }
 }

java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java

@@ -170,6 +170,9 @@ static Map<String, String> parseOAuthProperties(DataSource ds, String callerClas
         }
         oauthProperties.put(
             BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_PROPERTY_NAME, ds.getOAuthAccessToken());
+        oauthProperties.put(
+            BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_READONLY_PROPERTY_NAME,
+            String.valueOf(ds.getOAuthAccessTokenReadonly()));
         LOG.fine("OAuthAccessToken provided.");
         break;
       case APPLICATION_DEFAULT_CREDENTIALS:
@@ -230,26 +233,22 @@ static Map<String, String> parseOAuthProperties(DataSource ds, String callerClas
         break;
     }
 
-    if (authType == AuthType.GOOGLE_SERVICE_ACCOUNT
-        || authType == AuthType.GOOGLE_USER_ACCOUNT
-        || authType == AuthType.PRE_GENERATED_TOKEN) {
-      oauthProperties.put(
-          BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME,
-          ds.getOAuthSAImpersonationEmail());
-      oauthProperties.put(
-          BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_CHAIN_PROPERTY_NAME,
-          ds.getOAuthSAImpersonationChain());
-      oauthProperties.put(
-          BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME,
-          ds.getOAuthSAImpersonationScopes() != null
-              ? ds.getOAuthSAImpersonationScopes()
-              : BIGQUERY_SCOPE);
-      oauthProperties.put(
-          BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME,
-          ds.getOAuthSAImpersonationTokenLifetime() != null
-              ? ds.getOAuthSAImpersonationTokenLifetime()
-              : BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE);
-    }
+    oauthProperties.put(
+        BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME,
+        ds.getOAuthSAImpersonationEmail());
+    oauthProperties.put(
+        BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_CHAIN_PROPERTY_NAME,
+        ds.getOAuthSAImpersonationChain());
+    oauthProperties.put(
+        BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME,
+        ds.getOAuthSAImpersonationScopes() != null
+            ? ds.getOAuthSAImpersonationScopes()
+            : BIGQUERY_SCOPE);
+    oauthProperties.put(
+        BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME,
+        ds.getOAuthSAImpersonationTokenLifetime() != null
+            ? ds.getOAuthSAImpersonationTokenLifetime()
+            : BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE);
     return oauthProperties;
   }
 
@@ -284,12 +283,9 @@ static GoogleCredentials getCredentials(
             getPreGeneratedTokensCredentials(authProperties, overrideProperties, callerClassName);
         break;
       case APPLICATION_DEFAULT_CREDENTIALS:
-        // This auth method doesn't support service account impersonation
-
         credentials = getApplicationDefaultCredentials(callerClassName);
         break;
       case EXTERNAL_ACCOUNT_AUTH:
-        // This auth method doesn't support service account impersonation
         credentials = getExternalAccountAuthCredentials(authProperties, callerClassName);
         break;
       default:

java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcUrlUtility.java

@@ -98,6 +98,7 @@ protected boolean removeEldestEntry(Map.Entry<String, Map<String, String>> eldes
   static final String BIGQUERY_ENDPOINT_OVERRIDE_PROPERTY_NAME = "BIGQUERY";
   static final String STS_ENDPOINT_OVERRIDE_PROPERTY_NAME = "STS";
   static final String OAUTH_ACCESS_TOKEN_PROPERTY_NAME = "OAuthAccessToken";
+  static final String OAUTH_ACCESS_TOKEN_READONLY_PROPERTY_NAME = "OAuthAccessTokenReadonly";
   static final String OAUTH_REFRESH_TOKEN_PROPERTY_NAME = "OAuthRefreshToken";
   static final String OAUTH_CLIENT_ID_PROPERTY_NAME = "OAuthClientId";
   static final String OAUTH_CLIENT_SECRET_PROPERTY_NAME = "OAuthClientSecret";
@@ -248,6 +249,11 @@ protected boolean removeEldestEntry(Map.Entry<String, Map<String, String>> eldes
                           "The pre-generated access token to be used with BigQuery for"
                               + " authentication.")
                       .build(),
+                  BigQueryConnectionProperty.newBuilder()
+                      .setName(OAUTH_ACCESS_TOKEN_READONLY_PROPERTY_NAME)
+                      .setDescription(
+                          "Set to true if the pre-generated access token has a read-only scope.")
+                      .build(),
                   BigQueryConnectionProperty.newBuilder()
                       .setName(OAUTH_CLIENT_ID_PROPERTY_NAME)
                       .setDescription(