chore(migration): Migrate code from googleapis/google-auth-library-python-httplib2 into packages/google-auth-httplib2 #15546
Conversation
Use code font for httplib2 in README
The Request class is now in google_auth_httplib2 after this was pulled out of the root google-auth package.
- Based on googleapis/google-auth-library-python#167 - Fixed "and and" typo - Fixed URL for project - Updated the package description to explain it was for `httplib2` transport - Added `httplib2` as a dependency
* Bug: Catch any underlying exceptions from http.HTTPException Resolves https://github.com/GoogleCloudPlatform/google-auth-library- python-httplib2/issues/6 * PR: Fix build. * Remove unneeded comment.
Similar to #9, this exposes the `redirect_codes` attribute of the underlying httplib2.Http instance on AuthorizedHttp, letting users modify the set of HTTP status codes interpreted as redirects (as in googleapis/google-api-python-client#803).
… the request in httplib2 (#13) * Fix the signature of AuthorizedHttp.request to match the signature of request in httplib2
- Adds `.github`. `.kokoro` templates. - Moves repo tests from tox to nox - Adds newer 3.x versions to the unit test list and removes pypy - Updates `setup.py` to declare `version` as a variable (for release please) and have up to date author and classifiers - Runs black over the code.
Add `close` so `AuthorizedHttp`'s interface matches `httplib2.Http`. For googleapis/google-api-python-client#1046 https://github.com/httplib2/httplib2/blob/595e248d0958c00e83cb28f136a2a54772772b50/python3/httplib2/__init__.py#L1498
🤖 I have created a release \*beep\* \*boop\* --- ## [0.1.0](https://www.github.com/googleapis/google-auth-library-python-httplib2/compare/v0.0.3...v0.1.0) (2021-03-01) ### Features * add close method ([#14](https://www.github.com/googleapis/google-auth-library-python-httplib2/issues/14)) ([feda187](https://www.github.com/googleapis/google-auth-library-python-httplib2/commit/feda187133beeb656fdd7f30ed124ed1e428a74a)) * expose a few httplib2 properties and a method ([#9](https://www.github.com/googleapis/google-auth-library-python-httplib2/issues/9)) ([e3aa44e](https://www.github.com/googleapis/google-auth-library-python-httplib2/commit/e3aa44e01e2987989671467c7a022ea33829eb2f)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
add a code of conduct
* chore: prevent normalization of semver versioning * chore: update workaround to make sic work
Co-authored-by: google-cloud-policy-bot[bot] <80869356+google-cloud-policy-bot[bot]@users.noreply.github.com>
This PR migrates from autosynth to [owl-bot](https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md).
Source-Link: googleapis/synthtool@b0eb8a8 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:df50e8d462f86d6bcb42f27ecad55bb12c404f1c65de9c6fe4c4d25120080bd6
Source-Link: googleapis/synthtool@53ea389 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:e1793a23ae0ee9aafb2e3a53b564a351f74790dbe3c2d75f8fc3b8c43e5c036c
Source-Link: googleapis/synthtool@e44dc0c Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:5ff7446edeaede81c3ed58b23a4e76a5403fba1350ce28478045657303b6479d
Source-Link: googleapis/synthtool@dd05f9d Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:aea14a583128771ae8aefa364e1652f3c56070168ef31beb203534222d842b8b
* chore: removing owlbot directives for conversion to main * clean up Co-authored-by: Anthonios Partheniou <partheniou@google.com>
chore: relocate owl bot post processor
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request migrates the google-auth-httplib2 library into this monorepo, including its source code, tests, documentation, and CI/CD configurations. A critical security concern has been identified: several shell scripts in the .kokoro/ directory contain insecure patterns, specifically unquoted environment variable expansions that could lead to command injection and a path traversal vulnerability when handling secrets. These must be addressed to harden the CI environment. Furthermore, the review highlighted a critical issue in the documentation build configuration, a duplicated entry in .gitignore, and opportunities to modernize Python code by removing redundant (object) inheritance. A minor wording improvement in the README is also suggested for clarity. Addressing these points will significantly improve the security, maintainability, and correctness of the new package.
I am having trouble creating individual review comments. Click here to see my feedback.
packages/google-auth-httplib2/docs/conf.py (40)
Hardcoding __version__ to an empty string will cause the documentation to be built with an incorrect or empty version number. It's better to read the version dynamically from setup.py to ensure consistency. You will also need to add import re at the top of the file.
with open(os.path.join(os.path.dirname(__file__), '..', 'setup.py')) as f:
setup_content = f.read()
match = re.search(r"version = \"([^\"]+)\"", setup_content)
if not match:
raise RuntimeError('Could not find version in setup.py')
__version__ = match.group(1)
packages/google-auth-httplib2/.kokoro/populate-secrets.sh (28)
The environment variable SECRET_MANAGER_KEYS is expanded without quotes inside a subshell. This allows for command injection if the variable contains shell metacharacters. For example, if SECRET_MANAGER_KEYS is set to ; touch /tmp/owned, the echo command will be terminated and touch will be executed during the subshell evaluation.
for key in $(echo "${SECRET_MANAGER_KEYS}" | sed "s/,/ /g")
packages/google-auth-httplib2/.kokoro/populate-secrets.sh (37)
The key variable, derived from the SECRET_MANAGER_KEYS environment variable, is used to construct a file path for writing secrets without any validation or sanitization. An attacker could provide a key like ../../target_file to overwrite arbitrary files in the CI environment. This is particularly dangerous as it could be used to overwrite executables or configuration files used later in the build process.
packages/google-auth-httplib2/.kokoro/build.sh (57)
The environment variable NOX_SESSION is expanded without quotes in a command. This allows for command injection if the variable contains shell metacharacters like ; or &. While this variable is typically set in configuration files, unquoted expansion is a dangerous pattern in CI scripts.
python3 -m nox -s "${NOX_SESSION:-}"
packages/google-auth-httplib2/.kokoro/test-samples.sh (34)
The variable LATEST_RELEASE, which contains the output of git describe, is expanded without quotes in a git checkout command. If a malicious tag name is created in the repository (e.g., ; touch /tmp/owned), it could lead to arbitrary command execution when this script runs.
git checkout "$LATEST_RELEASE"
packages/google-auth-httplib2/.gitignore (39)
The entry coverage.xml is duplicated. It's already present on line 21. You can remove this redundant line to keep the file clean.
packages/google-auth-httplib2/README.rst (7)
The term 'no longer maintained' can be misleading and might suggest the library is abandoned. Since the library is being migrated and will likely receive security patches, using 'deprecated' would be more accurate and consistent with the badge above. It clarifies that while no new features are planned, the library is not completely unmaintained.
The library was created to help clients migrate from `oauth2client <https://github.com/googleapis/oauth2client>`_ to `google-auth`_, however this library is now deprecated. For any new usages please see provided transport layers by `google-auth`_ library.
packages/google-auth-httplib2/google_auth_httplib2.py (132)
Since this library requires Python 3.7+, explicitly inheriting from object is no longer necessary. You can remove (object) for cleaner, more modern Python code.
class AuthorizedHttp:
packages/google-auth-httplib2/tests/test_google_auth_httplib2.py (25)
Since this library requires Python 3.7+, explicitly inheriting from object is no longer necessary. You can remove (object) from class definitions in this file (e.g., MockHttp, MockResponse, TestAuthorizedHttp) for cleaner, more modern Python code.
class MockHttp:
|
I'm going to try closing and and re-opening this PR to try to get presubmits to run due to Github outage: https://www.githubstatus.com/ |
|
Still seeing |
parthea
deleted the
migration.google-auth-library-python-httplib2.migration.2026-02-09_17-15-38.migrate
branch
20 participants
See #14909.
This PR should be merged with a merge-commit, not a squash-commit, in order to preserve the git history.