fix(git): add vendor in .gitignore

vendor/google.golang.org/api/transport/cert/default_cert.go

@@ -1,141 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package cert contains certificate tools for Google API clients.
-// This package is intended to be used with crypto/tls.Config.GetClientCertificate.
-//
-// The certificates can be used to satisfy Google's Endpoint Validation.
-// See https://cloud.google.com/endpoint-verification/docs/overview
-//
-// This package is not intended for use by end developers. Use the
-// google.golang.org/api/option package to configure API clients.
-package cert
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"os/user"
-	"path/filepath"
-	"sync"
-	"time"
-)
-
-const (
-	metadataPath = ".secureConnect"
-	metadataFile = "context_aware_metadata.json"
-)
-
-// defaultCertData holds all the variables pertaining to
-// the default certficate source created by DefaultSource.
-type defaultCertData struct {
-	once            sync.Once
-	source          Source
-	err             error
-	cachedCertMutex sync.Mutex
-	cachedCert      *tls.Certificate
-}
-
-var (
-	defaultCert defaultCertData
-)
-
-// Source is a function that can be passed into crypto/tls.Config.GetClientCertificate.
-type Source func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
-
-// DefaultSource returns a certificate source that execs the command specified
-// in the file at ~/.secureConnect/context_aware_metadata.json
-//
-// If that file does not exist, a nil source is returned.
-func DefaultSource() (Source, error) {
-	defaultCert.once.Do(func() {
-		defaultCert.source, defaultCert.err = newSecureConnectSource()
-	})
-	return defaultCert.source, defaultCert.err
-}
-
-type secureConnectSource struct {
-	metadata secureConnectMetadata
-}
-
-type secureConnectMetadata struct {
-	Cmd []string `json:"cert_provider_command"`
-}
-
-// newSecureConnectSource creates a secureConnectSource by reading the well-known file.
-func newSecureConnectSource() (Source, error) {
-	user, err := user.Current()
-	if err != nil {
-		// Ignore.
-		return nil, nil
-	}
-	filename := filepath.Join(user.HomeDir, metadataPath, metadataFile)
-	file, err := ioutil.ReadFile(filename)
-	if os.IsNotExist(err) {
-		// Ignore.
-		return nil, nil
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	var metadata secureConnectMetadata
-	if err := json.Unmarshal(file, &metadata); err != nil {
-		return nil, fmt.Errorf("cert: could not parse JSON in %q: %v", filename, err)
-	}
-	if err := validateMetadata(metadata); err != nil {
-		return nil, fmt.Errorf("cert: invalid config in %q: %v", filename, err)
-	}
-	return (&secureConnectSource{
-		metadata: metadata,
-	}).getClientCertificate, nil
-}
-
-func validateMetadata(metadata secureConnectMetadata) error {
-	if len(metadata.Cmd) == 0 {
-		return errors.New("empty cert_provider_command")
-	}
-	return nil
-}
-
-func (s *secureConnectSource) getClientCertificate(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
-	defaultCert.cachedCertMutex.Lock()
-	defer defaultCert.cachedCertMutex.Unlock()
-	if defaultCert.cachedCert != nil && !isCertificateExpired(defaultCert.cachedCert) {
-		return defaultCert.cachedCert, nil
-	}
-	// Expand OS environment variables in the cert provider command such as "$HOME".
-	for i := 0; i < len(s.metadata.Cmd); i++ {
-		s.metadata.Cmd[i] = os.ExpandEnv(s.metadata.Cmd[i])
-	}
-	command := s.metadata.Cmd
-	data, err := exec.Command(command[0], command[1:]...).Output()
-	if err != nil {
-		// TODO(cbro): read stderr for error message? Might contain sensitive info.
-		return nil, err
-	}
-	cert, err := tls.X509KeyPair(data, data)
-	if err != nil {
-		return nil, err
-	}
-	defaultCert.cachedCert = &cert
-	return &cert, nil
-}
-
-// isCertificateExpired returns true if the given cert is expired or invalid.
-func isCertificateExpired(cert *tls.Certificate) bool {
-	if len(cert.Certificate) == 0 {
-		return true
-	}
-	parsed, err := x509.ParseCertificate(cert.Certificate[0])
-	if err != nil {
-		return true
-	}
-	return time.Now().After(parsed.NotAfter)
-}

vendor/google.golang.org/api/transport/http/configure_http2_go116.go

@@ -1,26 +0,0 @@
-// Copyright 2021 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.16
-// +build go1.16
-
-package http
-
-import (
-	"net/http"
-	"time"
-
-	"golang.org/x/net/http2"
-)
-
-// configureHTTP2 configures the ReadIdleTimeout HTTP/2 option for the
-// transport. This allows broken idle connections to be pruned more quickly,
-// preventing the client from attempting to re-use connections that will no
-// longer work.
-func configureHTTP2(trans *http.Transport) {
-	http2Trans, err := http2.ConfigureTransports(trans)
-	if err == nil {
-		http2Trans.ReadIdleTimeout = time.Second * 31
-	}
-}

vendor/google.golang.org/api/transport/http/configure_http2_not_go116.go

@@ -1,17 +0,0 @@
-// Copyright 2021 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.16
-// +build !go1.16
-
-package http
-
-import (
-	"net/http"
-)
-
-// configureHTTP2 configures the ReadIdleTimeout HTTP/2 option for the
-// transport. The interface to do this is only available in Go 1.16 and up, so
-// this performs a no-op.
-func configureHTTP2(trans *http.Transport) {}

vendor/google.golang.org/api/transport/http/default_transport_go113.go

@@ -1,21 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.13
-// +build go1.13
-
-package http
-
-import "net/http"
-
-// clonedTransport returns the given RoundTripper as a cloned *http.Transport.
-// It returns nil if the RoundTripper can't be cloned or coerced to
-// *http.Transport.
-func clonedTransport(rt http.RoundTripper) *http.Transport {
-	t, ok := rt.(*http.Transport)
-	if !ok {
-		return nil
-	}
-	return t.Clone()
-}

vendor/google.golang.org/api/transport/http/default_transport_not_go113.go

@@ -1,16 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.13
-// +build !go1.13
-
-package http
-
-import "net/http"
-
-// clonedTransport returns the given RoundTripper as a cloned *http.Transport.
-// For versions of Go <1.13, this is not supported, so return nil.
-func clonedTransport(rt http.RoundTripper) *http.Transport {
-	return nil
-}

vendor/google.golang.org/api/transport/http/dial.go

@@ -1,212 +0,0 @@
-// Copyright 2015 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package http supports network connections to HTTP servers.
-// This package is not intended for use by end developers. Use the
-// google.golang.org/api/option package to configure API clients.
-package http
-
-import (
-	"context"
-	"crypto/tls"
-	"errors"
-	"net"
-	"net/http"
-	"time"
-
-	"go.opencensus.io/plugin/ochttp"
-	"golang.org/x/oauth2"
-	"google.golang.org/api/googleapi/transport"
-	"google.golang.org/api/internal"
-	"google.golang.org/api/option"
-	"google.golang.org/api/transport/cert"
-	"google.golang.org/api/transport/http/internal/propagation"
-	"google.golang.org/api/transport/internal/dca"
-)
-
-// NewClient returns an HTTP client for use communicating with a Google cloud
-// service, configured with the given ClientOptions. It also returns the endpoint
-// for the service as specified in the options.
-func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client, string, error) {
-	settings, err := newSettings(opts)
-	if err != nil {
-		return nil, "", err
-	}
-	clientCertSource, endpoint, err := dca.GetClientCertificateSourceAndEndpoint(settings)
-	if err != nil {
-		return nil, "", err
-	}
-	// TODO(cbro): consider injecting the User-Agent even if an explicit HTTP client is provided?
-	if settings.HTTPClient != nil {
-		return settings.HTTPClient, endpoint, nil
-	}
-	trans, err := newTransport(ctx, defaultBaseTransport(ctx, clientCertSource), settings)
-	if err != nil {
-		return nil, "", err
-	}
-	return &http.Client{Transport: trans}, endpoint, nil
-}
-
-// NewTransport creates an http.RoundTripper for use communicating with a Google
-// cloud service, configured with the given ClientOptions. Its RoundTrip method delegates to base.
-func NewTransport(ctx context.Context, base http.RoundTripper, opts ...option.ClientOption) (http.RoundTripper, error) {
-	settings, err := newSettings(opts)
-	if err != nil {
-		return nil, err
-	}
-	if settings.HTTPClient != nil {
-		return nil, errors.New("transport/http: WithHTTPClient passed to NewTransport")
-	}
-	return newTransport(ctx, base, settings)
-}
-
-func newTransport(ctx context.Context, base http.RoundTripper, settings *internal.DialSettings) (http.RoundTripper, error) {
-	paramTransport := &parameterTransport{
-		base:          base,
-		userAgent:     settings.UserAgent,
-		quotaProject:  settings.QuotaProject,
-		requestReason: settings.RequestReason,
-	}
-	var trans http.RoundTripper = paramTransport
-	trans = addOCTransport(trans, settings)
-	switch {
-	case settings.NoAuth:
-		// Do nothing.
-	case settings.APIKey != "":
-		trans = &transport.APIKey{
-			Transport: trans,
-			Key:       settings.APIKey,
-		}
-	default:
-		creds, err := internal.Creds(ctx, settings)
-		if err != nil {
-			return nil, err
-		}
-		if paramTransport.quotaProject == "" {
-			paramTransport.quotaProject = internal.QuotaProjectFromCreds(creds)
-		}
-
-		ts := creds.TokenSource
-		if settings.ImpersonationConfig == nil && settings.TokenSource != nil {
-			ts = settings.TokenSource
-		}
-		trans = &oauth2.Transport{
-			Base:   trans,
-			Source: ts,
-		}
-	}
-	return trans, nil
-}
-
-func newSettings(opts []option.ClientOption) (*internal.DialSettings, error) {
-	var o internal.DialSettings
-	for _, opt := range opts {
-		opt.Apply(&o)
-	}
-	if err := o.Validate(); err != nil {
-		return nil, err
-	}
-	if o.GRPCConn != nil {
-		return nil, errors.New("unsupported gRPC connection specified")
-	}
-	return &o, nil
-}
-
-type parameterTransport struct {
-	userAgent     string
-	quotaProject  string
-	requestReason string
-
-	base http.RoundTripper
-}
-
-func (t *parameterTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	rt := t.base
-	if rt == nil {
-		return nil, errors.New("transport: no Transport specified")
-	}
-	newReq := *req
-	newReq.Header = make(http.Header)
-	for k, vv := range req.Header {
-		newReq.Header[k] = vv
-	}
-	if t.userAgent != "" {
-		// TODO(cbro): append to existing User-Agent header?
-		newReq.Header.Set("User-Agent", t.userAgent)
-	}
-
-	// Attach system parameters into the header
-	if t.quotaProject != "" {
-		newReq.Header.Set("X-Goog-User-Project", t.quotaProject)
-	}
-	if t.requestReason != "" {
-		newReq.Header.Set("X-Goog-Request-Reason", t.requestReason)
-	}
-
-	return rt.RoundTrip(&newReq)
-}
-
-// Set at init time by dial_appengine.go. If nil, we're not on App Engine.
-var appengineUrlfetchHook func(context.Context) http.RoundTripper
-
-// defaultBaseTransport returns the base HTTP transport.
-// On App Engine, this is urlfetch.Transport.
-// Otherwise, use a default transport, taking most defaults from
-// http.DefaultTransport.
-// If TLSCertificate is available, set TLSClientConfig as well.
-func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source) http.RoundTripper {
-	if appengineUrlfetchHook != nil {
-		return appengineUrlfetchHook(ctx)
-	}
-
-	// Copy http.DefaultTransport except for MaxIdleConnsPerHost setting,
-	// which is increased due to reported performance issues under load in the GCS
-	// client. Transport.Clone is only available in Go 1.13 and up.
-	trans := clonedTransport(http.DefaultTransport)
-	if trans == nil {
-		trans = fallbackBaseTransport()
-	}
-	trans.MaxIdleConnsPerHost = 100
-
-	if clientCertSource != nil {
-		trans.TLSClientConfig = &tls.Config{
-			GetClientCertificate: clientCertSource,
-		}
-	}
-
-	// If possible, configure http2 transport in order to use ReadIdleTimeout
-	// setting. This can only be done in Go 1.16 and up.
-	configureHTTP2(trans)
-
-	return trans
-}
-
-// fallbackBaseTransport is used in <go1.13 as well as in the rare case if
-// http.DefaultTransport has been reassigned something that's not a
-// *http.Transport.
-func fallbackBaseTransport() *http.Transport {
-	return &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			DualStack: true,
-		}).DialContext,
-		MaxIdleConns:          100,
-		MaxIdleConnsPerHost:   100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-}
-
-func addOCTransport(trans http.RoundTripper, settings *internal.DialSettings) http.RoundTripper {
-	if settings.TelemetryDisabled {
-		return trans
-	}
-	return &ochttp.Transport{
-		Base:        trans,
-		Propagation: &propagation.HTTPFormat{},
-	}
-}

vendor/google.golang.org/api/transport/http/dial_appengine.go

@@ -1,21 +0,0 @@
-// Copyright 2016 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package http
-
-import (
-	"context"
-	"net/http"
-
-	"google.golang.org/appengine/urlfetch"
-)
-
-func init() {
-	appengineUrlfetchHook = func(ctx context.Context) http.RoundTripper {
-		return &urlfetch.Transport{Context: ctx}
-	}
-}

vendor/google.golang.org/api/transport/http/internal/propagation/http.go

@@ -1,87 +0,0 @@
-// Copyright 2018 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.8
-// +build go1.8
-
-// Package propagation implements X-Cloud-Trace-Context header propagation used
-// by Google Cloud products.
-package propagation
-
-import (
-	"encoding/binary"
-	"encoding/hex"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"go.opencensus.io/trace"
-	"go.opencensus.io/trace/propagation"
-)
-
-const (
-	httpHeaderMaxSize = 200
-	httpHeader        = `X-Cloud-Trace-Context`
-)
-
-var _ propagation.HTTPFormat = (*HTTPFormat)(nil)
-
-// HTTPFormat implements propagation.HTTPFormat to propagate
-// traces in HTTP headers for Google Cloud Platform and Stackdriver Trace.
-type HTTPFormat struct{}
-
-// SpanContextFromRequest extracts a Stackdriver Trace span context from incoming requests.
-func (f *HTTPFormat) SpanContextFromRequest(req *http.Request) (sc trace.SpanContext, ok bool) {
-	h := req.Header.Get(httpHeader)
-	// See https://cloud.google.com/trace/docs/faq for the header HTTPFormat.
-	// Return if the header is empty or missing, or if the header is unreasonably
-	// large, to avoid making unnecessary copies of a large string.
-	if h == "" || len(h) > httpHeaderMaxSize {
-		return trace.SpanContext{}, false
-	}
-
-	// Parse the trace id field.
-	slash := strings.Index(h, `/`)
-	if slash == -1 {
-		return trace.SpanContext{}, false
-	}
-	tid, h := h[:slash], h[slash+1:]
-
-	buf, err := hex.DecodeString(tid)
-	if err != nil {
-		return trace.SpanContext{}, false
-	}
-	copy(sc.TraceID[:], buf)
-
-	// Parse the span id field.
-	spanstr := h
-	semicolon := strings.Index(h, `;`)
-	if semicolon != -1 {
-		spanstr, h = h[:semicolon], h[semicolon+1:]
-	}
-	sid, err := strconv.ParseUint(spanstr, 10, 64)
-	if err != nil {
-		return trace.SpanContext{}, false
-	}
-	binary.BigEndian.PutUint64(sc.SpanID[:], sid)
-
-	// Parse the options field, options field is optional.
-	if !strings.HasPrefix(h, "o=") {
-		return sc, true
-	}
-	o, err := strconv.ParseUint(h[2:], 10, 64)
-	if err != nil {
-		return trace.SpanContext{}, false
-	}
-	sc.TraceOptions = trace.TraceOptions(o)
-	return sc, true
-}
-
-// SpanContextToRequest modifies the given request to include a Stackdriver Trace header.
-func (f *HTTPFormat) SpanContextToRequest(sc trace.SpanContext, req *http.Request) {
-	sid := binary.BigEndian.Uint64(sc.SpanID[:])
-	header := fmt.Sprintf("%s/%d;o=%d", hex.EncodeToString(sc.TraceID[:]), sid, int64(sc.TraceOptions))
-	req.Header.Set(httpHeader, header)
-}

vendor/google.golang.org/api/transport/internal/dca/dca.go

@@ -1,143 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package dca contains utils for implementing Device Certificate
-// Authentication according to https://google.aip.dev/auth/4114
-//
-// The overall logic for DCA is as follows:
-// 1. If both endpoint override and client certificate are specified, use them as is.
-// 2. If user does not specify client certificate, we will attempt to use default
-//    client certificate.
-// 3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if
-//    client certificate is available and defaultEndpoint otherwise.
-//
-// Implications of the above logic:
-// 1. If the user specifies a non-mTLS endpoint override but client certificate is
-//    available, we will pass along the cert anyway and let the server decide what to do.
-// 2. If the user specifies an mTLS endpoint override but client certificate is not
-//    available, we will not fail-fast, but let backend throw error when connecting.
-//
-// We would like to avoid introducing client-side logic that parses whether the
-// endpoint override is an mTLS url, since the url pattern may change at anytime.
-//
-// This package is not intended for use by end developers. Use the
-// google.golang.org/api/option package to configure API clients.
-package dca
-
-import (
-	"net/url"
-	"os"
-	"strings"
-
-	"google.golang.org/api/internal"
-	"google.golang.org/api/transport/cert"
-)
-
-const (
-	mTLSModeAlways = "always"
-	mTLSModeNever  = "never"
-	mTLSModeAuto   = "auto"
-)
-
-// GetClientCertificateSourceAndEndpoint is a convenience function that invokes
-// getClientCertificateSource and getEndpoint sequentially and returns the client
-// cert source and endpoint as a tuple.
-func GetClientCertificateSourceAndEndpoint(settings *internal.DialSettings) (cert.Source, string, error) {
-	clientCertSource, err := getClientCertificateSource(settings)
-	if err != nil {
-		return nil, "", err
-	}
-	endpoint, err := getEndpoint(settings, clientCertSource)
-	if err != nil {
-		return nil, "", err
-	}
-	return clientCertSource, endpoint, nil
-}
-
-// getClientCertificateSource returns a default client certificate source, if
-// not provided by the user.
-//
-// A nil default source can be returned if the source does not exist. Any exceptions
-// encountered while initializing the default source will be reported as client
-// error (ex. corrupt metadata file).
-//
-// Important Note: For now, the environment variable GOOGLE_API_USE_CLIENT_CERTIFICATE
-// must be set to "true" to allow certificate to be used (including user provided
-// certificates). For details, see AIP-4114.
-func getClientCertificateSource(settings *internal.DialSettings) (cert.Source, error) {
-	if !isClientCertificateEnabled() {
-		return nil, nil
-	} else if settings.ClientCertSource != nil {
-		return settings.ClientCertSource, nil
-	} else {
-		return cert.DefaultSource()
-	}
-}
-
-func isClientCertificateEnabled() bool {
-	useClientCert := os.Getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")
-	// TODO(andyrzhao): Update default to return "true" after DCA feature is fully released.
-	return strings.ToLower(useClientCert) == "true"
-}
-
-// getEndpoint returns the endpoint for the service, taking into account the
-// user-provided endpoint override "settings.Endpoint".
-//
-// If no endpoint override is specified, we will either return the default endpoint or
-// the default mTLS endpoint if a client certificate is available.
-//
-// You can override the default endpoint choice (mtls vs. regular) by setting the
-// GOOGLE_API_USE_MTLS_ENDPOINT environment variable.
-//
-// If the endpoint override is an address (host:port) rather than full base
-// URL (ex. https://...), then the user-provided address will be merged into
-// the default endpoint. For example, WithEndpoint("myhost:8000") and
-// WithDefaultEndpoint("https://foo.com/bar/baz") will return "https://myhost:8080/bar/baz"
-func getEndpoint(settings *internal.DialSettings, clientCertSource cert.Source) (string, error) {
-	if settings.Endpoint == "" {
-		mtlsMode := getMTLSMode()
-		if mtlsMode == mTLSModeAlways || (clientCertSource != nil && mtlsMode == mTLSModeAuto) {
-			return settings.DefaultMTLSEndpoint, nil
-		}
-		return settings.DefaultEndpoint, nil
-	}
-	if strings.Contains(settings.Endpoint, "://") {
-		// User passed in a full URL path, use it verbatim.
-		return settings.Endpoint, nil
-	}
-	if settings.DefaultEndpoint == "" {
-		// If DefaultEndpoint is not configured, use the user provided endpoint verbatim.
-		// This allows a naked "host[:port]" URL to be used with GRPC Direct Path.
-		return settings.Endpoint, nil
-	}
-
-	// Assume user-provided endpoint is host[:port], merge it with the default endpoint.
-	return mergeEndpoints(settings.DefaultEndpoint, settings.Endpoint)
-}
-
-func getMTLSMode() string {
-	mode := os.Getenv("GOOGLE_API_USE_MTLS_ENDPOINT")
-	if mode == "" {
-		mode = os.Getenv("GOOGLE_API_USE_MTLS") // Deprecated.
-	}
-	if mode == "" {
-		return mTLSModeAuto
-	}
-	return strings.ToLower(mode)
-}
-
-func mergeEndpoints(baseURL, newHost string) (string, error) {
-	u, err := url.Parse(fixScheme(baseURL))
-	if err != nil {
-		return "", err
-	}
-	return strings.Replace(baseURL, u.Host, newHost, 1), nil
-}
-
-func fixScheme(baseURL string) string {
-	if !strings.Contains(baseURL, "://") {
-		return "https://" + baseURL
-	}
-	return baseURL
-}