feat: gitea client

GEMINI.md

@@ -0,0 +1,77 @@
+# Pierre Bot
+
+Pierre Bot is an intelligent, AI-powered code review assistant designed for Bitbucket Server/Data Center. It automates the initial pass of code review by analyzing Pull Request diffs and identifying potential bugs, logic errors, and style issues using modern LLMs (Google Gemini 2.0 Flash or Ollama).
+
+## Project Overview
+
+*   **Type:** Go CLI Application
+*   **Core Function:** Fetches PR diffs from Bitbucket -> Sends to LLM -> Prints structured review comments.
+*   **Key Technologies:**
+    *   **Language:** Go (1.25+)
+    *   **AI SDKs:** `google/generative-ai-go`, `ollama/ollama`
+    *   **CLI Framework:** `alecthomas/kong`
+
+## Architecture
+
+The project follows a standard Go project layout:
+
+*   **`cmd/pierre/`**: Contains the `main.go` entry point. It handles configuration parsing (flags, env vars, file), initializes adapters, and orchestrates the application flow.
+*   **`internal/pierre/`**: Contains the core business logic.
+    *   `judge.go`: Defines the `JudgePR` function which prepares the system prompt and context for the LLM.
+*   **`internal/chatter/`**: Abstraction layer for LLM providers.
+    *   `gemini.go`: Implements the `ChatAdapter` interface for Google Gemini. notably includes **dynamic JSON schema generation** via reflection (`schemaFromType`) to enforce structured output from the model.
+    *   `ollama.go`: Implements the `ChatAdapter` for Ollama (local models).
+*   **`internal/gitadapters/`**: Abstraction for Version Control Systems.
+    *   `bitbucket.go`: Client for fetching PR diffs from Bitbucket Server.
+
+## Building and Running
+
+### Prerequisites
+
+*   Go 1.25 or later
+*   Access to a Bitbucket Server instance
+*   API Key for Google Gemini (or a running Ollama instance)
+
+### Build
+
+```bash
+go build -o pierre ./cmd/pierre/main.go
+```
+
+### Configuration
+
+Configuration is handled via `kong` and supports a hierarchy: **Flags > Env Vars > Config File**.
+
+**1. Environment Variables:**
+
+*   `BITBUCKET_URL`: Base URL of the Bitbucket instance.
+*   `BITBUCKET_TOKEN`: Personal Access Token (HTTP) for Bitbucket.
+*   `LLM_PROVIDER`: `gemini` or `ollama`.
+*   `LLM_API_KEY`: API Key for Gemini.
+*   `LLM_MODEL`: Model name (e.g., `gemini-2.0-flash`).
+
+**2. Configuration File (`config.yaml`):**
+
+See `config.example.yaml` for a template. Place it in the current directory or `~/.pierre.yaml`.
+
+### Usage
+
+Run the bot against a specific Pull Request:
+
+```bash
+# Syntax: ./pierre [flags] <PROJECT_KEY> <REPO_SLUG> <PR_ID>
+./pierre --llm-provider=gemini --llm-model=gemini-2.0-flash MYPROJ my-repo 123
+```
+
+## Development Conventions
+
+*   **Structured Output:** The bot relies on the LLM returning valid JSON matching the `Comment` struct. This is enforced in `internal/chatter/gemini.go` by converting the Go struct definition into a `genai.Schema`.
+*   **Dependency Injection:** Adapters (`gitadapters`, `chatter`) are initialized in `main` and passed to the core logic, making testing easier.
+*   **Error Handling:** strict error checks are preferred; the bot will exit if it cannot fetch the diff or initialize the AI.
+
+## Key Files
+
+*   **`cmd/pierre/main.go`**: Application entry point and config wiring.
+*   **`internal/pierre/judge.go`**: The "brain" that constructs the prompt for the AI.
+*   **`internal/chatter/gemini.go`**: Gemini integration logic, including the reflection-based schema generator.
+*   **`config.example.yaml`**: Reference configuration file.

cmd/pierre/main.go

@@ -2,24 +2,31 @@ package main
 
 import (
 	"context"
-	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 
 	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/chatter"
 	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/gitadapters"
+	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/gitadapters/gitea"
 	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/pierre"
 	"github.com/alecthomas/kong"
 	kongyaml "github.com/alecthomas/kong-yaml"
 )
 
 type BitbucketConfig struct {
-	BaseURL string `help:"Bitbucket Base URL (e.g. https://bitbucket.example.com)" required:"" env:"BITBUCKET_URL"`
+	BaseURL string `help:"Bitbucket Base URL (e.g. https://bitbucket.example.com)" env:"BITBUCKET_URL"`
 	Token   string `help:"Bearer Token" env:"BITBUCKET_TOKEN"`
-	// Positional arguments
+}
-	Project string `arg:"" help:"Project Key (e.g. PROJ)" env:"BITBUCKET_PROJECT"`
+
-	Repo    string `arg:"" help:"Repository Slug" env:"BITBUCKET_REPO"`
+type GiteaConfig struct {
+	BaseURL string `help:"Gitea Base URL (e.g. https://gitea.com)" env:"GITEA_URL"`
+	Token   string `help:"API Token" env:"GITEA_TOKEN"`
+}
+
+type RepoArgs struct {
+	Owner string `arg:"" help:"Project Key or Owner" env:"PIERRE_OWNER"`
+	Repo  string `arg:"" help:"Repository Slug" env:"PIERRE_REPO"`
 	PRID  int    `arg:"" help:"Pull Request ID" name:"pr"`
 }
 
@@ -31,7 +38,10 @@ type LLMConfig struct {
 }
 
 type Config struct {
+	GitProvider string          `help:"Git provider (bitbucket or gitea)" env:"GIT_PROVIDER"`
 	Bitbucket   BitbucketConfig `embed:"" prefix:"bitbucket-"`
+	Gitea       GiteaConfig     `embed:"" prefix:"gitea-"`
+	Repo        RepoArgs        `embed:""`
 	LLM         LLMConfig       `embed:"" prefix:"llm-"`
 	Config      kong.ConfigFlag `help:"Path to a YAML config file"`
 }
@@ -48,22 +58,46 @@ func main() {
 	// Parse flags, env vars, and config files
 	kong.Parse(cfg,
 		kong.Name("pierre"),
-		kong.Description("AI-powered Pull Request reviewer for Bitbucket"),
+		kong.Description("AI-powered Pull Request reviewer"),
 		kong.UsageOnError(),
 		kong.Configuration(kongyaml.Loader, "config.yaml", defaultConfig),
 	)
 
-	// Initialize Bitbucket Adapter
+	// Auto-detect provider
-	bitbucket := gitadapters.NewBitbucket(cfg.Bitbucket.BaseURL, cfg.Bitbucket.Token)
+	provider := cfg.GitProvider
+	if provider == "" {
+		if cfg.Bitbucket.BaseURL != "" && cfg.Gitea.BaseURL == "" {
+			provider = "bitbucket"
+		} else if cfg.Gitea.BaseURL != "" && cfg.Bitbucket.BaseURL == "" {
+			provider = "gitea"
+		} else if cfg.Bitbucket.BaseURL != "" && cfg.Gitea.BaseURL != "" {
+			log.Fatal("Multiple git providers configured. Please specify one using --git-provider.")
+		} else {
+			log.Fatal("No git provider configured. Please provide Bitbucket or Gitea configuration.")
+		}
+	}
 
-	// Fetch Diff using positional args
+	var git pierre.GitAdapter
-	diff, err := bitbucket.GetDiff(cfg.Bitbucket.Project, cfg.Bitbucket.Repo, cfg.Bitbucket.PRID)
+
+	switch provider {
+	case "bitbucket":
+		if cfg.Bitbucket.BaseURL == "" {
+			log.Fatal("Bitbucket Base URL is required when using bitbucket provider.")
+		}
+		git = gitadapters.NewBitbucket(cfg.Bitbucket.BaseURL, cfg.Bitbucket.Token)
+	case "gitea":
+		if cfg.Gitea.BaseURL == "" {
+			log.Fatal("Gitea Base URL is required when using gitea provider.")
+		}
+		git, err = gitea.New(cfg.Gitea.BaseURL, cfg.Gitea.Token)
 		if err != nil {
-		log.Fatalf("Error fetching diff: %v", err)
+			log.Fatalf("Error initializing Gitea adapter: %v", err)
+		}
+	default:
+		log.Fatalf("Unknown git provider: %s", provider)
 	}
 
 	// Initialize AI Adapter
-
 	var ai pierre.ChatAdapter
 
 	switch cfg.LLM.Provider {
@@ -79,16 +113,6 @@ func main() {
 		log.Fatalf("Error initializing AI: %v", err)
 	}
 
-	// Run Logic
+	pierreService := pierre.New(ai, git)
-	comments, err := pierre.JudgePR(context.Background(), ai, diff)
+	pierreService.MakeReview(context.Background(), cfg.Repo.Owner, cfg.Repo.Repo, cfg.Repo.PRID)
-	if err != nil {
-		log.Fatalf("Error judging PR: %v", err)
-	}
-
-	fmt.Printf("Analysis complete. Found %d issues.\n---\n", len(comments))
-
-	for _, c := range comments {
-		fmt.Printf("File: %s\nLine: %d\nMessage: %s\n%s\n",
-			c.File, c.Line, c.Message, "---")
-	}
 }

config.example.yaml

@@ -1,10 +1,17 @@
+git-provider: "bitbucket" # Optional if only one is configured (bitbucket or gitea)
+
 bitbucket:
   base-url: "https://bitbucket.your-org.ch"
   token: "BMTY4OTU0NjU3OTo..."
-  # Positional defaults (optional)
+
-  project: "APP"
+gitea:
-  repo: "api-gateway"
+  base-url: "https://gitea.com"
-  prid: 45
+  token: "your-gitea-token"
+
+# Shared positional defaults (optional)
+owner: "APP"
+repo: "api-gateway"
+prid: 45
 
 llm:
   provider: "gemini"

go.mod

@@ -3,6 +3,9 @@ module bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot
 go 1.25.0
 
 require (
+	code.gitea.io/sdk/gitea v0.23.2
+	github.com/alecthomas/kong v1.14.0
+	github.com/alecthomas/kong-yaml v0.2.0
 	github.com/google/generative-ai-go v0.20.1
 	github.com/ollama/ollama v0.16.0
 	google.golang.org/api v0.186.0
@@ -15,11 +18,12 @@ require (
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	cloud.google.com/go/longrunning v0.5.7 // indirect
-	github.com/alecthomas/kong v1.14.0 // indirect
+	github.com/42wim/httpsig v1.2.3 // indirect
-	github.com/alecthomas/kong-yaml v0.2.0 // indirect
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
+	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -28,7 +32,7 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
-	github.com/invopop/jsonschema v0.13.0 // indirect
+	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
 	go.opencensus.io v0.24.0 // indirect

go.sum

@@ -11,11 +11,19 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU=
 cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng=
+code.gitea.io/sdk/gitea v0.23.2 h1:iJB1FDmLegwfwjX8gotBDHdPSbk/ZR8V9VmEJaVsJYg=
+code.gitea.io/sdk/gitea v0.23.2/go.mod h1:yyF5+GhljqvA30sRDreoyHILruNiy4ASufugzYg0VHM=
+github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs=
+github.com/42wim/httpsig v1.2.3/go.mod h1:nZq9OlYKDrUBhptd77IHx4/sZZD+IxTBADvAPI9G/EM=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
+github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/kong v1.14.0 h1:gFgEUZWu2ZmZ+UhyZ1bDhuutbKN1nTtJTwh19Wsn21s=
 github.com/alecthomas/kong v1.14.0/go.mod h1:wrlbXem1CWqUV5Vbmss5ISYhsVPkBb1Yo7YKJghju2I=
 github.com/alecthomas/kong-yaml v0.2.0 h1:iiVVqVttmOsHKawlaW/TljPsjaEv1O4ODx6dloSA58Y=
 github.com/alecthomas/kong-yaml v0.2.0/go.mod h1:vMvOIy+wpB49MCZ0TA3KMts38Mu9YfRP03Q1StN69/g=
+github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
+github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
 github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
@@ -26,12 +34,16 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0=
+github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
+github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -72,9 +84,15 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA=
 github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
-github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
+github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
-github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
+github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/ollama/ollama v0.16.0 h1:wDrjgZvx+ej1iYrD//q7crGRA4b4482WZodRYc7oQTI=
@@ -106,6 +124,7 @@ go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2L
 go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
 golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -118,6 +137,7 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
 golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -132,8 +152,10 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
 golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -177,9 +199,9 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/gitadapters/baseadapter/rest.go

@@ -0,0 +1,31 @@
+package baseadapter
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+)
+
+type Rest struct {
+	baseURL     string
+	bearerToken string
+}
+
+func (b *Rest) createRequest(method string, body io.Reader, path ...string) (r *http.Request, err error) {
+	target, err := url.JoinPath(b.baseURL, path...)
+	if err != nil {
+		err = fmt.Errorf("can not parse path: %w", err)
+		return
+	}
+	req, err := http.NewRequest(method, target, body)
+	if err != nil {
+		return nil, err
+	}
+
+	if b.bearerToken != "" {
+		req.Header.Set("Authorization", "Bearer "+b.bearerToken)
+	}
+
+	return req, nil
+}

internal/gitadapters/bitbucket.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+
+	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/pierre"
 )
 
 type BitbucketAdapter struct {
@@ -36,3 +38,9 @@ func (b *BitbucketAdapter) GetDiff(projectKey, repositorySlug string, pullReques
 	diff = response.Body
 	return
 }
+
+func (b *BitbucketAdapter) AddComment(projectKey, repositorySlug string, pullRequestID int, comment pierre.Comment) error {
+	fmt.Printf("[MOCK BITBUCKET] Adding comment to PR %s/%s #%d: %s at %s:%d\n",
+		projectKey, repositorySlug, pullRequestID, comment.Message, comment.File, comment.Line)
+	return nil
+}

internal/gitadapters/gitea/adapter.go

@@ -0,0 +1,46 @@
+package gitea
+
+import (
+	"bytes"
+	"io"
+
+	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/pierre"
+	"code.gitea.io/sdk/gitea"
+)
+
+type Adapter struct {
+	client *gitea.Client
+}
+
+func New(baseURL, token string) (*Adapter, error) {
+	client, err := gitea.NewClient(baseURL, gitea.SetToken(token))
+	if err != nil {
+		return nil, err
+	}
+	return &Adapter{
+		client: client,
+	}, nil
+}
+
+func (g *Adapter) GetDiff(owner, repo string, prID int) (io.Reader, error) {
+	diff, _, err := g.client.GetPullRequestDiff(owner, repo, int64(prID), gitea.PullRequestDiffOptions{})
+	if err != nil {
+		return nil, err
+	}
+	return bytes.NewReader(diff), nil
+}
+
+func (g *Adapter) AddComment(owner, repo string, prID int, comment pierre.Comment) error {
+	opts := gitea.CreatePullReviewOptions{
+		State: gitea.ReviewStateComment,
+		Comments: []gitea.CreatePullReviewComment{
+			{
+				Path:       comment.File,
+				Body:       comment.Message,
+				NewLineNum: int64(comment.Line),
+			},
+		},
+	}
+	_, _, err := g.client.CreatePullReview(owner, repo, int64(prID), opts)
+	return err
+}

internal/gitadapters/resource.go

@@ -1 +0,0 @@
-package gitadapters

internal/pierre/judge.go

@@ -14,28 +14,24 @@ type Comment struct {
 	Message string `json:"message"`
 }
 
-type ChatAdapter interface {
+func (s *Service) judgePR(ctx context.Context, diff io.Reader) (comments []Comment, err error) {
-	GenerateStructured(ctx context.Context, messages []chatter.Message, target interface{}) error
-}
-
-func JudgePR(ctx context.Context, chat ChatAdapter, diff io.Reader) (comments []Comment, err error) {
 	diffBytes, err := io.ReadAll(diff)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read diff: %w", err)
 	}
-	err = chat.GenerateStructured(ctx, []chatter.Message{
+	err = s.chat.GenerateStructured(ctx, []chatter.Message{
 		{
 			Role: chatter.RoleSystem,
 			Content: `
 				You are a very strict senior software architect.
-				You review **only** newly added or modified lines in a unified diff (lines prefixed with “+”), together with the immediate hunk context.
+				You review **only** newly added or modified lines in a unified diff, together with the immediate hunk context.
 				You do **not** report issues that appear **solely** in deleted lines (“-”) or that have already been fixed by the change.
 				No comments are made on pure formatting/whitespace changes or reordering that does not alter the program’s behavior.
 			`,
 		},
 		{
 			Role:    chatter.RoleUser,
-			Content: fmt.Sprintf("Hello please review my PR.\n Here is the git diff of it: %s", string(diffBytes)),
+			Content: fmt.Sprintf("Hello please review my PR. Write comments where improvements are necessary in new lines.\n Here is the git diff of it: %s", string(diffBytes)),
 		},
 	}, &comments)
 

internal/pierre/resource.go

@@ -0,0 +1,29 @@
+package pierre
+
+import (
+	"context"
+	"io"
+
+	"bitbucket.bit.admin.ch/scm/~u80859501/pierre-bot/internal/chatter"
+)
+
+type Service struct {
+	git  GitAdapter
+	chat ChatAdapter
+}
+
+func New(chat ChatAdapter, git GitAdapter) *Service {
+	return &Service{
+		git:  git,
+		chat: chat,
+	}
+}
+
+type GitAdapter interface {
+	GetDiff(owner, repo string, prID int) (io.Reader, error)
+	AddComment(owner, repo string, prID int, comment Comment) error
+}
+
+type ChatAdapter interface {
+	GenerateStructured(ctx context.Context, messages []chatter.Message, target interface{}) error
+}

internal/pierre/review.go

@@ -0,0 +1,34 @@
+package pierre
+
+import (
+	"context"
+	"fmt"
+	"log"
+)
+
+func (s *Service) MakeReview(ctx context.Context, organisation string, repo string, prID int) error {
+	// Fetch Diff using positional args from shared RepoArgs
+	diff, err := s.git.GetDiff(organisation, repo, prID)
+	if err != nil {
+		log.Fatalf("Error fetching diff: %v", err)
+	}
+
+	// Run Logic
+	comments, err := s.judgePR(context.Background(), diff)
+	if err != nil {
+		log.Fatalf("Error judging PR: %v", err)
+	}
+
+	fmt.Printf("Analysis complete. Found %d issues.\n---\n", len(comments))
+
+	for _, c := range comments {
+		fmt.Printf("File: %s\nLine: %d\nMessage: %s\n%s\n",
+			c.File, c.Line, c.Message, "---")
+
+		if err := s.git.AddComment(organisation, repo, prID, c); err != nil {
+			log.Printf("Failed to add comment: %v", err)
+		}
+	}
+
+	return nil
+}

vendor/cloud.google.com/go/.gitignore

@@ -0,0 +1,12 @@
+# Editors
+.idea
+.vscode
+*.swp
+.history
+
+# Test files
+*.test
+coverage.txt
+
+# Other
+.DS_Store

vendor/cloud.google.com/go/.release-please-manifest-individual.json

@@ -0,0 +1,18 @@
+{
+  "ai": "0.6.0",
+  "aiplatform": "1.68.0",
+  "auth": "0.5.1",
+  "auth/oauth2adapt": "0.2.2",
+  "bigquery": "1.61.0",
+  "bigtable": "1.24.0",
+  "datastore": "1.17.1",
+  "errorreporting": "0.3.0",
+  "firestore": "1.15.0",
+  "logging": "1.10.0",
+  "profiler": "0.4.0",
+  "pubsub": "1.38.0",
+  "pubsublite": "1.8.2",
+  "spanner": "1.63.0",
+  "storage": "1.42.0",
+  "vertexai": "0.11.0"
+}

vendor/cloud.google.com/go/.release-please-manifest-submodules.json

@@ -0,0 +1,148 @@
+{
+    "accessapproval": "1.7.7",
+    "accesscontextmanager": "1.8.7",
+    "advisorynotifications": "1.4.1",
+    "alloydb": "1.10.2",
+    "analytics": "0.23.2",
+    "apigateway": "1.6.7",
+    "apigeeconnect": "1.6.7",
+    "apigeeregistry": "0.8.5",
+    "apikeys": "1.1.7",
+    "appengine": "1.8.7",
+    "apphub": "0.1.1",
+    "apps": "0.4.2",
+    "area120": "0.8.7",
+    "artifactregistry": "1.14.9",
+    "asset": "1.19.1",
+    "assuredworkloads": "1.11.7",
+    "automl": "1.13.7",
+    "backupdr": "0.1.1",
+    "baremetalsolution": "1.2.6",
+    "batch": "1.8.7",
+    "beyondcorp": "1.0.6",
+    "billing": "1.18.5",
+    "binaryauthorization": "1.8.3",
+    "certificatemanager": "1.8.1",
+    "channel": "1.17.7",
+    "chat": "0.1.1",
+    "cloudbuild": "1.16.1",
+    "cloudcontrolspartner": "0.2.1",
+    "clouddms": "1.7.6",
+    "cloudprofiler": "0.3.2",
+    "cloudquotas": "0.2.1",
+    "cloudtasks": "1.12.8",
+    "commerce": "1.0.0",
+    "compute": "1.27.0",
+    "compute/metadata": "0.3.0",
+    "confidentialcomputing": "1.5.1",
+    "config": "1.0.0",
+    "contactcenterinsights": "1.13.2",
+    "container": "1.37.0",
+    "containeranalysis": "0.11.6",
+    "datacatalog": "1.20.1",
+    "dataflow": "0.9.7",
+    "dataform": "0.9.4",
+    "datafusion": "1.7.7",
+    "datalabeling": "0.8.7",
+    "dataplex": "1.16.0",
+    "dataproc": "2.4.2",
+    "dataqna": "0.8.7",
+    "datastream": "1.10.6",
+    "deploy": "1.19.0",
+    "developerconnect": "0.0.0",
+    "dialogflow": "1.54.0",
+    "discoveryengine": "1.8.0",
+    "dlp": "1.14.0",
+    "documentai": "1.30.0",
+    "domains": "0.9.7",
+    "edgecontainer": "1.2.1",
+    "edgenetwork": "0.2.4",
+    "essentialcontacts": "1.6.8",
+    "eventarc": "1.13.6",
+    "filestore": "1.8.3",
+    "functions": "1.16.2",
+    "gkebackup": "1.5.0",
+    "gkeconnect": "0.8.7",
+    "gkehub": "0.14.7",
+    "gkemulticloud": "1.2.0",
+    "grafeas": "0.3.6",
+    "gsuiteaddons": "1.6.7",
+    "iam": "1.1.8",
+    "iap": "1.9.6",
+    "identitytoolkit": "0.0.0",
+    "ids": "1.4.7",
+    "iot": "1.7.7",
+    "kms": "1.17.1",
+    "language": "1.12.5",
+    "lifesciences": "0.9.7",
+    "longrunning": "0.5.7",
+    "managedidentities": "1.6.7",
+    "managedkafka": "0.1.0",
+    "maps": "1.11.1",
+    "mediatranslation": "0.8.7",
+    "memcache": "1.10.7",
+    "metastore": "1.13.6",
+    "migrationcenter": "1.0.0",
+    "monitoring": "1.19.0",
+    "netapp": "1.1.0",
+    "networkconnectivity": "1.14.6",
+    "networkmanagement": "1.13.2",
+    "networksecurity": "0.9.7",
+    "networkservices": "0.1.1",
+    "notebooks": "1.11.5",
+    "optimization": "1.6.5",
+    "orchestration": "1.9.2",
+    "orgpolicy": "1.12.3",
+    "osconfig": "1.12.7",
+    "oslogin": "1.13.3",
+    "parallelstore": "0.3.0",
+    "phishingprotection": "0.8.7",
+    "policysimulator": "0.2.5",
+    "policytroubleshooter": "1.10.5",
+    "privatecatalog": "0.9.7",
+    "rapidmigrationassessment": "1.0.7",
+    "recaptchaenterprise": "2.13.0",
+    "recommendationengine": "0.8.7",
+    "recommender": "1.12.3",
+    "redis": "1.16.0",
+    "resourcemanager": "1.9.7",
+    "resourcesettings": "1.7.0",
+    "retail": "1.17.0",
+    "run": "1.3.7",
+    "scheduler": "1.10.8",
+    "secretmanager": "1.13.1",
+    "securesourcemanager": "0.1.5",
+    "security": "1.17.0",
+    "securitycenter": "1.30.0",
+    "securitycentermanagement": "0.2.1",
+    "securityposture": "0.1.3",
+    "servicecontrol": "1.13.2",
+    "servicedirectory": "1.11.7",
+    "servicehealth": "1.0.0",
+    "servicemanagement": "1.9.8",
+    "serviceusage": "1.8.6",
+    "shell": "1.7.7",
+    "shopping": "0.8.1",
+    "speech": "1.23.1",
+    "storageinsights": "1.0.7",
+    "storagetransfer": "1.10.6",
+    "streetview": "0.1.0",
+    "support": "1.0.6",
+    "talent": "1.6.8",
+    "telcoautomation": "0.2.2",
+    "texttospeech": "1.7.7",
+    "tpu": "1.6.7",
+    "trace": "1.10.7",
+    "translate": "1.10.3",
+    "video": "1.21.0",
+    "videointelligence": "1.11.7",
+    "vision": "2.8.2",
+    "visionai": "0.2.0",
+    "vmmigration": "1.7.7",
+    "vmwareengine": "1.1.3",
+    "vpcaccess": "1.7.7",
+    "webrisk": "1.9.7",
+    "websecurityscanner": "1.6.7",
+    "workflows": "1.12.6",
+    "workstations": "1.0.0"
+}

vendor/cloud.google.com/go/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.115.0"
+}

vendor/cloud.google.com/go/CODE_OF_CONDUCT.md

@@ -0,0 +1,44 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project,
+and in the interest of fostering an open and welcoming community,
+we pledge to respect all people who contribute through reporting issues,
+posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project
+a harassment-free experience for everyone,
+regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information,
+such as physical or electronic
+addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct.
+By adopting this Code of Conduct,
+project maintainers commit themselves to fairly and consistently
+applying these principles to every aspect of managing this project.
+Project maintainers who do not follow or enforce the Code of Conduct
+may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior
+may be reported by opening an issue
+or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0,
+available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
+

vendor/cloud.google.com/go/CONTRIBUTING.md

@@ -0,0 +1,364 @@
+# Contributing
+
+1. [File an issue](https://github.com/googleapis/google-cloud-go/issues/new/choose).
+   The issue will be used to discuss the bug or feature and should be created
+   before sending a PR.
+
+1. [Install Go](https://golang.org/dl/).
+    1. Ensure that your `GOBIN` directory (by default `$(go env GOPATH)/bin`)
+    is in your `PATH`.
+    1. Check it's working by running `go version`.
+        * If it doesn't work, check the install location, usually
+        `/usr/local/go`, is on your `PATH`.
+
+1. Sign one of the
+[contributor license agreements](#contributor-license-agreements) below.
+
+1. Clone the repo:
+    `git clone https://github.com/googleapis/google-cloud-go`
+
+1. Change into the checked out source:
+    `cd google-cloud-go`
+
+1. Fork the repo.
+
+1. Set your fork as a remote:
+    `git remote add fork git@github.com:GITHUB_USERNAME/google-cloud-go.git`
+
+1. Make changes, commit to your fork.
+
+   Commit messages should follow the
+   [Conventional Commits Style](https://www.conventionalcommits.org). The scope
+   portion should always be filled with the name of the package affected by the
+   changes being made. For example:
+   ```
+   feat(functions): add gophers codelab
+   ```
+
+1. Send a pull request with your changes.
+
+   To minimize friction, consider setting `Allow edits from maintainers` on the
+   PR, which will enable project committers and automation to update your PR.
+
+1. A maintainer will review the pull request and make comments.
+
+   Prefer adding additional commits over amending and force-pushing since it can
+   be difficult to follow code reviews when the commit history changes.
+
+   Commits will be squashed when they're merged.
+
+## Policy on new dependencies
+
+While the Go ecosystem is rich with useful modules, in this project we try to
+minimize the number of direct dependencies we have on modules that are not
+Google-owned.
+
+Adding new third party dependencies can have the following effects:
+* broadens the vulnerability surface
+* increases so called "vanity" import routing infrastructure failure points
+* increases complexity of our own [`third_party`][] imports 
+
+So if you are contributing, please either contribute the full implementation
+directly, or find a Google-owned project that provides the functionality. Of
+course, there may be exceptions to this rule, but those should be well defined
+and agreed upon by the maintainers ahead of time.
+
+## Testing
+
+We test code against two versions of Go, the minimum and maximum versions
+supported by our clients. To see which versions these are checkout our
+[README](README.md#supported-versions).
+
+### Integration Tests
+
+In addition to the unit tests, you may run the integration test suite. These
+directions describe setting up your environment to run integration tests for
+_all_ packages: note that many of these instructions may be redundant if you
+intend only to run integration tests on a single package.
+
+#### GCP Setup
+
+To run the integrations tests, creation and configuration of three projects in
+the Google Developers Console is required: one specifically for Firestore
+integration tests, one specifically for Bigtable integration tests, and another 
+for all other integration tests. We'll refer to these projects as 
+"Firestore project", "Bigtable project" and "general project".
+
+Note: You can skip setting up Bigtable project if you do not plan working on or running a few Bigtable
+tests that require a secondary project
+
+After creating each project, you must [create a service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount)
+for each project. Ensure the project-level **Owner**
+[IAM role](https://console.cloud.google.com/iam-admin/iam/project) role is added to
+each service account. During the creation of the service account, you should
+download the JSON credential file for use later.
+
+Next, ensure the following APIs are enabled in the general project:
+
+- BigQuery API
+- BigQuery Data Transfer API
+- Cloud Dataproc API
+- Cloud Dataproc Control API Private
+- Cloud Datastore API
+- Cloud Firestore API
+- Cloud Key Management Service (KMS) API
+- Cloud Natural Language API
+- Cloud OS Login API
+- Cloud Pub/Sub API
+- Cloud Resource Manager API
+- Cloud Spanner API
+- Cloud Speech API
+- Cloud Translation API
+- Cloud Video Intelligence API
+- Cloud Vision API
+- Compute Engine API
+- Compute Engine Instance Group Manager API
+- Container Registry API
+- Firebase Rules API
+- Google Cloud APIs
+- Google Cloud Deployment Manager V2 API
+- Google Cloud SQL
+- Google Cloud Storage
+- Google Cloud Storage JSON API
+- Google Compute Engine Instance Group Updater API
+- Google Compute Engine Instance Groups API
+- Kubernetes Engine API
+- Cloud Error Reporting API
+- Pub/Sub Lite API
+
+Next, create a Datastore database in the general project, and a Firestore
+database in the Firestore project.
+
+Finally, in the general project, create an API key for the translate API:
+
+- Go to GCP Developer Console.
+- Navigate to APIs & Services > Credentials.
+- Click Create Credentials > API Key.
+- Save this key for use in `GCLOUD_TESTS_API_KEY` as described below.
+
+#### Local Setup
+
+Once the three projects are created and configured, set the following environment
+variables:
+
+- `GCLOUD_TESTS_GOLANG_PROJECT_ID`: Developers Console project's ID (e.g.
+bamboo-shift-455) for the general project.
+- `GCLOUD_TESTS_GOLANG_KEY`: The path to the JSON key file of the general
+project's service account.
+- `GCLOUD_TESTS_GOLANG_DATASTORE_DATABASES`: Comma separated list of developer's Datastore databases. If not provided, default database i.e. empty string is used.
+- `GCLOUD_TESTS_GOLANG_FIRESTORE_PROJECT_ID`: Developers Console project's ID
+(e.g. doorway-cliff-677) for the Firestore project.
+- `GCLOUD_TESTS_GOLANG_FIRESTORE_DATABASES` : Comma separated list of developer's Firestore databases. If not provided, default database is used.
+- `GCLOUD_TESTS_GOLANG_FIRESTORE_KEY`: The path to the JSON key file of the
+Firestore project's service account.
+- `GCLOUD_TESTS_API_KEY`: API key for using the Translate API created above.
+- `GCLOUD_TESTS_GOLANG_SECONDARY_BIGTABLE_PROJECT_ID`: Developers Console project's ID (e.g. doorway-cliff-677) for Bigtable optional secondary project. This can be same as Firestore project or any project other than the general project.
+- `GCLOUD_TESTS_BIGTABLE_CLUSTER`: Cluster ID of Bigtable cluster in general project
+- `GCLOUD_TESTS_BIGTABLE_PRI_PROJ_SEC_CLUSTER`: Optional. Cluster ID of Bigtable secondary cluster in general project
+
+As part of the setup that follows, the following variables will be configured:
+
+- `GCLOUD_TESTS_GOLANG_KEYRING`: The full name of the keyring for the tests,
+in the form
+"projects/P/locations/L/keyRings/R". The creation of this is described below.
+- `GCLOUD_TESTS_BIGTABLE_KEYRING`: The full name of the keyring for the bigtable tests,
+in the form
+"projects/P/locations/L/keyRings/R". The creation of this is described below. Expected to be single region.
+- `GCLOUD_TESTS_GOLANG_ZONE`: Compute Engine zone.
+
+Install the [gcloud command-line tool][gcloudcli] to your machine and use it to
+create some resources used in integration tests.
+
+From the project's root directory:
+
+``` sh
+# Sets the default project in your env.
+$ gcloud config set project $GCLOUD_TESTS_GOLANG_PROJECT_ID
+
+# Authenticates the gcloud tool with your account.
+$ gcloud auth login
+
+# Create the indexes for all the databases you want to use in the datastore integration tests. 
+# Use empty string as databaseID or skip database flag for default database.
+$ gcloud alpha datastore indexes create --database=your-databaseID-1 --project=$GCLOUD_TESTS_GOLANG_PROJECT_ID testdata/index.yaml
+
+# Creates a Google Cloud storage bucket with the same name as your test project,
+# and with the Cloud Logging service account as owner, for the sink
+# integration tests in logging.
+$ gsutil mb gs://$GCLOUD_TESTS_GOLANG_PROJECT_ID
+$ gsutil acl ch -g cloud-logs@google.com:O gs://$GCLOUD_TESTS_GOLANG_PROJECT_ID
+
+# Creates a PubSub topic for integration tests of storage notifications.
+$ gcloud beta pubsub topics create go-storage-notification-test
+# Next, go to the Pub/Sub dashboard in GCP console. Authorize the user
+# "service-<numeric project id>@gs-project-accounts.iam.gserviceaccount.com"
+# as a publisher to that topic.
+
+# Creates a Spanner instance for the spanner integration tests.
+$ gcloud beta spanner instances create go-integration-test --config regional-us-central1 --nodes 10 --description 'Instance for go client test'
+# NOTE: Spanner instances are priced by the node-hour, so you may want to
+# delete the instance after testing with 'gcloud beta spanner instances delete'.
+
+$ export MY_KEYRING=some-keyring-name
+$ export MY_LOCATION=global
+$ export MY_SINGLE_LOCATION=us-central1
+# Creates a KMS keyring, in the same location as the default location for your
+# project's buckets.
+$ gcloud kms keyrings create $MY_KEYRING --location $MY_LOCATION
+# Creates two keys in the keyring, named key1 and key2.
+$ gcloud kms keys create key1 --keyring $MY_KEYRING --location $MY_LOCATION --purpose encryption
+$ gcloud kms keys create key2 --keyring $MY_KEYRING --location $MY_LOCATION --purpose encryption
+# Sets the GCLOUD_TESTS_GOLANG_KEYRING environment variable.
+$ export GCLOUD_TESTS_GOLANG_KEYRING=projects/$GCLOUD_TESTS_GOLANG_PROJECT_ID/locations/$MY_LOCATION/keyRings/$MY_KEYRING
+# Authorizes Google Cloud Storage to encrypt and decrypt using key1.
+$ gsutil kms authorize -p $GCLOUD_TESTS_GOLANG_PROJECT_ID -k $GCLOUD_TESTS_GOLANG_KEYRING/cryptoKeys/key1
+
+# Create KMS Key in one region for Bigtable
+$ gcloud kms keyrings create $MY_KEYRING --location $MY_SINGLE_LOCATION
+$ gcloud kms keys create key1 --keyring $MY_KEYRING --location $MY_SINGLE_LOCATION --purpose encryption
+# Sets the GCLOUD_TESTS_BIGTABLE_KEYRING environment variable.
+$ export GCLOUD_TESTS_BIGTABLE_KEYRING=projects/$GCLOUD_TESTS_GOLANG_PROJECT_ID/locations/$MY_SINGLE_LOCATION/keyRings/$MY_KEYRING
+# Create a service agent, https://cloud.google.com/bigtable/docs/use-cmek#gcloud:
+$ gcloud beta services identity create \
+    --service=bigtableadmin.googleapis.com \
+    --project $GCLOUD_TESTS_GOLANG_PROJECT_ID
+# Note the service agent email for the agent created.
+$ export SERVICE_AGENT_EMAIL=<service agent email, from last step>
+
+# Authorizes Google Cloud Bigtable to encrypt and decrypt using key1
+$ gcloud kms keys add-iam-policy-binding key1 \
+    --keyring $MY_KEYRING \
+    --location $MY_SINGLE_LOCATION \
+    --role roles/cloudkms.cryptoKeyEncrypterDecrypter \
+    --member "serviceAccount:$SERVICE_AGENT_EMAIL" \
+    --project $GCLOUD_TESTS_GOLANG_PROJECT_ID
+```
+
+It may be useful to add exports to your shell initialization for future use.
+For instance, in `.zshrc`:
+
+```sh
+#### START GO SDK Test Variables
+# Developers Console project's ID (e.g. bamboo-shift-455) for the general project.
+export GCLOUD_TESTS_GOLANG_PROJECT_ID=your-project
+
+# Developers Console project's ID (e.g. bamboo-shift-455) for the Bigtable project.
+export GCLOUD_TESTS_GOLANG_SECONDARY_BIGTABLE_PROJECT_ID=your-bigtable-optional-secondary-project
+
+# The path to the JSON key file of the general project's service account.
+export GCLOUD_TESTS_GOLANG_KEY=~/directory/your-project-abcd1234.json
+
+# Comma separated list of developer's Datastore databases. If not provided, 
+# default database i.e. empty string is used.
+export GCLOUD_TESTS_GOLANG_DATASTORE_DATABASES=your-database-1,your-database-2
+
+# Developers Console project's ID (e.g. doorway-cliff-677) for the Firestore project.
+export GCLOUD_TESTS_GOLANG_FIRESTORE_PROJECT_ID=your-firestore-project
+
+# Comma separated list of developer's Firestore databases. If not provided, default database is used.
+export GCLOUD_TESTS_GOLANG_FIRESTORE_DATABASES=your-database-1,your-database-2
+
+# The path to the JSON key file of the Firestore project's service account.
+export GCLOUD_TESTS_GOLANG_FIRESTORE_KEY=~/directory/your-firestore-project-abcd1234.json
+
+# The full name of the keyring for the tests, in the form "projects/P/locations/L/keyRings/R".
+# The creation of this is described below.
+export MY_KEYRING=my-golang-sdk-test
+export MY_LOCATION=global
+export GCLOUD_TESTS_GOLANG_KEYRING=projects/$GCLOUD_TESTS_GOLANG_PROJECT_ID/locations/$MY_LOCATION/keyRings/$MY_KEYRING
+
+# API key for using the Translate API.
+export GCLOUD_TESTS_API_KEY=abcdefghijk123456789
+
+# Compute Engine zone. (https://cloud.google.com/compute/docs/regions-zones)
+export GCLOUD_TESTS_GOLANG_ZONE=your-chosen-region
+#### END GO SDK Test Variables
+```
+
+#### Running
+
+Once you've done the necessary setup, you can run the integration tests by
+running:
+
+``` sh
+$ go test -v ./...
+```
+
+Note that the above command will not run the tests in other modules. To run
+tests on other modules, first navigate to the appropriate
+subdirectory. For instance, to run only the tests for datastore:
+``` sh
+$ cd datastore
+$ go test -v ./...
+```
+
+#### Replay
+
+Some packages can record the RPCs during integration tests to a file for
+subsequent replay. To record, pass the `-record` flag to `go test`. The
+recording will be saved to the _package_`.replay` file. To replay integration
+tests from a saved recording, the replay file must be present, the `-short`
+flag must be passed to `go test`, and the `GCLOUD_TESTS_GOLANG_ENABLE_REPLAY`
+environment variable must have a non-empty value.
+
+## Contributor License Agreements
+
+Before we can accept your pull requests you'll need to sign a Contributor
+License Agreement (CLA):
+
+- **If you are an individual writing original source code** and **you own the
+intellectual property**, then you'll need to sign an [individual CLA][indvcla].
+- **If you work for a company that wants to allow you to contribute your
+work**, then you'll need to sign a [corporate CLA][corpcla].
+
+You can sign these electronically (just scroll to the bottom). After that,
+we'll be able to accept your pull requests.
+
+## Contributor Code of Conduct
+
+As contributors and maintainers of this project,
+and in the interest of fostering an open and welcoming community,
+we pledge to respect all people who contribute through reporting issues,
+posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project
+a harassment-free experience for everyone,
+regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information,
+such as physical or electronic
+addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct.
+By adopting this Code of Conduct,
+project maintainers commit themselves to fairly and consistently
+applying these principles to every aspect of managing this project.
+Project maintainers who do not follow or enforce the Code of Conduct
+may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior
+may be reported by opening an issue
+or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://contributor-covenant.org), version 1.2.0,
+available at [https://contributor-covenant.org/version/1/2/0/](https://contributor-covenant.org/version/1/2/0/)
+
+[gcloudcli]: https://developers.google.com/cloud/sdk/gcloud/
+[indvcla]: https://developers.google.com/open-source/cla/individual
+[corpcla]: https://developers.google.com/open-source/cla/corporate
+[`third_party`]: https://opensource.google/documentation/reference/thirdparty

vendor/cloud.google.com/go/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

vendor/cloud.google.com/go/README.md

@@ -0,0 +1,86 @@
+# Google Cloud Client Libraries for Go
+
+[![Go Reference](https://pkg.go.dev/badge/cloud.google.com/go.svg)](https://pkg.go.dev/cloud.google.com/go)
+
+Go packages for [Google Cloud Platform](https://cloud.google.com) services.
+
+``` go
+import "cloud.google.com/go"
+```
+
+To install the packages on your system, *do not clone the repo*. Instead:
+
+1. Change to your project directory: `cd /my/cloud/project`
+1. Get the package you want to use. Some products have their own module, so it's
+   best to `go get` the package(s) you want to use:
+
+```bash
+go get cloud.google.com/go/firestore # Replace with the package you want to use.
+```
+
+**NOTE:** Some of these packages are under development, and may occasionally
+make backwards-incompatible changes.
+
+## Supported APIs
+
+For an updated list of all of our released APIs please see our
+[reference docs](https://cloud.google.com/go/docs/reference).
+
+## [Go Versions Supported](#supported-versions)
+
+Our libraries are compatible with at least the three most recent, major Go
+releases. They are currently compatible with:
+
+- Go 1.22
+- Go 1.21
+- Go 1.20
+
+## Authorization
+
+By default, each API will use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials)
+for authorization credentials used in calling the API endpoints. This will allow your
+application to run in many environments without requiring explicit configuration.
+
+```go
+client, err := storage.NewClient(ctx)
+```
+
+To authorize using a
+[JSON key file](https://cloud.google.com/iam/docs/managing-service-account-keys),
+pass
+[`option.WithCredentialsFile`](https://pkg.go.dev/google.golang.org/api/option#WithCredentialsFile)
+to the `NewClient` function of the desired package. For example:
+
+```go
+client, err := storage.NewClient(ctx, option.WithCredentialsFile("path/to/keyfile.json"))
+```
+
+You can exert more control over authorization by using the
+[`golang.org/x/oauth2`](https://pkg.go.dev/golang.org/x/oauth2) package to
+create an `oauth2.TokenSource`. Then pass
+[`option.WithTokenSource`](https://pkg.go.dev/google.golang.org/api/option#WithTokenSource)
+to the `NewClient` function:
+
+```go
+tokenSource := ...
+client, err := storage.NewClient(ctx, option.WithTokenSource(tokenSource))
+```
+
+## Contributing
+
+Contributions are welcome. Please, see the
+[CONTRIBUTING](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/main/CONTRIBUTING.md)
+document for details.
+
+Please note that this project is released with a Contributor Code of Conduct.
+By participating in this project you agree to abide by its terms.
+See [Contributor Code of Conduct](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/main/CONTRIBUTING.md#contributor-code-of-conduct)
+for more information.
+
+## Links
+
+- [Go on Google Cloud](https://cloud.google.com/go/home)
+- [Getting started with Go on Google Cloud](https://cloud.google.com/go/getting-started)
+- [App Engine Quickstart](https://cloud.google.com/appengine/docs/standard/go/quickstart)
+- [Cloud Functions Quickstart](https://cloud.google.com/functions/docs/quickstart-go)
+- [Cloud Run Quickstart](https://cloud.google.com/run/docs/quickstarts/build-and-deploy#go)

vendor/cloud.google.com/go/RELEASING.md

@@ -0,0 +1,141 @@
+# Releasing
+
+## Determine which module to release
+
+The Go client libraries have several modules. Each module does not strictly
+correspond to a single library - they correspond to trees of directories. If a
+file needs to be released, you must release the closest ancestor module.
+
+To see all modules:
+
+```bash
+$ cat `find . -name go.mod` | grep module
+module cloud.google.com/go/pubsub
+module cloud.google.com/go/spanner
+module cloud.google.com/go
+module cloud.google.com/go/bigtable
+module cloud.google.com/go/bigquery
+module cloud.google.com/go/storage
+module cloud.google.com/go/pubsublite
+module cloud.google.com/go/firestore
+module cloud.google.com/go/logging
+module cloud.google.com/go/internal/gapicgen
+module cloud.google.com/go/internal/godocfx
+module cloud.google.com/go/internal/examples/fake
+module cloud.google.com/go/internal/examples/mock
+module cloud.google.com/go/datastore
+```
+
+The `cloud.google.com/go` is the repository root module. Each other module is
+a submodule.
+
+So, if you need to release a change in `bigtable/bttest/inmem.go`, the closest
+ancestor module is `cloud.google.com/go/bigtable` - so you should release a new
+version of the `cloud.google.com/go/bigtable` submodule.
+
+If you need to release a change in `asset/apiv1/asset_client.go`, the closest
+ancestor module is `cloud.google.com/go` - so you should release a new version
+of the `cloud.google.com/go` repository root module. Note: releasing
+`cloud.google.com/go` has no impact on any of the submodules, and vice-versa.
+They are released entirely independently.
+
+## Test failures
+
+If there are any test failures in the Kokoro build, releases are blocked until
+the failures have been resolved.
+
+## How to release
+
+### Automated Releases (`cloud.google.com/go` and submodules)
+
+We now use [release-please](https://github.com/googleapis/release-please) to
+perform automated releases for `cloud.google.com/go` and all submodules.
+
+1. If there are changes that have not yet been released, a
+   [pull request](https://github.com/googleapis/google-cloud-go/pull/2971) will
+   be automatically opened by release-please
+   with a title like "chore: release X.Y.Z" (for the root module) or 
+   "chore: release datastore X.Y.Z" (for the datastore submodule), where X.Y.Z 
+   is the next version to be released. Find the desired pull request
+   [here](https://github.com/googleapis/google-cloud-go/pulls)
+1. Check for failures in the
+   [continuous Kokoro build](http://go/google-cloud-go-continuous). If there are
+   any failures in the most recent build, address them before proceeding with
+   the release. (This applies even if the failures are in a different submodule
+   from the one being released.)
+1. Review the release notes. These are automatically generated from the titles
+   of any merged commits since the previous release. If you would like to edit
+   them, this can be done by updating the changes in the release PR.
+1. To cut a release, approve and merge the pull request. Doing so will
+   update the `CHANGES.md`, tag the merged commit with the appropriate version,
+   and draft a GitHub release which will copy the notes from `CHANGES.md`.
+
+### Manual Release (`cloud.google.com/go`)
+
+If for whatever reason the automated release process is not working as expected,
+here is how to manually cut a release of `cloud.google.com/go`.
+
+1. Check for failures in the
+   [continuous Kokoro build](http://go/google-cloud-go-continuous). If there are
+   any failures in the most recent build, address them before proceeding with
+   the release.
+1. Navigate to `google-cloud-go/` and switch to main.
+1. `git pull`
+1. Run `git tag -l | grep -v beta | grep -v alpha` to see all existing releases.
+   The current latest tag `$CV` is the largest tag. It should look something
+   like `vX.Y.Z` (note: ignore all `LIB/vX.Y.Z` tags - these are tags for a
+   specific library, not the module root). We'll call the current version `$CV`
+   and the new version `$NV`.
+1. On main, run `git log $CV...` to list all the changes since the last
+   release. NOTE: You must manually visually parse out changes to submodules [1]
+   (the `git log` is going to show you things in submodules, which are not going
+   to be part of your release).
+1. Edit `CHANGES.md` to include a summary of the changes.
+1. In `internal/version/version.go`, update `const Repo` to today's date with
+   the format `YYYYMMDD`.
+1. In `internal/version` run `go generate`.
+1. Commit the changes, ignoring the generated `.go-r` file. Push to your fork,
+   and create a PR titled `chore: release $NV`.
+1. Wait for the PR to be reviewed and merged. Once it's merged, and without
+   merging any other PRs in the meantime:
+   a. Switch to main.
+   b. `git pull`
+   c. Tag the repo with the next version: `git tag $NV`.
+   d. Push the tag to origin:
+      `git push origin $NV`
+1. Update [the releases page](https://github.com/googleapis/google-cloud-go/releases)
+   with the new release, copying the contents of `CHANGES.md`.
+
+### Manual Releases (submodules)
+
+If for whatever reason the automated release process is not working as expected,
+here is how to manually cut a release of a submodule.
+
+(these instructions assume we're releasing `cloud.google.com/go/datastore` - adjust accordingly)
+
+1. Check for failures in the
+   [continuous Kokoro build](http://go/google-cloud-go-continuous). If there are
+   any failures in the most recent build, address them before proceeding with
+   the release. (This applies even if the failures are in a different submodule
+   from the one being released.)
+1. Navigate to `google-cloud-go/` and switch to main.
+1. `git pull`
+1. Run `git tag -l | grep datastore | grep -v beta | grep -v alpha` to see all
+   existing releases. The current latest tag `$CV` is the largest tag. It
+   should look something like `datastore/vX.Y.Z`. We'll call the current version
+   `$CV` and the new version `$NV`.
+1. On main, run `git log $CV.. -- datastore/` to list all the changes to the
+   submodule directory since the last release.
+1. Edit `datastore/CHANGES.md` to include a summary of the changes.
+1. In `internal/version` run `go generate`.
+1. Commit the changes, ignoring the generated `.go-r` file. Push to your fork,
+   and create a PR titled `chore(datastore): release $NV`.
+1. Wait for the PR to be reviewed and merged. Once it's merged, and without
+   merging any other PRs in the meantime:
+   a. Switch to main.
+   b. `git pull`
+   c. Tag the repo with the next version: `git tag $NV`.
+   d. Push the tag to origin:
+      `git push origin $NV`
+1. Update [the releases page](https://github.com/googleapis/google-cloud-go/releases)
+   with the new release, copying the contents of `datastore/CHANGES.md`.

vendor/cloud.google.com/go/SECURITY.md

@@ -0,0 +1,7 @@
+# Security Policy
+
+To report a security issue, please use [g.co/vulnz](https://g.co/vulnz).
+
+The Google Security Team will respond within 5 working days of your report on g.co/vulnz.
+
+We use g.co/vulnz for our intake, and do coordination and disclosure here using GitHub Security Advisory to privately discuss and fix the issue.

vendor/cloud.google.com/go/ai/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/auxiliary.go

@@ -0,0 +1,467 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+package generativelanguage
+
+import (
+	"context"
+	"time"
+
+	generativelanguagepb "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb"
+	"cloud.google.com/go/longrunning"
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/iterator"
+)
+
+// CreateTunedModelOperation manages a long-running operation from CreateTunedModel.
+type CreateTunedModelOperation struct {
+	lro      *longrunning.Operation
+	pollPath string
+}
+
+// Wait blocks until the long-running operation is completed, returning the response and any errors encountered.
+//
+// See documentation of Poll for error-handling information.
+func (op *CreateTunedModelOperation) Wait(ctx context.Context, opts ...gax.CallOption) (*generativelanguagepb.TunedModel, error) {
+	opts = append([]gax.CallOption{gax.WithPath(op.pollPath)}, opts...)
+	var resp generativelanguagepb.TunedModel
+	if err := op.lro.WaitWithInterval(ctx, &resp, time.Minute, opts...); err != nil {
+		return nil, err
+	}
+	return &resp, nil
+}
+
+// Poll fetches the latest state of the long-running operation.
+//
+// Poll also fetches the latest metadata, which can be retrieved by Metadata.
+//
+// If Poll fails, the error is returned and op is unmodified. If Poll succeeds and
+// the operation has completed with failure, the error is returned and op.Done will return true.
+// If Poll succeeds and the operation has completed successfully,
+// op.Done will return true, and the response of the operation is returned.
+// If Poll succeeds and the operation has not completed, the returned response and error are both nil.
+func (op *CreateTunedModelOperation) Poll(ctx context.Context, opts ...gax.CallOption) (*generativelanguagepb.TunedModel, error) {
+	opts = append([]gax.CallOption{gax.WithPath(op.pollPath)}, opts...)
+	var resp generativelanguagepb.TunedModel
+	if err := op.lro.Poll(ctx, &resp, opts...); err != nil {
+		return nil, err
+	}
+	if !op.Done() {
+		return nil, nil
+	}
+	return &resp, nil
+}
+
+// Metadata returns metadata associated with the long-running operation.
+// Metadata itself does not contact the server, but Poll does.
+// To get the latest metadata, call this method after a successful call to Poll.
+// If the metadata is not available, the returned metadata and error are both nil.
+func (op *CreateTunedModelOperation) Metadata() (*generativelanguagepb.CreateTunedModelMetadata, error) {
+	var meta generativelanguagepb.CreateTunedModelMetadata
+	if err := op.lro.Metadata(&meta); err == longrunning.ErrNoMetadata {
+		return nil, nil
+	} else if err != nil {
+		return nil, err
+	}
+	return &meta, nil
+}
+
+// Done reports whether the long-running operation has completed.
+func (op *CreateTunedModelOperation) Done() bool {
+	return op.lro.Done()
+}
+
+// Name returns the name of the long-running operation.
+// The name is assigned by the server and is unique within the service from which the operation is created.
+func (op *CreateTunedModelOperation) Name() string {
+	return op.lro.Name()
+}
+
+// CachedContentIterator manages a stream of *generativelanguagepb.CachedContent.
+type CachedContentIterator struct {
+	items    []*generativelanguagepb.CachedContent
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.CachedContent, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *CachedContentIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *CachedContentIterator) Next() (*generativelanguagepb.CachedContent, error) {
+	var item *generativelanguagepb.CachedContent
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *CachedContentIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *CachedContentIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// ChunkIterator manages a stream of *generativelanguagepb.Chunk.
+type ChunkIterator struct {
+	items    []*generativelanguagepb.Chunk
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.Chunk, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *ChunkIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *ChunkIterator) Next() (*generativelanguagepb.Chunk, error) {
+	var item *generativelanguagepb.Chunk
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *ChunkIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *ChunkIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// CorpusIterator manages a stream of *generativelanguagepb.Corpus.
+type CorpusIterator struct {
+	items    []*generativelanguagepb.Corpus
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.Corpus, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *CorpusIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *CorpusIterator) Next() (*generativelanguagepb.Corpus, error) {
+	var item *generativelanguagepb.Corpus
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *CorpusIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *CorpusIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// DocumentIterator manages a stream of *generativelanguagepb.Document.
+type DocumentIterator struct {
+	items    []*generativelanguagepb.Document
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.Document, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *DocumentIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *DocumentIterator) Next() (*generativelanguagepb.Document, error) {
+	var item *generativelanguagepb.Document
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *DocumentIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *DocumentIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// FileIterator manages a stream of *generativelanguagepb.File.
+type FileIterator struct {
+	items    []*generativelanguagepb.File
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.File, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *FileIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *FileIterator) Next() (*generativelanguagepb.File, error) {
+	var item *generativelanguagepb.File
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *FileIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *FileIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// ModelIterator manages a stream of *generativelanguagepb.Model.
+type ModelIterator struct {
+	items    []*generativelanguagepb.Model
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.Model, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *ModelIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *ModelIterator) Next() (*generativelanguagepb.Model, error) {
+	var item *generativelanguagepb.Model
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *ModelIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *ModelIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// PermissionIterator manages a stream of *generativelanguagepb.Permission.
+type PermissionIterator struct {
+	items    []*generativelanguagepb.Permission
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.Permission, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *PermissionIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *PermissionIterator) Next() (*generativelanguagepb.Permission, error) {
+	var item *generativelanguagepb.Permission
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *PermissionIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *PermissionIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}
+
+// TunedModelIterator manages a stream of *generativelanguagepb.TunedModel.
+type TunedModelIterator struct {
+	items    []*generativelanguagepb.TunedModel
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// Response is the raw response for the current page.
+	// It must be cast to the RPC response type.
+	// Calling Next() or InternalFetch() updates this value.
+	Response interface{}
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*generativelanguagepb.TunedModel, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *TunedModelIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *TunedModelIterator) Next() (*generativelanguagepb.TunedModel, error) {
+	var item *generativelanguagepb.TunedModel
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *TunedModelIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *TunedModelIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/cache_client.go

@@ -0,0 +1,748 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+package generativelanguage
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+
+	generativelanguagepb "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb"
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
+	"google.golang.org/api/option/internaloption"
+	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
+	"google.golang.org/grpc"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
+var newCacheClientHook clientHook
+
+// CacheCallOptions contains the retry settings for each method of CacheClient.
+type CacheCallOptions struct {
+	ListCachedContents  []gax.CallOption
+	CreateCachedContent []gax.CallOption
+	GetCachedContent    []gax.CallOption
+	UpdateCachedContent []gax.CallOption
+	DeleteCachedContent []gax.CallOption
+}
+
+func defaultCacheGRPCClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("generativelanguage.googleapis.com:443"),
+		internaloption.WithDefaultEndpointTemplate("generativelanguage.UNIVERSE_DOMAIN:443"),
+		internaloption.WithDefaultMTLSEndpoint("generativelanguage.mtls.googleapis.com:443"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+		internaloption.EnableJwtWithScope(),
+		option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(math.MaxInt32))),
+	}
+}
+
+func defaultCacheCallOptions() *CacheCallOptions {
+	return &CacheCallOptions{
+		ListCachedContents:  []gax.CallOption{},
+		CreateCachedContent: []gax.CallOption{},
+		GetCachedContent:    []gax.CallOption{},
+		UpdateCachedContent: []gax.CallOption{},
+		DeleteCachedContent: []gax.CallOption{},
+	}
+}
+
+func defaultCacheRESTCallOptions() *CacheCallOptions {
+	return &CacheCallOptions{
+		ListCachedContents:  []gax.CallOption{},
+		CreateCachedContent: []gax.CallOption{},
+		GetCachedContent:    []gax.CallOption{},
+		UpdateCachedContent: []gax.CallOption{},
+		DeleteCachedContent: []gax.CallOption{},
+	}
+}
+
+// internalCacheClient is an interface that defines the methods available from Generative Language API.
+type internalCacheClient interface {
+	Close() error
+	setGoogleClientInfo(...string)
+	Connection() *grpc.ClientConn
+	ListCachedContents(context.Context, *generativelanguagepb.ListCachedContentsRequest, ...gax.CallOption) *CachedContentIterator
+	CreateCachedContent(context.Context, *generativelanguagepb.CreateCachedContentRequest, ...gax.CallOption) (*generativelanguagepb.CachedContent, error)
+	GetCachedContent(context.Context, *generativelanguagepb.GetCachedContentRequest, ...gax.CallOption) (*generativelanguagepb.CachedContent, error)
+	UpdateCachedContent(context.Context, *generativelanguagepb.UpdateCachedContentRequest, ...gax.CallOption) (*generativelanguagepb.CachedContent, error)
+	DeleteCachedContent(context.Context, *generativelanguagepb.DeleteCachedContentRequest, ...gax.CallOption) error
+}
+
+// CacheClient is a client for interacting with Generative Language API.
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+//
+// API for managing cache of content (CachedContent resources) that can be used
+// in GenerativeService requests. This way generate content requests can benefit
+// from preprocessing work being done earlier, possibly lowering their
+// computational cost. It is intended to be used with large contexts.
+type CacheClient struct {
+	// The internal transport-dependent client.
+	internalClient internalCacheClient
+
+	// The call options for this service.
+	CallOptions *CacheCallOptions
+}
+
+// Wrapper methods routed to the internal client.
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *CacheClient) Close() error {
+	return c.internalClient.Close()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *CacheClient) setGoogleClientInfo(keyval ...string) {
+	c.internalClient.setGoogleClientInfo(keyval...)
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *CacheClient) Connection() *grpc.ClientConn {
+	return c.internalClient.Connection()
+}
+
+// ListCachedContents lists CachedContents.
+func (c *CacheClient) ListCachedContents(ctx context.Context, req *generativelanguagepb.ListCachedContentsRequest, opts ...gax.CallOption) *CachedContentIterator {
+	return c.internalClient.ListCachedContents(ctx, req, opts...)
+}
+
+// CreateCachedContent creates CachedContent resource.
+func (c *CacheClient) CreateCachedContent(ctx context.Context, req *generativelanguagepb.CreateCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	return c.internalClient.CreateCachedContent(ctx, req, opts...)
+}
+
+// GetCachedContent reads CachedContent resource.
+func (c *CacheClient) GetCachedContent(ctx context.Context, req *generativelanguagepb.GetCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	return c.internalClient.GetCachedContent(ctx, req, opts...)
+}
+
+// UpdateCachedContent updates CachedContent resource (only expiration is updatable).
+func (c *CacheClient) UpdateCachedContent(ctx context.Context, req *generativelanguagepb.UpdateCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	return c.internalClient.UpdateCachedContent(ctx, req, opts...)
+}
+
+// DeleteCachedContent deletes CachedContent resource.
+func (c *CacheClient) DeleteCachedContent(ctx context.Context, req *generativelanguagepb.DeleteCachedContentRequest, opts ...gax.CallOption) error {
+	return c.internalClient.DeleteCachedContent(ctx, req, opts...)
+}
+
+// cacheGRPCClient is a client for interacting with Generative Language API over gRPC transport.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type cacheGRPCClient struct {
+	// Connection pool of gRPC connections to the service.
+	connPool gtransport.ConnPool
+
+	// Points back to the CallOptions field of the containing CacheClient
+	CallOptions **CacheCallOptions
+
+	// The gRPC API client.
+	cacheClient generativelanguagepb.CacheServiceClient
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogHeaders []string
+}
+
+// NewCacheClient creates a new cache service client based on gRPC.
+// The returned client must be Closed when it is done being used to clean up its underlying connections.
+//
+// API for managing cache of content (CachedContent resources) that can be used
+// in GenerativeService requests. This way generate content requests can benefit
+// from preprocessing work being done earlier, possibly lowering their
+// computational cost. It is intended to be used with large contexts.
+func NewCacheClient(ctx context.Context, opts ...option.ClientOption) (*CacheClient, error) {
+	clientOpts := defaultCacheGRPCClientOptions()
+	if newCacheClientHook != nil {
+		hookOpts, err := newCacheClientHook(ctx, clientHookParams{})
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, hookOpts...)
+	}
+
+	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
+	if err != nil {
+		return nil, err
+	}
+	client := CacheClient{CallOptions: defaultCacheCallOptions()}
+
+	c := &cacheGRPCClient{
+		connPool:    connPool,
+		cacheClient: generativelanguagepb.NewCacheServiceClient(connPool),
+		CallOptions: &client.CallOptions,
+	}
+	c.setGoogleClientInfo()
+
+	client.internalClient = c
+
+	return &client, nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *cacheGRPCClient) Connection() *grpc.ClientConn {
+	return c.connPool.Conn()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *cacheGRPCClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *cacheGRPCClient) Close() error {
+	return c.connPool.Close()
+}
+
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type cacheRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
+
+	// Points back to the CallOptions field of the containing CacheClient
+	CallOptions **CacheCallOptions
+}
+
+// NewCacheRESTClient creates a new cache service rest client.
+//
+// API for managing cache of content (CachedContent resources) that can be used
+// in GenerativeService requests. This way generate content requests can benefit
+// from preprocessing work being done earlier, possibly lowering their
+// computational cost. It is intended to be used with large contexts.
+func NewCacheRESTClient(ctx context.Context, opts ...option.ClientOption) (*CacheClient, error) {
+	clientOpts := append(defaultCacheRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultCacheRESTCallOptions()
+	c := &cacheRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &CacheClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultCacheRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://generativelanguage.googleapis.com"),
+		internaloption.WithDefaultEndpointTemplate("https://generativelanguage.UNIVERSE_DOMAIN"),
+		internaloption.WithDefaultMTLSEndpoint("https://generativelanguage.mtls.googleapis.com"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *cacheRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *cacheRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *cacheRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
+func (c *cacheGRPCClient) ListCachedContents(ctx context.Context, req *generativelanguagepb.ListCachedContentsRequest, opts ...gax.CallOption) *CachedContentIterator {
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, c.xGoogHeaders...)
+	opts = append((*c.CallOptions).ListCachedContents[0:len((*c.CallOptions).ListCachedContents):len((*c.CallOptions).ListCachedContents)], opts...)
+	it := &CachedContentIterator{}
+	req = proto.Clone(req).(*generativelanguagepb.ListCachedContentsRequest)
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*generativelanguagepb.CachedContent, string, error) {
+		resp := &generativelanguagepb.ListCachedContentsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			var err error
+			resp, err = c.cacheClient.ListCachedContents(ctx, req, settings.GRPC...)
+			return err
+		}, opts...)
+		if err != nil {
+			return nil, "", err
+		}
+
+		it.Response = resp
+		return resp.GetCachedContents(), resp.GetNextPageToken(), nil
+	}
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+func (c *cacheGRPCClient) CreateCachedContent(ctx context.Context, req *generativelanguagepb.CreateCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, c.xGoogHeaders...)
+	opts = append((*c.CallOptions).CreateCachedContent[0:len((*c.CallOptions).CreateCachedContent):len((*c.CallOptions).CreateCachedContent)], opts...)
+	var resp *generativelanguagepb.CachedContent
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.cacheClient.CreateCachedContent(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *cacheGRPCClient) GetCachedContent(ctx context.Context, req *generativelanguagepb.GetCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).GetCachedContent[0:len((*c.CallOptions).GetCachedContent):len((*c.CallOptions).GetCachedContent)], opts...)
+	var resp *generativelanguagepb.CachedContent
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.cacheClient.GetCachedContent(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *cacheGRPCClient) UpdateCachedContent(ctx context.Context, req *generativelanguagepb.UpdateCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "cached_content.name", url.QueryEscape(req.GetCachedContent().GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).UpdateCachedContent[0:len((*c.CallOptions).UpdateCachedContent):len((*c.CallOptions).UpdateCachedContent)], opts...)
+	var resp *generativelanguagepb.CachedContent
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.cacheClient.UpdateCachedContent(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *cacheGRPCClient) DeleteCachedContent(ctx context.Context, req *generativelanguagepb.DeleteCachedContentRequest, opts ...gax.CallOption) error {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).DeleteCachedContent[0:len((*c.CallOptions).DeleteCachedContent):len((*c.CallOptions).DeleteCachedContent)], opts...)
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		_, err = c.cacheClient.DeleteCachedContent(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	return err
+}
+
+// ListCachedContents lists CachedContents.
+func (c *cacheRESTClient) ListCachedContents(ctx context.Context, req *generativelanguagepb.ListCachedContentsRequest, opts ...gax.CallOption) *CachedContentIterator {
+	it := &CachedContentIterator{}
+	req = proto.Clone(req).(*generativelanguagepb.ListCachedContentsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*generativelanguagepb.CachedContent, string, error) {
+		resp := &generativelanguagepb.ListCachedContentsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1beta/cachedContents")
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetCachedContents(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// CreateCachedContent creates CachedContent resource.
+func (c *cacheRESTClient) CreateCachedContent(ctx context.Context, req *generativelanguagepb.CreateCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetCachedContent()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/cachedContents")
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).CreateCachedContent[0:len((*c.CallOptions).CreateCachedContent):len((*c.CallOptions).CreateCachedContent)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.CachedContent{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetCachedContent reads CachedContent resource.
+func (c *cacheRESTClient) GetCachedContent(ctx context.Context, req *generativelanguagepb.GetCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).GetCachedContent[0:len((*c.CallOptions).GetCachedContent):len((*c.CallOptions).GetCachedContent)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.CachedContent{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// UpdateCachedContent updates CachedContent resource (only expiration is updatable).
+func (c *cacheRESTClient) UpdateCachedContent(ctx context.Context, req *generativelanguagepb.UpdateCachedContentRequest, opts ...gax.CallOption) (*generativelanguagepb.CachedContent, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetCachedContent()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetCachedContent().GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetUpdateMask() != nil {
+		updateMask, err := protojson.Marshal(req.GetUpdateMask())
+		if err != nil {
+			return nil, err
+		}
+		params.Add("updateMask", string(updateMask[1:len(updateMask)-1]))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "cached_content.name", url.QueryEscape(req.GetCachedContent().GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).UpdateCachedContent[0:len((*c.CallOptions).UpdateCachedContent):len((*c.CallOptions).UpdateCachedContent)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.CachedContent{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("PATCH", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// DeleteCachedContent deletes CachedContent resource.
+func (c *cacheRESTClient) DeleteCachedContent(ctx context.Context, req *generativelanguagepb.DeleteCachedContentRequest, opts ...gax.CallOption) error {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	return gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("DELETE", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		// Returns nil if there is no error, otherwise wraps
+		// the response code and body into a non-nil error
+		return googleapi.CheckResponse(httpRsp)
+	}, opts...)
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/discuss_client.go

@@ -0,0 +1,494 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+package generativelanguage
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+	"time"
+
+	generativelanguagepb "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb"
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/api/option"
+	"google.golang.org/api/option/internaloption"
+	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+var newDiscussClientHook clientHook
+
+// DiscussCallOptions contains the retry settings for each method of DiscussClient.
+type DiscussCallOptions struct {
+	GenerateMessage    []gax.CallOption
+	CountMessageTokens []gax.CallOption
+}
+
+func defaultDiscussGRPCClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("generativelanguage.googleapis.com:443"),
+		internaloption.WithDefaultEndpointTemplate("generativelanguage.UNIVERSE_DOMAIN:443"),
+		internaloption.WithDefaultMTLSEndpoint("generativelanguage.mtls.googleapis.com:443"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+		internaloption.EnableJwtWithScope(),
+		option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(math.MaxInt32))),
+	}
+}
+
+func defaultDiscussCallOptions() *DiscussCallOptions {
+	return &DiscussCallOptions{
+		GenerateMessage: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		CountMessageTokens: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+	}
+}
+
+func defaultDiscussRESTCallOptions() *DiscussCallOptions {
+	return &DiscussCallOptions{
+		GenerateMessage: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		CountMessageTokens: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+	}
+}
+
+// internalDiscussClient is an interface that defines the methods available from Generative Language API.
+type internalDiscussClient interface {
+	Close() error
+	setGoogleClientInfo(...string)
+	Connection() *grpc.ClientConn
+	GenerateMessage(context.Context, *generativelanguagepb.GenerateMessageRequest, ...gax.CallOption) (*generativelanguagepb.GenerateMessageResponse, error)
+	CountMessageTokens(context.Context, *generativelanguagepb.CountMessageTokensRequest, ...gax.CallOption) (*generativelanguagepb.CountMessageTokensResponse, error)
+}
+
+// DiscussClient is a client for interacting with Generative Language API.
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+//
+// An API for using Generative Language Models (GLMs) in dialog applications.
+//
+// Also known as large language models (LLMs), this API provides models that
+// are trained for multi-turn dialog.
+type DiscussClient struct {
+	// The internal transport-dependent client.
+	internalClient internalDiscussClient
+
+	// The call options for this service.
+	CallOptions *DiscussCallOptions
+}
+
+// Wrapper methods routed to the internal client.
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *DiscussClient) Close() error {
+	return c.internalClient.Close()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *DiscussClient) setGoogleClientInfo(keyval ...string) {
+	c.internalClient.setGoogleClientInfo(keyval...)
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *DiscussClient) Connection() *grpc.ClientConn {
+	return c.internalClient.Connection()
+}
+
+// GenerateMessage generates a response from the model given an input MessagePrompt.
+func (c *DiscussClient) GenerateMessage(ctx context.Context, req *generativelanguagepb.GenerateMessageRequest, opts ...gax.CallOption) (*generativelanguagepb.GenerateMessageResponse, error) {
+	return c.internalClient.GenerateMessage(ctx, req, opts...)
+}
+
+// CountMessageTokens runs a model’s tokenizer on a string and returns the token count.
+func (c *DiscussClient) CountMessageTokens(ctx context.Context, req *generativelanguagepb.CountMessageTokensRequest, opts ...gax.CallOption) (*generativelanguagepb.CountMessageTokensResponse, error) {
+	return c.internalClient.CountMessageTokens(ctx, req, opts...)
+}
+
+// discussGRPCClient is a client for interacting with Generative Language API over gRPC transport.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type discussGRPCClient struct {
+	// Connection pool of gRPC connections to the service.
+	connPool gtransport.ConnPool
+
+	// Points back to the CallOptions field of the containing DiscussClient
+	CallOptions **DiscussCallOptions
+
+	// The gRPC API client.
+	discussClient generativelanguagepb.DiscussServiceClient
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogHeaders []string
+}
+
+// NewDiscussClient creates a new discuss service client based on gRPC.
+// The returned client must be Closed when it is done being used to clean up its underlying connections.
+//
+// An API for using Generative Language Models (GLMs) in dialog applications.
+//
+// Also known as large language models (LLMs), this API provides models that
+// are trained for multi-turn dialog.
+func NewDiscussClient(ctx context.Context, opts ...option.ClientOption) (*DiscussClient, error) {
+	clientOpts := defaultDiscussGRPCClientOptions()
+	if newDiscussClientHook != nil {
+		hookOpts, err := newDiscussClientHook(ctx, clientHookParams{})
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, hookOpts...)
+	}
+
+	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
+	if err != nil {
+		return nil, err
+	}
+	client := DiscussClient{CallOptions: defaultDiscussCallOptions()}
+
+	c := &discussGRPCClient{
+		connPool:      connPool,
+		discussClient: generativelanguagepb.NewDiscussServiceClient(connPool),
+		CallOptions:   &client.CallOptions,
+	}
+	c.setGoogleClientInfo()
+
+	client.internalClient = c
+
+	return &client, nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *discussGRPCClient) Connection() *grpc.ClientConn {
+	return c.connPool.Conn()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *discussGRPCClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *discussGRPCClient) Close() error {
+	return c.connPool.Close()
+}
+
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type discussRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
+
+	// Points back to the CallOptions field of the containing DiscussClient
+	CallOptions **DiscussCallOptions
+}
+
+// NewDiscussRESTClient creates a new discuss service rest client.
+//
+// An API for using Generative Language Models (GLMs) in dialog applications.
+//
+// Also known as large language models (LLMs), this API provides models that
+// are trained for multi-turn dialog.
+func NewDiscussRESTClient(ctx context.Context, opts ...option.ClientOption) (*DiscussClient, error) {
+	clientOpts := append(defaultDiscussRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultDiscussRESTCallOptions()
+	c := &discussRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &DiscussClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultDiscussRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://generativelanguage.googleapis.com"),
+		internaloption.WithDefaultEndpointTemplate("https://generativelanguage.UNIVERSE_DOMAIN"),
+		internaloption.WithDefaultMTLSEndpoint("https://generativelanguage.mtls.googleapis.com"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *discussRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *discussRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *discussRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
+func (c *discussGRPCClient) GenerateMessage(ctx context.Context, req *generativelanguagepb.GenerateMessageRequest, opts ...gax.CallOption) (*generativelanguagepb.GenerateMessageResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).GenerateMessage[0:len((*c.CallOptions).GenerateMessage):len((*c.CallOptions).GenerateMessage)], opts...)
+	var resp *generativelanguagepb.GenerateMessageResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.discussClient.GenerateMessage(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *discussGRPCClient) CountMessageTokens(ctx context.Context, req *generativelanguagepb.CountMessageTokensRequest, opts ...gax.CallOption) (*generativelanguagepb.CountMessageTokensResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).CountMessageTokens[0:len((*c.CallOptions).CountMessageTokens):len((*c.CallOptions).CountMessageTokens)], opts...)
+	var resp *generativelanguagepb.CountMessageTokensResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.discussClient.CountMessageTokens(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// GenerateMessage generates a response from the model given an input MessagePrompt.
+func (c *discussRESTClient) GenerateMessage(ctx context.Context, req *generativelanguagepb.GenerateMessageRequest, opts ...gax.CallOption) (*generativelanguagepb.GenerateMessageResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:generateMessage", req.GetModel())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).GenerateMessage[0:len((*c.CallOptions).GenerateMessage):len((*c.CallOptions).GenerateMessage)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.GenerateMessageResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CountMessageTokens runs a model’s tokenizer on a string and returns the token count.
+func (c *discussRESTClient) CountMessageTokens(ctx context.Context, req *generativelanguagepb.CountMessageTokensRequest, opts ...gax.CallOption) (*generativelanguagepb.CountMessageTokensResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:countMessageTokens", req.GetModel())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).CountMessageTokens[0:len((*c.CallOptions).CountMessageTokens):len((*c.CallOptions).CountMessageTokens)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.CountMessageTokensResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/doc.go

@@ -0,0 +1,129 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+// Package generativelanguage is an auto-generated package for the
+// Generative Language API.
+//
+// The Gemini API allows developers to build generative AI applications using
+// Gemini models. Gemini is our most capable model, built from the ground up
+// to be multimodal. It can generalize and seamlessly understand, operate
+// across, and combine different types of information including language,
+// images, audio, video, and code. You can use the Gemini API for use cases
+// like reasoning across text and images, content generation, dialogue
+// agents, summarization and classification systems, and more.
+//
+//	NOTE: This package is in beta. It is not stable, and may be subject to changes.
+//
+// # General documentation
+//
+// For information that is relevant for all client libraries please reference
+// https://pkg.go.dev/cloud.google.com/go#pkg-overview. Some information on this
+// page includes:
+//
+//   - [Authentication and Authorization]
+//   - [Timeouts and Cancellation]
+//   - [Testing against Client Libraries]
+//   - [Debugging Client Libraries]
+//   - [Inspecting errors]
+//
+// # Example usage
+//
+// To get started with this package, create a client.
+//
+//	ctx := context.Background()
+//	// This snippet has been automatically generated and should be regarded as a code template only.
+//	// It will require modifications to work:
+//	// - It may require correct/in-range values for request initialization.
+//	// - It may require specifying regional endpoints when creating the service client as shown in:
+//	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
+//	c, err := generativelanguage.NewCacheClient(ctx)
+//	if err != nil {
+//		// TODO: Handle error.
+//	}
+//	defer c.Close()
+//
+// The client will use your default application credentials. Clients should be reused instead of created as needed.
+// The methods of Client are safe for concurrent use by multiple goroutines.
+// The returned client must be Closed when it is done being used.
+//
+// # Using the Client
+//
+// The following is an example of making an API call with the newly created client.
+//
+//	ctx := context.Background()
+//	// This snippet has been automatically generated and should be regarded as a code template only.
+//	// It will require modifications to work:
+//	// - It may require correct/in-range values for request initialization.
+//	// - It may require specifying regional endpoints when creating the service client as shown in:
+//	//   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
+//	c, err := generativelanguage.NewCacheClient(ctx)
+//	if err != nil {
+//		// TODO: Handle error.
+//	}
+//	defer c.Close()
+//
+//	req := &generativelanguagepb.CreateCachedContentRequest{
+//		// TODO: Fill request struct fields.
+//		// See https://pkg.go.dev/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb#CreateCachedContentRequest.
+//	}
+//	resp, err := c.CreateCachedContent(ctx, req)
+//	if err != nil {
+//		// TODO: Handle error.
+//	}
+//	// TODO: Use resp.
+//	_ = resp
+//
+// # Use of Context
+//
+// The ctx passed to NewCacheClient is used for authentication requests and
+// for creating the underlying connection, but is not used for subsequent calls.
+// Individual methods on the client use the ctx given to them.
+//
+// To close the open connection, use the Close() method.
+//
+// [Authentication and Authorization]: https://pkg.go.dev/cloud.google.com/go#hdr-Authentication_and_Authorization
+// [Timeouts and Cancellation]: https://pkg.go.dev/cloud.google.com/go#hdr-Timeouts_and_Cancellation
+// [Testing against Client Libraries]: https://pkg.go.dev/cloud.google.com/go#hdr-Testing
+// [Debugging Client Libraries]: https://pkg.go.dev/cloud.google.com/go#hdr-Debugging
+// [Inspecting errors]: https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors
+package generativelanguage // import "cloud.google.com/go/ai/generativelanguage/apiv1beta"
+
+import (
+	"context"
+
+	"google.golang.org/api/option"
+)
+
+// For more information on implementing a client constructor hook, see
+// https://github.com/googleapis/google-cloud-go/wiki/Customizing-constructors.
+type clientHookParams struct{}
+type clientHook func(context.Context, clientHookParams) ([]option.ClientOption, error)
+
+var versionClient string
+
+func getVersionClient() string {
+	if versionClient == "" {
+		return "UNKNOWN"
+	}
+	return versionClient
+}
+
+// DefaultAuthScopes reports the default set of authentication scopes to use with this package.
+func DefaultAuthScopes() []string {
+	return []string{
+		"",
+	}
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/file_client.go

@@ -0,0 +1,637 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+package generativelanguage
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+
+	generativelanguagepb "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb"
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
+	"google.golang.org/api/option/internaloption"
+	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
+	"google.golang.org/grpc"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
+var newFileClientHook clientHook
+
+// FileCallOptions contains the retry settings for each method of FileClient.
+type FileCallOptions struct {
+	CreateFile []gax.CallOption
+	ListFiles  []gax.CallOption
+	GetFile    []gax.CallOption
+	DeleteFile []gax.CallOption
+}
+
+func defaultFileGRPCClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("generativelanguage.googleapis.com:443"),
+		internaloption.WithDefaultEndpointTemplate("generativelanguage.UNIVERSE_DOMAIN:443"),
+		internaloption.WithDefaultMTLSEndpoint("generativelanguage.mtls.googleapis.com:443"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+		internaloption.EnableJwtWithScope(),
+		option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(math.MaxInt32))),
+	}
+}
+
+func defaultFileCallOptions() *FileCallOptions {
+	return &FileCallOptions{
+		CreateFile: []gax.CallOption{},
+		ListFiles:  []gax.CallOption{},
+		GetFile:    []gax.CallOption{},
+		DeleteFile: []gax.CallOption{},
+	}
+}
+
+func defaultFileRESTCallOptions() *FileCallOptions {
+	return &FileCallOptions{
+		CreateFile: []gax.CallOption{},
+		ListFiles:  []gax.CallOption{},
+		GetFile:    []gax.CallOption{},
+		DeleteFile: []gax.CallOption{},
+	}
+}
+
+// internalFileClient is an interface that defines the methods available from Generative Language API.
+type internalFileClient interface {
+	Close() error
+	setGoogleClientInfo(...string)
+	Connection() *grpc.ClientConn
+	CreateFile(context.Context, *generativelanguagepb.CreateFileRequest, ...gax.CallOption) (*generativelanguagepb.CreateFileResponse, error)
+	ListFiles(context.Context, *generativelanguagepb.ListFilesRequest, ...gax.CallOption) *FileIterator
+	GetFile(context.Context, *generativelanguagepb.GetFileRequest, ...gax.CallOption) (*generativelanguagepb.File, error)
+	DeleteFile(context.Context, *generativelanguagepb.DeleteFileRequest, ...gax.CallOption) error
+}
+
+// FileClient is a client for interacting with Generative Language API.
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+//
+// An API for uploading and managing files.
+type FileClient struct {
+	// The internal transport-dependent client.
+	internalClient internalFileClient
+
+	// The call options for this service.
+	CallOptions *FileCallOptions
+}
+
+// Wrapper methods routed to the internal client.
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *FileClient) Close() error {
+	return c.internalClient.Close()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *FileClient) setGoogleClientInfo(keyval ...string) {
+	c.internalClient.setGoogleClientInfo(keyval...)
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *FileClient) Connection() *grpc.ClientConn {
+	return c.internalClient.Connection()
+}
+
+// CreateFile creates a File.
+func (c *FileClient) CreateFile(ctx context.Context, req *generativelanguagepb.CreateFileRequest, opts ...gax.CallOption) (*generativelanguagepb.CreateFileResponse, error) {
+	return c.internalClient.CreateFile(ctx, req, opts...)
+}
+
+// ListFiles lists the metadata for Files owned by the requesting project.
+func (c *FileClient) ListFiles(ctx context.Context, req *generativelanguagepb.ListFilesRequest, opts ...gax.CallOption) *FileIterator {
+	return c.internalClient.ListFiles(ctx, req, opts...)
+}
+
+// GetFile gets the metadata for the given File.
+func (c *FileClient) GetFile(ctx context.Context, req *generativelanguagepb.GetFileRequest, opts ...gax.CallOption) (*generativelanguagepb.File, error) {
+	return c.internalClient.GetFile(ctx, req, opts...)
+}
+
+// DeleteFile deletes the File.
+func (c *FileClient) DeleteFile(ctx context.Context, req *generativelanguagepb.DeleteFileRequest, opts ...gax.CallOption) error {
+	return c.internalClient.DeleteFile(ctx, req, opts...)
+}
+
+// fileGRPCClient is a client for interacting with Generative Language API over gRPC transport.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type fileGRPCClient struct {
+	// Connection pool of gRPC connections to the service.
+	connPool gtransport.ConnPool
+
+	// Points back to the CallOptions field of the containing FileClient
+	CallOptions **FileCallOptions
+
+	// The gRPC API client.
+	fileClient generativelanguagepb.FileServiceClient
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogHeaders []string
+}
+
+// NewFileClient creates a new file service client based on gRPC.
+// The returned client must be Closed when it is done being used to clean up its underlying connections.
+//
+// An API for uploading and managing files.
+func NewFileClient(ctx context.Context, opts ...option.ClientOption) (*FileClient, error) {
+	clientOpts := defaultFileGRPCClientOptions()
+	if newFileClientHook != nil {
+		hookOpts, err := newFileClientHook(ctx, clientHookParams{})
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, hookOpts...)
+	}
+
+	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
+	if err != nil {
+		return nil, err
+	}
+	client := FileClient{CallOptions: defaultFileCallOptions()}
+
+	c := &fileGRPCClient{
+		connPool:    connPool,
+		fileClient:  generativelanguagepb.NewFileServiceClient(connPool),
+		CallOptions: &client.CallOptions,
+	}
+	c.setGoogleClientInfo()
+
+	client.internalClient = c
+
+	return &client, nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *fileGRPCClient) Connection() *grpc.ClientConn {
+	return c.connPool.Conn()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *fileGRPCClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *fileGRPCClient) Close() error {
+	return c.connPool.Close()
+}
+
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type fileRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
+
+	// Points back to the CallOptions field of the containing FileClient
+	CallOptions **FileCallOptions
+}
+
+// NewFileRESTClient creates a new file service rest client.
+//
+// An API for uploading and managing files.
+func NewFileRESTClient(ctx context.Context, opts ...option.ClientOption) (*FileClient, error) {
+	clientOpts := append(defaultFileRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultFileRESTCallOptions()
+	c := &fileRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &FileClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultFileRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://generativelanguage.googleapis.com"),
+		internaloption.WithDefaultEndpointTemplate("https://generativelanguage.UNIVERSE_DOMAIN"),
+		internaloption.WithDefaultMTLSEndpoint("https://generativelanguage.mtls.googleapis.com"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *fileRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *fileRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *fileRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
+func (c *fileGRPCClient) CreateFile(ctx context.Context, req *generativelanguagepb.CreateFileRequest, opts ...gax.CallOption) (*generativelanguagepb.CreateFileResponse, error) {
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, c.xGoogHeaders...)
+	opts = append((*c.CallOptions).CreateFile[0:len((*c.CallOptions).CreateFile):len((*c.CallOptions).CreateFile)], opts...)
+	var resp *generativelanguagepb.CreateFileResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.fileClient.CreateFile(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *fileGRPCClient) ListFiles(ctx context.Context, req *generativelanguagepb.ListFilesRequest, opts ...gax.CallOption) *FileIterator {
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, c.xGoogHeaders...)
+	opts = append((*c.CallOptions).ListFiles[0:len((*c.CallOptions).ListFiles):len((*c.CallOptions).ListFiles)], opts...)
+	it := &FileIterator{}
+	req = proto.Clone(req).(*generativelanguagepb.ListFilesRequest)
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*generativelanguagepb.File, string, error) {
+		resp := &generativelanguagepb.ListFilesResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			var err error
+			resp, err = c.fileClient.ListFiles(ctx, req, settings.GRPC...)
+			return err
+		}, opts...)
+		if err != nil {
+			return nil, "", err
+		}
+
+		it.Response = resp
+		return resp.GetFiles(), resp.GetNextPageToken(), nil
+	}
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+func (c *fileGRPCClient) GetFile(ctx context.Context, req *generativelanguagepb.GetFileRequest, opts ...gax.CallOption) (*generativelanguagepb.File, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).GetFile[0:len((*c.CallOptions).GetFile):len((*c.CallOptions).GetFile)], opts...)
+	var resp *generativelanguagepb.File
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.fileClient.GetFile(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *fileGRPCClient) DeleteFile(ctx context.Context, req *generativelanguagepb.DeleteFileRequest, opts ...gax.CallOption) error {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).DeleteFile[0:len((*c.CallOptions).DeleteFile):len((*c.CallOptions).DeleteFile)], opts...)
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		_, err = c.fileClient.DeleteFile(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	return err
+}
+
+// CreateFile creates a File.
+func (c *fileRESTClient) CreateFile(ctx context.Context, req *generativelanguagepb.CreateFileRequest, opts ...gax.CallOption) (*generativelanguagepb.CreateFileResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/files")
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).CreateFile[0:len((*c.CallOptions).CreateFile):len((*c.CallOptions).CreateFile)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.CreateFileResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// ListFiles lists the metadata for Files owned by the requesting project.
+func (c *fileRESTClient) ListFiles(ctx context.Context, req *generativelanguagepb.ListFilesRequest, opts ...gax.CallOption) *FileIterator {
+	it := &FileIterator{}
+	req = proto.Clone(req).(*generativelanguagepb.ListFilesRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*generativelanguagepb.File, string, error) {
+		resp := &generativelanguagepb.ListFilesResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1beta/files")
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetFiles(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// GetFile gets the metadata for the given File.
+func (c *fileRESTClient) GetFile(ctx context.Context, req *generativelanguagepb.GetFileRequest, opts ...gax.CallOption) (*generativelanguagepb.File, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).GetFile[0:len((*c.CallOptions).GetFile):len((*c.CallOptions).GetFile)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.File{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// DeleteFile deletes the File.
+func (c *fileRESTClient) DeleteFile(ctx context.Context, req *generativelanguagepb.DeleteFileRequest, opts ...gax.CallOption) error {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	return gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("DELETE", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		// Returns nil if there is no error, otherwise wraps
+		// the response code and body into a non-nil error
+		return googleapi.CheckResponse(httpRsp)
+	}, opts...)
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/gapic_metadata.json

@@ -0,0 +1,661 @@
+{
+  "schema": "1.0",
+  "comment": "This file maps proto services/RPCs to the corresponding library clients/methods.",
+  "language": "go",
+  "protoPackage": "google.ai.generativelanguage.v1beta",
+  "libraryPackage": "cloud.google.com/go/ai/generativelanguage/apiv1beta",
+  "services": {
+    "CacheService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "CacheClient",
+          "rpcs": {
+            "CreateCachedContent": {
+              "methods": [
+                "CreateCachedContent"
+              ]
+            },
+            "DeleteCachedContent": {
+              "methods": [
+                "DeleteCachedContent"
+              ]
+            },
+            "GetCachedContent": {
+              "methods": [
+                "GetCachedContent"
+              ]
+            },
+            "ListCachedContents": {
+              "methods": [
+                "ListCachedContents"
+              ]
+            },
+            "UpdateCachedContent": {
+              "methods": [
+                "UpdateCachedContent"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "CacheClient",
+          "rpcs": {
+            "CreateCachedContent": {
+              "methods": [
+                "CreateCachedContent"
+              ]
+            },
+            "DeleteCachedContent": {
+              "methods": [
+                "DeleteCachedContent"
+              ]
+            },
+            "GetCachedContent": {
+              "methods": [
+                "GetCachedContent"
+              ]
+            },
+            "ListCachedContents": {
+              "methods": [
+                "ListCachedContents"
+              ]
+            },
+            "UpdateCachedContent": {
+              "methods": [
+                "UpdateCachedContent"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "DiscussService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "DiscussClient",
+          "rpcs": {
+            "CountMessageTokens": {
+              "methods": [
+                "CountMessageTokens"
+              ]
+            },
+            "GenerateMessage": {
+              "methods": [
+                "GenerateMessage"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "DiscussClient",
+          "rpcs": {
+            "CountMessageTokens": {
+              "methods": [
+                "CountMessageTokens"
+              ]
+            },
+            "GenerateMessage": {
+              "methods": [
+                "GenerateMessage"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "FileService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "FileClient",
+          "rpcs": {
+            "CreateFile": {
+              "methods": [
+                "CreateFile"
+              ]
+            },
+            "DeleteFile": {
+              "methods": [
+                "DeleteFile"
+              ]
+            },
+            "GetFile": {
+              "methods": [
+                "GetFile"
+              ]
+            },
+            "ListFiles": {
+              "methods": [
+                "ListFiles"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "FileClient",
+          "rpcs": {
+            "CreateFile": {
+              "methods": [
+                "CreateFile"
+              ]
+            },
+            "DeleteFile": {
+              "methods": [
+                "DeleteFile"
+              ]
+            },
+            "GetFile": {
+              "methods": [
+                "GetFile"
+              ]
+            },
+            "ListFiles": {
+              "methods": [
+                "ListFiles"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "GenerativeService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "GenerativeClient",
+          "rpcs": {
+            "BatchEmbedContents": {
+              "methods": [
+                "BatchEmbedContents"
+              ]
+            },
+            "CountTokens": {
+              "methods": [
+                "CountTokens"
+              ]
+            },
+            "EmbedContent": {
+              "methods": [
+                "EmbedContent"
+              ]
+            },
+            "GenerateAnswer": {
+              "methods": [
+                "GenerateAnswer"
+              ]
+            },
+            "GenerateContent": {
+              "methods": [
+                "GenerateContent"
+              ]
+            },
+            "StreamGenerateContent": {
+              "methods": [
+                "StreamGenerateContent"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "GenerativeClient",
+          "rpcs": {
+            "BatchEmbedContents": {
+              "methods": [
+                "BatchEmbedContents"
+              ]
+            },
+            "CountTokens": {
+              "methods": [
+                "CountTokens"
+              ]
+            },
+            "EmbedContent": {
+              "methods": [
+                "EmbedContent"
+              ]
+            },
+            "GenerateAnswer": {
+              "methods": [
+                "GenerateAnswer"
+              ]
+            },
+            "GenerateContent": {
+              "methods": [
+                "GenerateContent"
+              ]
+            },
+            "StreamGenerateContent": {
+              "methods": [
+                "StreamGenerateContent"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "ModelService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "ModelClient",
+          "rpcs": {
+            "CreateTunedModel": {
+              "methods": [
+                "CreateTunedModel"
+              ]
+            },
+            "DeleteTunedModel": {
+              "methods": [
+                "DeleteTunedModel"
+              ]
+            },
+            "GetModel": {
+              "methods": [
+                "GetModel"
+              ]
+            },
+            "GetTunedModel": {
+              "methods": [
+                "GetTunedModel"
+              ]
+            },
+            "ListModels": {
+              "methods": [
+                "ListModels"
+              ]
+            },
+            "ListTunedModels": {
+              "methods": [
+                "ListTunedModels"
+              ]
+            },
+            "UpdateTunedModel": {
+              "methods": [
+                "UpdateTunedModel"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "ModelClient",
+          "rpcs": {
+            "CreateTunedModel": {
+              "methods": [
+                "CreateTunedModel"
+              ]
+            },
+            "DeleteTunedModel": {
+              "methods": [
+                "DeleteTunedModel"
+              ]
+            },
+            "GetModel": {
+              "methods": [
+                "GetModel"
+              ]
+            },
+            "GetTunedModel": {
+              "methods": [
+                "GetTunedModel"
+              ]
+            },
+            "ListModels": {
+              "methods": [
+                "ListModels"
+              ]
+            },
+            "ListTunedModels": {
+              "methods": [
+                "ListTunedModels"
+              ]
+            },
+            "UpdateTunedModel": {
+              "methods": [
+                "UpdateTunedModel"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "PermissionService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "PermissionClient",
+          "rpcs": {
+            "CreatePermission": {
+              "methods": [
+                "CreatePermission"
+              ]
+            },
+            "DeletePermission": {
+              "methods": [
+                "DeletePermission"
+              ]
+            },
+            "GetPermission": {
+              "methods": [
+                "GetPermission"
+              ]
+            },
+            "ListPermissions": {
+              "methods": [
+                "ListPermissions"
+              ]
+            },
+            "TransferOwnership": {
+              "methods": [
+                "TransferOwnership"
+              ]
+            },
+            "UpdatePermission": {
+              "methods": [
+                "UpdatePermission"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "PermissionClient",
+          "rpcs": {
+            "CreatePermission": {
+              "methods": [
+                "CreatePermission"
+              ]
+            },
+            "DeletePermission": {
+              "methods": [
+                "DeletePermission"
+              ]
+            },
+            "GetPermission": {
+              "methods": [
+                "GetPermission"
+              ]
+            },
+            "ListPermissions": {
+              "methods": [
+                "ListPermissions"
+              ]
+            },
+            "TransferOwnership": {
+              "methods": [
+                "TransferOwnership"
+              ]
+            },
+            "UpdatePermission": {
+              "methods": [
+                "UpdatePermission"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "RetrieverService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "RetrieverClient",
+          "rpcs": {
+            "BatchCreateChunks": {
+              "methods": [
+                "BatchCreateChunks"
+              ]
+            },
+            "BatchDeleteChunks": {
+              "methods": [
+                "BatchDeleteChunks"
+              ]
+            },
+            "BatchUpdateChunks": {
+              "methods": [
+                "BatchUpdateChunks"
+              ]
+            },
+            "CreateChunk": {
+              "methods": [
+                "CreateChunk"
+              ]
+            },
+            "CreateCorpus": {
+              "methods": [
+                "CreateCorpus"
+              ]
+            },
+            "CreateDocument": {
+              "methods": [
+                "CreateDocument"
+              ]
+            },
+            "DeleteChunk": {
+              "methods": [
+                "DeleteChunk"
+              ]
+            },
+            "DeleteCorpus": {
+              "methods": [
+                "DeleteCorpus"
+              ]
+            },
+            "DeleteDocument": {
+              "methods": [
+                "DeleteDocument"
+              ]
+            },
+            "GetChunk": {
+              "methods": [
+                "GetChunk"
+              ]
+            },
+            "GetCorpus": {
+              "methods": [
+                "GetCorpus"
+              ]
+            },
+            "GetDocument": {
+              "methods": [
+                "GetDocument"
+              ]
+            },
+            "ListChunks": {
+              "methods": [
+                "ListChunks"
+              ]
+            },
+            "ListCorpora": {
+              "methods": [
+                "ListCorpora"
+              ]
+            },
+            "ListDocuments": {
+              "methods": [
+                "ListDocuments"
+              ]
+            },
+            "QueryCorpus": {
+              "methods": [
+                "QueryCorpus"
+              ]
+            },
+            "QueryDocument": {
+              "methods": [
+                "QueryDocument"
+              ]
+            },
+            "UpdateChunk": {
+              "methods": [
+                "UpdateChunk"
+              ]
+            },
+            "UpdateCorpus": {
+              "methods": [
+                "UpdateCorpus"
+              ]
+            },
+            "UpdateDocument": {
+              "methods": [
+                "UpdateDocument"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "RetrieverClient",
+          "rpcs": {
+            "BatchCreateChunks": {
+              "methods": [
+                "BatchCreateChunks"
+              ]
+            },
+            "BatchDeleteChunks": {
+              "methods": [
+                "BatchDeleteChunks"
+              ]
+            },
+            "BatchUpdateChunks": {
+              "methods": [
+                "BatchUpdateChunks"
+              ]
+            },
+            "CreateChunk": {
+              "methods": [
+                "CreateChunk"
+              ]
+            },
+            "CreateCorpus": {
+              "methods": [
+                "CreateCorpus"
+              ]
+            },
+            "CreateDocument": {
+              "methods": [
+                "CreateDocument"
+              ]
+            },
+            "DeleteChunk": {
+              "methods": [
+                "DeleteChunk"
+              ]
+            },
+            "DeleteCorpus": {
+              "methods": [
+                "DeleteCorpus"
+              ]
+            },
+            "DeleteDocument": {
+              "methods": [
+                "DeleteDocument"
+              ]
+            },
+            "GetChunk": {
+              "methods": [
+                "GetChunk"
+              ]
+            },
+            "GetCorpus": {
+              "methods": [
+                "GetCorpus"
+              ]
+            },
+            "GetDocument": {
+              "methods": [
+                "GetDocument"
+              ]
+            },
+            "ListChunks": {
+              "methods": [
+                "ListChunks"
+              ]
+            },
+            "ListCorpora": {
+              "methods": [
+                "ListCorpora"
+              ]
+            },
+            "ListDocuments": {
+              "methods": [
+                "ListDocuments"
+              ]
+            },
+            "QueryCorpus": {
+              "methods": [
+                "QueryCorpus"
+              ]
+            },
+            "QueryDocument": {
+              "methods": [
+                "QueryDocument"
+              ]
+            },
+            "UpdateChunk": {
+              "methods": [
+                "UpdateChunk"
+              ]
+            },
+            "UpdateCorpus": {
+              "methods": [
+                "UpdateCorpus"
+              ]
+            },
+            "UpdateDocument": {
+              "methods": [
+                "UpdateDocument"
+              ]
+            }
+          }
+        }
+      }
+    },
+    "TextService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "TextClient",
+          "rpcs": {
+            "BatchEmbedText": {
+              "methods": [
+                "BatchEmbedText"
+              ]
+            },
+            "CountTextTokens": {
+              "methods": [
+                "CountTextTokens"
+              ]
+            },
+            "EmbedText": {
+              "methods": [
+                "EmbedText"
+              ]
+            },
+            "GenerateText": {
+              "methods": [
+                "GenerateText"
+              ]
+            }
+          }
+        },
+        "rest": {
+          "libraryClient": "TextClient",
+          "rpcs": {
+            "BatchEmbedText": {
+              "methods": [
+                "BatchEmbedText"
+              ]
+            },
+            "CountTextTokens": {
+              "methods": [
+                "CountTextTokens"
+              ]
+            },
+            "EmbedText": {
+              "methods": [
+                "EmbedText"
+              ]
+            },
+            "GenerateText": {
+              "methods": [
+                "GenerateText"
+              ]
+            }
+          }
+        }
+      }
+    }
+  }
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/cache_service.pb.go

@@ -0,0 +1,904 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/cache_service.proto
+
+package generativelanguagepb
+
+import (
+	context "context"
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	fieldmaskpb "google.golang.org/protobuf/types/known/fieldmaskpb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Request to list CachedContents.
+type ListCachedContentsRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Optional. The maximum number of cached contents to return. The service may
+	// return fewer than this value. If unspecified, some default (under maximum)
+	// number of items will be returned. The maximum value is 1000; values above
+	// 1000 will be coerced to 1000.
+	PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
+	// Optional. A page token, received from a previous `ListCachedContents` call.
+	// Provide this to retrieve the subsequent page.
+	//
+	// When paginating, all other parameters provided to `ListCachedContents` must
+	// match the call that provided the page token.
+	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
+}
+
+func (x *ListCachedContentsRequest) Reset() {
+	*x = ListCachedContentsRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListCachedContentsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListCachedContentsRequest) ProtoMessage() {}
+
+func (x *ListCachedContentsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListCachedContentsRequest.ProtoReflect.Descriptor instead.
+func (*ListCachedContentsRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ListCachedContentsRequest) GetPageSize() int32 {
+	if x != nil {
+		return x.PageSize
+	}
+	return 0
+}
+
+func (x *ListCachedContentsRequest) GetPageToken() string {
+	if x != nil {
+		return x.PageToken
+	}
+	return ""
+}
+
+// Response with CachedContents list.
+type ListCachedContentsResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// List of cached contents.
+	CachedContents []*CachedContent `protobuf:"bytes,1,rep,name=cached_contents,json=cachedContents,proto3" json:"cached_contents,omitempty"`
+	// A token, which can be sent as `page_token` to retrieve the next page.
+	// If this field is omitted, there are no subsequent pages.
+	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
+}
+
+func (x *ListCachedContentsResponse) Reset() {
+	*x = ListCachedContentsResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListCachedContentsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListCachedContentsResponse) ProtoMessage() {}
+
+func (x *ListCachedContentsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListCachedContentsResponse.ProtoReflect.Descriptor instead.
+func (*ListCachedContentsResponse) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ListCachedContentsResponse) GetCachedContents() []*CachedContent {
+	if x != nil {
+		return x.CachedContents
+	}
+	return nil
+}
+
+func (x *ListCachedContentsResponse) GetNextPageToken() string {
+	if x != nil {
+		return x.NextPageToken
+	}
+	return ""
+}
+
+// Request to create CachedContent.
+type CreateCachedContentRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The cached content to create.
+	CachedContent *CachedContent `protobuf:"bytes,1,opt,name=cached_content,json=cachedContent,proto3" json:"cached_content,omitempty"`
+}
+
+func (x *CreateCachedContentRequest) Reset() {
+	*x = CreateCachedContentRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CreateCachedContentRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateCachedContentRequest) ProtoMessage() {}
+
+func (x *CreateCachedContentRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateCachedContentRequest.ProtoReflect.Descriptor instead.
+func (*CreateCachedContentRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *CreateCachedContentRequest) GetCachedContent() *CachedContent {
+	if x != nil {
+		return x.CachedContent
+	}
+	return nil
+}
+
+// Request to read CachedContent.
+type GetCachedContentRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The resource name referring to the content cache entry.
+	// Format: `cachedContents/{id}`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *GetCachedContentRequest) Reset() {
+	*x = GetCachedContentRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetCachedContentRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetCachedContentRequest) ProtoMessage() {}
+
+func (x *GetCachedContentRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetCachedContentRequest.ProtoReflect.Descriptor instead.
+func (*GetCachedContentRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetCachedContentRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// Request to update CachedContent.
+type UpdateCachedContentRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The content cache entry to update
+	CachedContent *CachedContent `protobuf:"bytes,1,opt,name=cached_content,json=cachedContent,proto3" json:"cached_content,omitempty"`
+	// The list of fields to update.
+	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+}
+
+func (x *UpdateCachedContentRequest) Reset() {
+	*x = UpdateCachedContentRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpdateCachedContentRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateCachedContentRequest) ProtoMessage() {}
+
+func (x *UpdateCachedContentRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateCachedContentRequest.ProtoReflect.Descriptor instead.
+func (*UpdateCachedContentRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *UpdateCachedContentRequest) GetCachedContent() *CachedContent {
+	if x != nil {
+		return x.CachedContent
+	}
+	return nil
+}
+
+func (x *UpdateCachedContentRequest) GetUpdateMask() *fieldmaskpb.FieldMask {
+	if x != nil {
+		return x.UpdateMask
+	}
+	return nil
+}
+
+// Request to delete CachedContent.
+type DeleteCachedContentRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The resource name referring to the content cache entry
+	// Format: `cachedContents/{id}`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *DeleteCachedContentRequest) Reset() {
+	*x = DeleteCachedContentRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DeleteCachedContentRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteCachedContentRequest) ProtoMessage() {}
+
+func (x *DeleteCachedContentRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteCachedContentRequest.ProtoReflect.Descriptor instead.
+func (*DeleteCachedContentRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *DeleteCachedContentRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+var File_google_ai_generativelanguage_v1beta_cache_service_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDesc = []byte{
+	0x0a, 0x37, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x63, 0x61, 0x63, 0x68, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x38,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76, 0x31, 0x62,
+	0x65, 0x74, 0x61, 0x2f, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61,
+	0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70,
+	0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f,
+	0x6d, 0x61, 0x73, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x61, 0x0a, 0x19, 0x4c, 0x69,
+	0x73, 0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f,
+	0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52,
+	0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x22, 0x0a, 0x0a, 0x70, 0x61, 0x67,
+	0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0,
+	0x41, 0x01, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xa1, 0x01,
+	0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5b, 0x0a, 0x0f,
+	0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
+	0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x61, 0x63, 0x68,
+	0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x0e, 0x63, 0x61, 0x63, 0x68, 0x65,
+	0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78,
+	0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65,
+	0x6e, 0x22, 0x7c, 0x0a, 0x1a, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65,
+	0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x5e, 0x0a, 0x0e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x61,
+	0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02,
+	0x52, 0x0d, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x22,
+	0x66, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x37, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x31,
+	0x0a, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xb9, 0x01, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x5e, 0x0a, 0x0e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64,
+	0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31,
+	0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43,
+	0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x52, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d,
+	0x61, 0x73, 0x6b, 0x22, 0x69, 0x0a, 0x1a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x61, 0x63,
+	0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x4b, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
+	0x37, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x31, 0x0a, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x61, 0x63, 0x68, 0x65,
+	0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0x87,
+	0x08, 0x0a, 0x0c, 0x43, 0x61, 0x63, 0x68, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
+	0xb8, 0x01, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x3e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e,
+	0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x69, 0x73,
+	0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e,
+	0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x69, 0x73,
+	0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x21, 0xda, 0x41, 0x00, 0x82, 0xd3, 0xe4, 0x93,
+	0x02, 0x18, 0x12, 0x16, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x63, 0x61, 0x63, 0x68,
+	0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0xcb, 0x01, 0x0a, 0x13, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x12, 0x3f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67,
+	0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43,
+	0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e,
+	0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61,
+	0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64,
+	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x22, 0x3f, 0xda, 0x41, 0x0e, 0x63, 0x61, 0x63, 0x68,
+	0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x28,
+	0x3a, 0x0e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
+	0x22, 0x16, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64,
+	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0xb4, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74,
+	0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62,
+	0x65, 0x74, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74,
+	0x61, 0x2e, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x22,
+	0x2e, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x21, 0x12, 0x1f,
+	0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x63, 0x61,
+	0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x2a, 0x7d, 0x12,
+	0xef, 0x01, 0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64,
+	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x3f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43,
+	0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x22, 0x63, 0xda, 0x41,
+	0x1a, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2c,
+	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x40, 0x3a, 0x0e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x32, 0x2e, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x7b, 0x63, 0x61, 0x63, 0x68,
+	0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d,
+	0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x2a,
+	0x7d, 0x12, 0x9e, 0x01, 0x0a, 0x13, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x61, 0x63, 0x68,
+	0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x3f, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e,
+	0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70,
+	0x74, 0x79, 0x22, 0x2e, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x21, 0x2a, 0x1f, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65,
+	0x3d, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x2f,
+	0x2a, 0x7d, 0x1a, 0x24, 0xca, 0x41, 0x21, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x9d, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31,
+	0x62, 0x65, 0x74, 0x61, 0x42, 0x11, 0x43, 0x61, 0x63, 0x68, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5d, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x61,
+	0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67,
+	0x65, 0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescData = file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_google_ai_generativelanguage_v1beta_cache_service_proto_goTypes = []any{
+	(*ListCachedContentsRequest)(nil),  // 0: google.ai.generativelanguage.v1beta.ListCachedContentsRequest
+	(*ListCachedContentsResponse)(nil), // 1: google.ai.generativelanguage.v1beta.ListCachedContentsResponse
+	(*CreateCachedContentRequest)(nil), // 2: google.ai.generativelanguage.v1beta.CreateCachedContentRequest
+	(*GetCachedContentRequest)(nil),    // 3: google.ai.generativelanguage.v1beta.GetCachedContentRequest
+	(*UpdateCachedContentRequest)(nil), // 4: google.ai.generativelanguage.v1beta.UpdateCachedContentRequest
+	(*DeleteCachedContentRequest)(nil), // 5: google.ai.generativelanguage.v1beta.DeleteCachedContentRequest
+	(*CachedContent)(nil),              // 6: google.ai.generativelanguage.v1beta.CachedContent
+	(*fieldmaskpb.FieldMask)(nil),      // 7: google.protobuf.FieldMask
+	(*emptypb.Empty)(nil),              // 8: google.protobuf.Empty
+}
+var file_google_ai_generativelanguage_v1beta_cache_service_proto_depIdxs = []int32{
+	6, // 0: google.ai.generativelanguage.v1beta.ListCachedContentsResponse.cached_contents:type_name -> google.ai.generativelanguage.v1beta.CachedContent
+	6, // 1: google.ai.generativelanguage.v1beta.CreateCachedContentRequest.cached_content:type_name -> google.ai.generativelanguage.v1beta.CachedContent
+	6, // 2: google.ai.generativelanguage.v1beta.UpdateCachedContentRequest.cached_content:type_name -> google.ai.generativelanguage.v1beta.CachedContent
+	7, // 3: google.ai.generativelanguage.v1beta.UpdateCachedContentRequest.update_mask:type_name -> google.protobuf.FieldMask
+	0, // 4: google.ai.generativelanguage.v1beta.CacheService.ListCachedContents:input_type -> google.ai.generativelanguage.v1beta.ListCachedContentsRequest
+	2, // 5: google.ai.generativelanguage.v1beta.CacheService.CreateCachedContent:input_type -> google.ai.generativelanguage.v1beta.CreateCachedContentRequest
+	3, // 6: google.ai.generativelanguage.v1beta.CacheService.GetCachedContent:input_type -> google.ai.generativelanguage.v1beta.GetCachedContentRequest
+	4, // 7: google.ai.generativelanguage.v1beta.CacheService.UpdateCachedContent:input_type -> google.ai.generativelanguage.v1beta.UpdateCachedContentRequest
+	5, // 8: google.ai.generativelanguage.v1beta.CacheService.DeleteCachedContent:input_type -> google.ai.generativelanguage.v1beta.DeleteCachedContentRequest
+	1, // 9: google.ai.generativelanguage.v1beta.CacheService.ListCachedContents:output_type -> google.ai.generativelanguage.v1beta.ListCachedContentsResponse
+	6, // 10: google.ai.generativelanguage.v1beta.CacheService.CreateCachedContent:output_type -> google.ai.generativelanguage.v1beta.CachedContent
+	6, // 11: google.ai.generativelanguage.v1beta.CacheService.GetCachedContent:output_type -> google.ai.generativelanguage.v1beta.CachedContent
+	6, // 12: google.ai.generativelanguage.v1beta.CacheService.UpdateCachedContent:output_type -> google.ai.generativelanguage.v1beta.CachedContent
+	8, // 13: google.ai.generativelanguage.v1beta.CacheService.DeleteCachedContent:output_type -> google.protobuf.Empty
+	9, // [9:14] is the sub-list for method output_type
+	4, // [4:9] is the sub-list for method input_type
+	4, // [4:4] is the sub-list for extension type_name
+	4, // [4:4] is the sub-list for extension extendee
+	0, // [0:4] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_cache_service_proto_init() }
+func file_google_ai_generativelanguage_v1beta_cache_service_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_cache_service_proto != nil {
+		return
+	}
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*ListCachedContentsRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*ListCachedContentsResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*CreateCachedContentRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*GetCachedContentRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[4].Exporter = func(v any, i int) any {
+			switch v := v.(*UpdateCachedContentRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes[5].Exporter = func(v any, i int) any {
+			switch v := v.(*DeleteCachedContentRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   6,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_cache_service_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_cache_service_proto_depIdxs,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_cache_service_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_cache_service_proto = out.File
+	file_google_ai_generativelanguage_v1beta_cache_service_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_cache_service_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_cache_service_proto_depIdxs = nil
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConnInterface
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion6
+
+// CacheServiceClient is the client API for CacheService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type CacheServiceClient interface {
+	// Lists CachedContents.
+	ListCachedContents(ctx context.Context, in *ListCachedContentsRequest, opts ...grpc.CallOption) (*ListCachedContentsResponse, error)
+	// Creates CachedContent resource.
+	CreateCachedContent(ctx context.Context, in *CreateCachedContentRequest, opts ...grpc.CallOption) (*CachedContent, error)
+	// Reads CachedContent resource.
+	GetCachedContent(ctx context.Context, in *GetCachedContentRequest, opts ...grpc.CallOption) (*CachedContent, error)
+	// Updates CachedContent resource (only expiration is updatable).
+	UpdateCachedContent(ctx context.Context, in *UpdateCachedContentRequest, opts ...grpc.CallOption) (*CachedContent, error)
+	// Deletes CachedContent resource.
+	DeleteCachedContent(ctx context.Context, in *DeleteCachedContentRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
+}
+
+type cacheServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewCacheServiceClient(cc grpc.ClientConnInterface) CacheServiceClient {
+	return &cacheServiceClient{cc}
+}
+
+func (c *cacheServiceClient) ListCachedContents(ctx context.Context, in *ListCachedContentsRequest, opts ...grpc.CallOption) (*ListCachedContentsResponse, error) {
+	out := new(ListCachedContentsResponse)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.CacheService/ListCachedContents", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *cacheServiceClient) CreateCachedContent(ctx context.Context, in *CreateCachedContentRequest, opts ...grpc.CallOption) (*CachedContent, error) {
+	out := new(CachedContent)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.CacheService/CreateCachedContent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *cacheServiceClient) GetCachedContent(ctx context.Context, in *GetCachedContentRequest, opts ...grpc.CallOption) (*CachedContent, error) {
+	out := new(CachedContent)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.CacheService/GetCachedContent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *cacheServiceClient) UpdateCachedContent(ctx context.Context, in *UpdateCachedContentRequest, opts ...grpc.CallOption) (*CachedContent, error) {
+	out := new(CachedContent)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.CacheService/UpdateCachedContent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *cacheServiceClient) DeleteCachedContent(ctx context.Context, in *DeleteCachedContentRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	out := new(emptypb.Empty)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.CacheService/DeleteCachedContent", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// CacheServiceServer is the server API for CacheService service.
+type CacheServiceServer interface {
+	// Lists CachedContents.
+	ListCachedContents(context.Context, *ListCachedContentsRequest) (*ListCachedContentsResponse, error)
+	// Creates CachedContent resource.
+	CreateCachedContent(context.Context, *CreateCachedContentRequest) (*CachedContent, error)
+	// Reads CachedContent resource.
+	GetCachedContent(context.Context, *GetCachedContentRequest) (*CachedContent, error)
+	// Updates CachedContent resource (only expiration is updatable).
+	UpdateCachedContent(context.Context, *UpdateCachedContentRequest) (*CachedContent, error)
+	// Deletes CachedContent resource.
+	DeleteCachedContent(context.Context, *DeleteCachedContentRequest) (*emptypb.Empty, error)
+}
+
+// UnimplementedCacheServiceServer can be embedded to have forward compatible implementations.
+type UnimplementedCacheServiceServer struct {
+}
+
+func (*UnimplementedCacheServiceServer) ListCachedContents(context.Context, *ListCachedContentsRequest) (*ListCachedContentsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListCachedContents not implemented")
+}
+func (*UnimplementedCacheServiceServer) CreateCachedContent(context.Context, *CreateCachedContentRequest) (*CachedContent, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateCachedContent not implemented")
+}
+func (*UnimplementedCacheServiceServer) GetCachedContent(context.Context, *GetCachedContentRequest) (*CachedContent, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetCachedContent not implemented")
+}
+func (*UnimplementedCacheServiceServer) UpdateCachedContent(context.Context, *UpdateCachedContentRequest) (*CachedContent, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateCachedContent not implemented")
+}
+func (*UnimplementedCacheServiceServer) DeleteCachedContent(context.Context, *DeleteCachedContentRequest) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteCachedContent not implemented")
+}
+
+func RegisterCacheServiceServer(s *grpc.Server, srv CacheServiceServer) {
+	s.RegisterService(&_CacheService_serviceDesc, srv)
+}
+
+func _CacheService_ListCachedContents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListCachedContentsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CacheServiceServer).ListCachedContents(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.CacheService/ListCachedContents",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CacheServiceServer).ListCachedContents(ctx, req.(*ListCachedContentsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _CacheService_CreateCachedContent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateCachedContentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CacheServiceServer).CreateCachedContent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.CacheService/CreateCachedContent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CacheServiceServer).CreateCachedContent(ctx, req.(*CreateCachedContentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _CacheService_GetCachedContent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetCachedContentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CacheServiceServer).GetCachedContent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.CacheService/GetCachedContent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CacheServiceServer).GetCachedContent(ctx, req.(*GetCachedContentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _CacheService_UpdateCachedContent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateCachedContentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CacheServiceServer).UpdateCachedContent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.CacheService/UpdateCachedContent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CacheServiceServer).UpdateCachedContent(ctx, req.(*UpdateCachedContentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _CacheService_DeleteCachedContent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteCachedContentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CacheServiceServer).DeleteCachedContent(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.CacheService/DeleteCachedContent",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CacheServiceServer).DeleteCachedContent(ctx, req.(*DeleteCachedContentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _CacheService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "google.ai.generativelanguage.v1beta.CacheService",
+	HandlerType: (*CacheServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "ListCachedContents",
+			Handler:    _CacheService_ListCachedContents_Handler,
+		},
+		{
+			MethodName: "CreateCachedContent",
+			Handler:    _CacheService_CreateCachedContent_Handler,
+		},
+		{
+			MethodName: "GetCachedContent",
+			Handler:    _CacheService_GetCachedContent_Handler,
+		},
+		{
+			MethodName: "UpdateCachedContent",
+			Handler:    _CacheService_UpdateCachedContent_Handler,
+		},
+		{
+			MethodName: "DeleteCachedContent",
+			Handler:    _CacheService_DeleteCachedContent_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "google/ai/generativelanguage/v1beta/cache_service.proto",
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/cached_content.pb.go

@@ -0,0 +1,475 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/cached_content.proto
+
+package generativelanguagepb
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Content that has been preprocessed and can be used in subsequent request
+// to GenerativeService.
+//
+// Cached content can be only used with model it was created for.
+type CachedContent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Specifies when this resource will expire.
+	//
+	// Types that are assignable to Expiration:
+	//
+	//	*CachedContent_ExpireTime
+	//	*CachedContent_Ttl
+	Expiration isCachedContent_Expiration `protobuf_oneof:"expiration"`
+	// Optional. Identifier. The resource name referring to the cached content.
+	// Format: `cachedContents/{id}`
+	Name *string `protobuf:"bytes,1,opt,name=name,proto3,oneof" json:"name,omitempty"`
+	// Optional. Immutable. The user-generated meaningful display name of the
+	// cached content. Maximum 128 Unicode characters.
+	DisplayName *string `protobuf:"bytes,11,opt,name=display_name,json=displayName,proto3,oneof" json:"display_name,omitempty"`
+	// Required. Immutable. The name of the `Model` to use for cached content
+	// Format: `models/{model}`
+	Model *string `protobuf:"bytes,2,opt,name=model,proto3,oneof" json:"model,omitempty"`
+	// Optional. Input only. Immutable. Developer set system instruction.
+	// Currently text only.
+	SystemInstruction *Content `protobuf:"bytes,3,opt,name=system_instruction,json=systemInstruction,proto3,oneof" json:"system_instruction,omitempty"`
+	// Optional. Input only. Immutable. The content to cache.
+	Contents []*Content `protobuf:"bytes,4,rep,name=contents,proto3" json:"contents,omitempty"`
+	// Optional. Input only. Immutable. A list of `Tools` the model may use to
+	// generate the next response
+	Tools []*Tool `protobuf:"bytes,5,rep,name=tools,proto3" json:"tools,omitempty"`
+	// Optional. Input only. Immutable. Tool config. This config is shared for all
+	// tools.
+	ToolConfig *ToolConfig `protobuf:"bytes,6,opt,name=tool_config,json=toolConfig,proto3,oneof" json:"tool_config,omitempty"`
+	// Output only. Creation time of the cache entry.
+	CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
+	// Output only. When the cache entry was last updated in UTC time.
+	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
+	// Output only. Metadata on the usage of the cached content.
+	UsageMetadata *CachedContent_UsageMetadata `protobuf:"bytes,12,opt,name=usage_metadata,json=usageMetadata,proto3" json:"usage_metadata,omitempty"`
+}
+
+func (x *CachedContent) Reset() {
+	*x = CachedContent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CachedContent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CachedContent) ProtoMessage() {}
+
+func (x *CachedContent) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CachedContent.ProtoReflect.Descriptor instead.
+func (*CachedContent) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *CachedContent) GetExpiration() isCachedContent_Expiration {
+	if m != nil {
+		return m.Expiration
+	}
+	return nil
+}
+
+func (x *CachedContent) GetExpireTime() *timestamppb.Timestamp {
+	if x, ok := x.GetExpiration().(*CachedContent_ExpireTime); ok {
+		return x.ExpireTime
+	}
+	return nil
+}
+
+func (x *CachedContent) GetTtl() *durationpb.Duration {
+	if x, ok := x.GetExpiration().(*CachedContent_Ttl); ok {
+		return x.Ttl
+	}
+	return nil
+}
+
+func (x *CachedContent) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *CachedContent) GetDisplayName() string {
+	if x != nil && x.DisplayName != nil {
+		return *x.DisplayName
+	}
+	return ""
+}
+
+func (x *CachedContent) GetModel() string {
+	if x != nil && x.Model != nil {
+		return *x.Model
+	}
+	return ""
+}
+
+func (x *CachedContent) GetSystemInstruction() *Content {
+	if x != nil {
+		return x.SystemInstruction
+	}
+	return nil
+}
+
+func (x *CachedContent) GetContents() []*Content {
+	if x != nil {
+		return x.Contents
+	}
+	return nil
+}
+
+func (x *CachedContent) GetTools() []*Tool {
+	if x != nil {
+		return x.Tools
+	}
+	return nil
+}
+
+func (x *CachedContent) GetToolConfig() *ToolConfig {
+	if x != nil {
+		return x.ToolConfig
+	}
+	return nil
+}
+
+func (x *CachedContent) GetCreateTime() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreateTime
+	}
+	return nil
+}
+
+func (x *CachedContent) GetUpdateTime() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdateTime
+	}
+	return nil
+}
+
+func (x *CachedContent) GetUsageMetadata() *CachedContent_UsageMetadata {
+	if x != nil {
+		return x.UsageMetadata
+	}
+	return nil
+}
+
+type isCachedContent_Expiration interface {
+	isCachedContent_Expiration()
+}
+
+type CachedContent_ExpireTime struct {
+	// Timestamp in UTC of when this resource is considered expired.
+	// This is *always* provided on output, regardless of what was sent
+	// on input.
+	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=expire_time,json=expireTime,proto3,oneof"`
+}
+
+type CachedContent_Ttl struct {
+	// Input only. New TTL for this resource, input only.
+	Ttl *durationpb.Duration `protobuf:"bytes,10,opt,name=ttl,proto3,oneof"`
+}
+
+func (*CachedContent_ExpireTime) isCachedContent_Expiration() {}
+
+func (*CachedContent_Ttl) isCachedContent_Expiration() {}
+
+// Metadata on the usage of the cached content.
+type CachedContent_UsageMetadata struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Total number of tokens that the cached content consumes.
+	TotalTokenCount int32 `protobuf:"varint,1,opt,name=total_token_count,json=totalTokenCount,proto3" json:"total_token_count,omitempty"`
+}
+
+func (x *CachedContent_UsageMetadata) Reset() {
+	*x = CachedContent_UsageMetadata{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CachedContent_UsageMetadata) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CachedContent_UsageMetadata) ProtoMessage() {}
+
+func (x *CachedContent_UsageMetadata) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CachedContent_UsageMetadata.ProtoReflect.Descriptor instead.
+func (*CachedContent_UsageMetadata) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *CachedContent_UsageMetadata) GetTotalTokenCount() int32 {
+	if x != nil {
+		return x.TotalTokenCount
+	}
+	return 0
+}
+
+var File_google_ai_generativelanguage_v1beta_cached_content_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDesc = []byte{
+	0x0a, 0x38, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a,
+	0x31, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76, 0x31,
+	0x62, 0x65, 0x74, 0x61, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66,
+	0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f,
+	0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f,
+	0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
+	0x84, 0x09, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x12, 0x3d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x6d, 0x70, 0x48, 0x00, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x54, 0x69, 0x6d, 0x65,
+	0x12, 0x32, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x04, 0x48, 0x00, 0x52,
+	0x03, 0x74, 0x74, 0x6c, 0x12, 0x1f, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x42, 0x06, 0xe0, 0x41, 0x08, 0xe0, 0x41, 0x01, 0x48, 0x01, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x2e, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xe0, 0x41, 0x01,
+	0xe0, 0x41, 0x05, 0x48, 0x02, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61,
+	0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x4d, 0x0a, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x42, 0x32, 0xe0, 0x41, 0x05, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x29, 0x0a,
+	0x27, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75,
+	0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x4d, 0x6f, 0x64, 0x65, 0x6c, 0x48, 0x03, 0x52, 0x05, 0x6d, 0x6f, 0x64, 0x65,
+	0x6c, 0x88, 0x01, 0x01, 0x12, 0x6b, 0x0a, 0x12, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x69,
+	0x6e, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e,
+	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x42, 0x09,
+	0xe0, 0x41, 0x01, 0xe0, 0x41, 0x05, 0xe0, 0x41, 0x04, 0x48, 0x04, 0x52, 0x11, 0x73, 0x79, 0x73,
+	0x74, 0x65, 0x6d, 0x49, 0x6e, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x88, 0x01,
+	0x01, 0x12, 0x53, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e,
+	0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61,
+	0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x42, 0x09, 0xe0, 0x41, 0x01, 0xe0, 0x41, 0x05, 0xe0, 0x41, 0x04, 0x52, 0x08, 0x63, 0x6f,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x18,
+	0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
+	0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x54, 0x6f, 0x6f, 0x6c,
+	0x42, 0x09, 0xe0, 0x41, 0x01, 0xe0, 0x41, 0x05, 0xe0, 0x41, 0x04, 0x52, 0x05, 0x74, 0x6f, 0x6f,
+	0x6c, 0x73, 0x12, 0x60, 0x0a, 0x0b, 0x74, 0x6f, 0x6f, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x54, 0x6f,
+	0x6f, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x09, 0xe0, 0x41, 0x01, 0xe0, 0x41, 0x05,
+	0xe0, 0x41, 0x04, 0x48, 0x05, 0x52, 0x0a, 0x74, 0x6f, 0x6f, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x88, 0x01, 0x01, 0x12, 0x40, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x74,
+	0x69, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x75, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x6c, 0x0a, 0x0e, 0x75, 0x73, 0x61, 0x67,
+	0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x40, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e,
+	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x73, 0x61, 0x67, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0d, 0x75, 0x73, 0x61, 0x67, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x55, 0x73, 0x61, 0x67, 0x65, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c,
+	0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x05, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f,
+	0x75, 0x6e, 0x74, 0x3a, 0x68, 0xea, 0x41, 0x65, 0x0a, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x61, 0x63, 0x68,
+	0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x13, 0x63, 0x61, 0x63, 0x68, 0x65,
+	0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x2a, 0x0e,
+	0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x32, 0x0d,
+	0x63, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x42, 0x0c, 0x0a,
+	0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x07, 0x0a, 0x05, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x42,
+	0x15, 0x0a, 0x13, 0x5f, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x72,
+	0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x6f, 0x6f, 0x6c, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x9e, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65,
+	0x74, 0x61, 0x42, 0x12, 0x43, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5d, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69,
+	0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75,
+	0x61, 0x67, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e,
+	0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescData = file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_google_ai_generativelanguage_v1beta_cached_content_proto_goTypes = []any{
+	(*CachedContent)(nil),               // 0: google.ai.generativelanguage.v1beta.CachedContent
+	(*CachedContent_UsageMetadata)(nil), // 1: google.ai.generativelanguage.v1beta.CachedContent.UsageMetadata
+	(*timestamppb.Timestamp)(nil),       // 2: google.protobuf.Timestamp
+	(*durationpb.Duration)(nil),         // 3: google.protobuf.Duration
+	(*Content)(nil),                     // 4: google.ai.generativelanguage.v1beta.Content
+	(*Tool)(nil),                        // 5: google.ai.generativelanguage.v1beta.Tool
+	(*ToolConfig)(nil),                  // 6: google.ai.generativelanguage.v1beta.ToolConfig
+}
+var file_google_ai_generativelanguage_v1beta_cached_content_proto_depIdxs = []int32{
+	2, // 0: google.ai.generativelanguage.v1beta.CachedContent.expire_time:type_name -> google.protobuf.Timestamp
+	3, // 1: google.ai.generativelanguage.v1beta.CachedContent.ttl:type_name -> google.protobuf.Duration
+	4, // 2: google.ai.generativelanguage.v1beta.CachedContent.system_instruction:type_name -> google.ai.generativelanguage.v1beta.Content
+	4, // 3: google.ai.generativelanguage.v1beta.CachedContent.contents:type_name -> google.ai.generativelanguage.v1beta.Content
+	5, // 4: google.ai.generativelanguage.v1beta.CachedContent.tools:type_name -> google.ai.generativelanguage.v1beta.Tool
+	6, // 5: google.ai.generativelanguage.v1beta.CachedContent.tool_config:type_name -> google.ai.generativelanguage.v1beta.ToolConfig
+	2, // 6: google.ai.generativelanguage.v1beta.CachedContent.create_time:type_name -> google.protobuf.Timestamp
+	2, // 7: google.ai.generativelanguage.v1beta.CachedContent.update_time:type_name -> google.protobuf.Timestamp
+	1, // 8: google.ai.generativelanguage.v1beta.CachedContent.usage_metadata:type_name -> google.ai.generativelanguage.v1beta.CachedContent.UsageMetadata
+	9, // [9:9] is the sub-list for method output_type
+	9, // [9:9] is the sub-list for method input_type
+	9, // [9:9] is the sub-list for extension type_name
+	9, // [9:9] is the sub-list for extension extendee
+	0, // [0:9] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_cached_content_proto_init() }
+func file_google_ai_generativelanguage_v1beta_cached_content_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_cached_content_proto != nil {
+		return
+	}
+	file_google_ai_generativelanguage_v1beta_content_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*CachedContent); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*CachedContent_UsageMetadata); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes[0].OneofWrappers = []any{
+		(*CachedContent_ExpireTime)(nil),
+		(*CachedContent_Ttl)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_cached_content_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_cached_content_proto_depIdxs,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_cached_content_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_cached_content_proto = out.File
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_cached_content_proto_depIdxs = nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/citation.pb.go

@@ -0,0 +1,290 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/citation.proto
+
+package generativelanguagepb
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// A collection of source attributions for a piece of content.
+type CitationMetadata struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Citations to sources for a specific response.
+	CitationSources []*CitationSource `protobuf:"bytes,1,rep,name=citation_sources,json=citationSources,proto3" json:"citation_sources,omitempty"`
+}
+
+func (x *CitationMetadata) Reset() {
+	*x = CitationMetadata{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CitationMetadata) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CitationMetadata) ProtoMessage() {}
+
+func (x *CitationMetadata) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CitationMetadata.ProtoReflect.Descriptor instead.
+func (*CitationMetadata) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_citation_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *CitationMetadata) GetCitationSources() []*CitationSource {
+	if x != nil {
+		return x.CitationSources
+	}
+	return nil
+}
+
+// A citation to a source for a portion of a specific response.
+type CitationSource struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Optional. Start of segment of the response that is attributed to this
+	// source.
+	//
+	// Index indicates the start of the segment, measured in bytes.
+	StartIndex *int32 `protobuf:"varint,1,opt,name=start_index,json=startIndex,proto3,oneof" json:"start_index,omitempty"`
+	// Optional. End of the attributed segment, exclusive.
+	EndIndex *int32 `protobuf:"varint,2,opt,name=end_index,json=endIndex,proto3,oneof" json:"end_index,omitempty"`
+	// Optional. URI that is attributed as a source for a portion of the text.
+	Uri *string `protobuf:"bytes,3,opt,name=uri,proto3,oneof" json:"uri,omitempty"`
+	// Optional. License for the GitHub project that is attributed as a source for
+	// segment.
+	//
+	// License info is required for code citations.
+	License *string `protobuf:"bytes,4,opt,name=license,proto3,oneof" json:"license,omitempty"`
+}
+
+func (x *CitationSource) Reset() {
+	*x = CitationSource{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CitationSource) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CitationSource) ProtoMessage() {}
+
+func (x *CitationSource) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CitationSource.ProtoReflect.Descriptor instead.
+func (*CitationSource) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_citation_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *CitationSource) GetStartIndex() int32 {
+	if x != nil && x.StartIndex != nil {
+		return *x.StartIndex
+	}
+	return 0
+}
+
+func (x *CitationSource) GetEndIndex() int32 {
+	if x != nil && x.EndIndex != nil {
+		return *x.EndIndex
+	}
+	return 0
+}
+
+func (x *CitationSource) GetUri() string {
+	if x != nil && x.Uri != nil {
+		return *x.Uri
+	}
+	return ""
+}
+
+func (x *CitationSource) GetLicense() string {
+	if x != nil && x.License != nil {
+		return *x.License
+	}
+	return ""
+}
+
+var File_google_ai_generativelanguage_v1beta_citation_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_citation_proto_rawDesc = []byte{
+	0x0a, 0x32, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x63, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e,
+	0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61,
+	0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61,
+	0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x72, 0x0a, 0x10, 0x43, 0x69,
+	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x5e,
+	0x0a, 0x10, 0x63, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43,
+	0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0f, 0x63,
+	0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x22, 0xd4,
+	0x01, 0x0a, 0x0e, 0x43, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x12, 0x29, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x48, 0x00, 0x52, 0x0a, 0x73,
+	0x74, 0x61, 0x72, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x88, 0x01, 0x01, 0x12, 0x25, 0x0a, 0x09,
+	0x65, 0x6e, 0x64, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x42,
+	0x03, 0xe0, 0x41, 0x01, 0x48, 0x01, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x49, 0x6e, 0x64, 0x65, 0x78,
+	0x88, 0x01, 0x01, 0x12, 0x1a, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x42, 0x03, 0xe0, 0x41, 0x01, 0x48, 0x02, 0x52, 0x03, 0x75, 0x72, 0x69, 0x88, 0x01, 0x01, 0x12,
+	0x22, 0x0a, 0x07, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x42, 0x03, 0xe0, 0x41, 0x01, 0x48, 0x03, 0x52, 0x07, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65,
+	0x88, 0x01, 0x01, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x69, 0x6e,
+	0x64, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x69, 0x6e, 0x64, 0x65,
+	0x78, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x75, 0x72, 0x69, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x6c, 0x69,
+	0x63, 0x65, 0x6e, 0x73, 0x65, 0x42, 0x99, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74,
+	0x61, 0x42, 0x0d, 0x43, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x50, 0x01, 0x5a, 0x5d, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x61, 0x70,
+	0x69, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70,
+	0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_citation_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_citation_proto_rawDescData = file_google_ai_generativelanguage_v1beta_citation_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_citation_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_citation_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_citation_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_citation_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_citation_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_google_ai_generativelanguage_v1beta_citation_proto_goTypes = []any{
+	(*CitationMetadata)(nil), // 0: google.ai.generativelanguage.v1beta.CitationMetadata
+	(*CitationSource)(nil),   // 1: google.ai.generativelanguage.v1beta.CitationSource
+}
+var file_google_ai_generativelanguage_v1beta_citation_proto_depIdxs = []int32{
+	1, // 0: google.ai.generativelanguage.v1beta.CitationMetadata.citation_sources:type_name -> google.ai.generativelanguage.v1beta.CitationSource
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_citation_proto_init() }
+func file_google_ai_generativelanguage_v1beta_citation_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_citation_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*CitationMetadata); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*CitationSource); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes[1].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_citation_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_citation_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_citation_proto_depIdxs,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_citation_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_citation_proto = out.File
+	file_google_ai_generativelanguage_v1beta_citation_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_citation_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_citation_proto_depIdxs = nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/file.pb.go

@@ -0,0 +1,500 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/file.proto
+
+package generativelanguagepb
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	status "google.golang.org/genproto/googleapis/rpc/status"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// States for the lifecycle of a File.
+type File_State int32
+
+const (
+	// The default value. This value is used if the state is omitted.
+	File_STATE_UNSPECIFIED File_State = 0
+	// File is being processed and cannot be used for inference yet.
+	File_PROCESSING File_State = 1
+	// File is processed and available for inference.
+	File_ACTIVE File_State = 2
+	// File failed processing.
+	File_FAILED File_State = 10
+)
+
+// Enum value maps for File_State.
+var (
+	File_State_name = map[int32]string{
+		0:  "STATE_UNSPECIFIED",
+		1:  "PROCESSING",
+		2:  "ACTIVE",
+		10: "FAILED",
+	}
+	File_State_value = map[string]int32{
+		"STATE_UNSPECIFIED": 0,
+		"PROCESSING":        1,
+		"ACTIVE":            2,
+		"FAILED":            10,
+	}
+)
+
+func (x File_State) Enum() *File_State {
+	p := new(File_State)
+	*p = x
+	return p
+}
+
+func (x File_State) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (File_State) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_file_proto_enumTypes[0].Descriptor()
+}
+
+func (File_State) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_file_proto_enumTypes[0]
+}
+
+func (x File_State) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use File_State.Descriptor instead.
+func (File_State) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// A file uploaded to the API.
+type File struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Metadata for the File.
+	//
+	// Types that are assignable to Metadata:
+	//
+	//	*File_VideoMetadata
+	Metadata isFile_Metadata `protobuf_oneof:"metadata"`
+	// Immutable. Identifier. The `File` resource name. The ID (name excluding the
+	// "files/" prefix) can contain up to 40 characters that are lowercase
+	// alphanumeric or dashes (-). The ID cannot start or end with a dash. If the
+	// name is empty on create, a unique name will be generated. Example:
+	// `files/123-456`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Optional. The human-readable display name for the `File`. The display name
+	// must be no more than 512 characters in length, including spaces. Example:
+	// "Welcome Image"
+	DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
+	// Output only. MIME type of the file.
+	MimeType string `protobuf:"bytes,3,opt,name=mime_type,json=mimeType,proto3" json:"mime_type,omitempty"`
+	// Output only. Size of the file in bytes.
+	SizeBytes int64 `protobuf:"varint,4,opt,name=size_bytes,json=sizeBytes,proto3" json:"size_bytes,omitempty"`
+	// Output only. The timestamp of when the `File` was created.
+	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
+	// Output only. The timestamp of when the `File` was last updated.
+	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
+	// Output only. The timestamp of when the `File` will be deleted. Only set if
+	// the `File` is scheduled to expire.
+	ExpirationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty"`
+	// Output only. SHA-256 hash of the uploaded bytes.
+	Sha256Hash []byte `protobuf:"bytes,8,opt,name=sha256_hash,json=sha256Hash,proto3" json:"sha256_hash,omitempty"`
+	// Output only. The uri of the `File`.
+	Uri string `protobuf:"bytes,9,opt,name=uri,proto3" json:"uri,omitempty"`
+	// Output only. Processing state of the File.
+	State File_State `protobuf:"varint,10,opt,name=state,proto3,enum=google.ai.generativelanguage.v1beta.File_State" json:"state,omitempty"`
+	// Output only. Error status if File processing failed.
+	Error *status.Status `protobuf:"bytes,11,opt,name=error,proto3" json:"error,omitempty"`
+}
+
+func (x *File) Reset() {
+	*x = File{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *File) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*File) ProtoMessage() {}
+
+func (x *File) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use File.ProtoReflect.Descriptor instead.
+func (*File) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *File) GetMetadata() isFile_Metadata {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+func (x *File) GetVideoMetadata() *VideoMetadata {
+	if x, ok := x.GetMetadata().(*File_VideoMetadata); ok {
+		return x.VideoMetadata
+	}
+	return nil
+}
+
+func (x *File) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *File) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *File) GetMimeType() string {
+	if x != nil {
+		return x.MimeType
+	}
+	return ""
+}
+
+func (x *File) GetSizeBytes() int64 {
+	if x != nil {
+		return x.SizeBytes
+	}
+	return 0
+}
+
+func (x *File) GetCreateTime() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreateTime
+	}
+	return nil
+}
+
+func (x *File) GetUpdateTime() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdateTime
+	}
+	return nil
+}
+
+func (x *File) GetExpirationTime() *timestamppb.Timestamp {
+	if x != nil {
+		return x.ExpirationTime
+	}
+	return nil
+}
+
+func (x *File) GetSha256Hash() []byte {
+	if x != nil {
+		return x.Sha256Hash
+	}
+	return nil
+}
+
+func (x *File) GetUri() string {
+	if x != nil {
+		return x.Uri
+	}
+	return ""
+}
+
+func (x *File) GetState() File_State {
+	if x != nil {
+		return x.State
+	}
+	return File_STATE_UNSPECIFIED
+}
+
+func (x *File) GetError() *status.Status {
+	if x != nil {
+		return x.Error
+	}
+	return nil
+}
+
+type isFile_Metadata interface {
+	isFile_Metadata()
+}
+
+type File_VideoMetadata struct {
+	// Output only. Metadata for a video.
+	VideoMetadata *VideoMetadata `protobuf:"bytes,12,opt,name=video_metadata,json=videoMetadata,proto3,oneof"`
+}
+
+func (*File_VideoMetadata) isFile_Metadata() {}
+
+// Metadata for a video `File`.
+type VideoMetadata struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Duration of the video.
+	VideoDuration *durationpb.Duration `protobuf:"bytes,1,opt,name=video_duration,json=videoDuration,proto3" json:"video_duration,omitempty"`
+}
+
+func (x *VideoMetadata) Reset() {
+	*x = VideoMetadata{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *VideoMetadata) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VideoMetadata) ProtoMessage() {}
+
+func (x *VideoMetadata) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VideoMetadata.ProtoReflect.Descriptor instead.
+func (*VideoMetadata) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *VideoMetadata) GetVideoDuration() *durationpb.Duration {
+	if x != nil {
+		return x.VideoDuration
+	}
+	return nil
+}
+
+var File_google_ai_generativelanguage_v1beta_file_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_file_proto_rawDesc = []byte{
+	0x0a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70,
+	0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61,
+	0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x73,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x06, 0x0a, 0x04,
+	0x46, 0x69, 0x6c, 0x65, 0x12, 0x60, 0x0a, 0x0e, 0x76, 0x69, 0x64, 0x65, 0x6f, 0x5f, 0x6d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65,
+	0x74, 0x61, 0x2e, 0x56, 0x69, 0x64, 0x65, 0x6f, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+	0x42, 0x03, 0xe0, 0x41, 0x03, 0x48, 0x00, 0x52, 0x0d, 0x76, 0x69, 0x64, 0x65, 0x6f, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x1a, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xe0, 0x41, 0x08, 0xe0, 0x41, 0x05, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0b, 0x64,
+	0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x09, 0x6d, 0x69,
+	0x6d, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0,
+	0x41, 0x03, 0x52, 0x08, 0x6d, 0x69, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x22, 0x0a, 0x0a,
+	0x73, 0x69, 0x7a, 0x65, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03,
+	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x09, 0x73, 0x69, 0x7a, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73,
+	0x12, 0x40, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69,
+	0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d,
+	0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x54, 0x69, 0x6d, 0x65, 0x12, 0x48, 0x0a, 0x0f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0e,
+	0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x24,
+	0x0a, 0x0b, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36,
+	0x48, 0x61, 0x73, 0x68, 0x12, 0x15, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x09, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x4a, 0x0a, 0x05, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
+	0x2e, 0x46, 0x69, 0x6c, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x03,
+	0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2d, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72,
+	0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x72, 0x70, 0x63, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52,
+	0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x46, 0x0a, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x15, 0x0a, 0x11, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
+	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+	0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45,
+	0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x0a, 0x3a, 0x46,
+	0xea, 0x41, 0x43, 0x0a, 0x26, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70,
+	0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x0c, 0x66, 0x69, 0x6c,
+	0x65, 0x73, 0x2f, 0x7b, 0x66, 0x69, 0x6c, 0x65, 0x7d, 0x2a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73,
+	0x32, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x42, 0x0a, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0x22, 0x51, 0x0a, 0x0d, 0x56, 0x69, 0x64, 0x65, 0x6f, 0x4d, 0x65, 0x74, 0x61, 0x64,
+	0x61, 0x74, 0x61, 0x12, 0x40, 0x0a, 0x0e, 0x76, 0x69, 0x64, 0x65, 0x6f, 0x5f, 0x64, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x76, 0x69, 0x64, 0x65, 0x6f, 0x44, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x95, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74,
+	0x61, 0x42, 0x09, 0x46, 0x69, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5d,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x62,
+	0x65, 0x74, 0x61, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_file_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_file_proto_rawDescData = file_google_ai_generativelanguage_v1beta_file_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_file_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_file_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_file_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_file_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_file_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_google_ai_generativelanguage_v1beta_file_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_google_ai_generativelanguage_v1beta_file_proto_goTypes = []any{
+	(File_State)(0),               // 0: google.ai.generativelanguage.v1beta.File.State
+	(*File)(nil),                  // 1: google.ai.generativelanguage.v1beta.File
+	(*VideoMetadata)(nil),         // 2: google.ai.generativelanguage.v1beta.VideoMetadata
+	(*timestamppb.Timestamp)(nil), // 3: google.protobuf.Timestamp
+	(*status.Status)(nil),         // 4: google.rpc.Status
+	(*durationpb.Duration)(nil),   // 5: google.protobuf.Duration
+}
+var file_google_ai_generativelanguage_v1beta_file_proto_depIdxs = []int32{
+	2, // 0: google.ai.generativelanguage.v1beta.File.video_metadata:type_name -> google.ai.generativelanguage.v1beta.VideoMetadata
+	3, // 1: google.ai.generativelanguage.v1beta.File.create_time:type_name -> google.protobuf.Timestamp
+	3, // 2: google.ai.generativelanguage.v1beta.File.update_time:type_name -> google.protobuf.Timestamp
+	3, // 3: google.ai.generativelanguage.v1beta.File.expiration_time:type_name -> google.protobuf.Timestamp
+	0, // 4: google.ai.generativelanguage.v1beta.File.state:type_name -> google.ai.generativelanguage.v1beta.File.State
+	4, // 5: google.ai.generativelanguage.v1beta.File.error:type_name -> google.rpc.Status
+	5, // 6: google.ai.generativelanguage.v1beta.VideoMetadata.video_duration:type_name -> google.protobuf.Duration
+	7, // [7:7] is the sub-list for method output_type
+	7, // [7:7] is the sub-list for method input_type
+	7, // [7:7] is the sub-list for extension type_name
+	7, // [7:7] is the sub-list for extension extendee
+	0, // [0:7] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_file_proto_init() }
+func file_google_ai_generativelanguage_v1beta_file_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_file_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*File); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*VideoMetadata); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_ai_generativelanguage_v1beta_file_proto_msgTypes[0].OneofWrappers = []any{
+		(*File_VideoMetadata)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_file_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_file_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_file_proto_depIdxs,
+		EnumInfos:         file_google_ai_generativelanguage_v1beta_file_proto_enumTypes,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_file_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_file_proto = out.File
+	file_google_ai_generativelanguage_v1beta_file_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_file_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_file_proto_depIdxs = nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/file_service.pb.go

@@ -0,0 +1,805 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/file_service.proto
+
+package generativelanguagepb
+
+import (
+	context "context"
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Request for `CreateFile`.
+type CreateFileRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Optional. Metadata for the file to create.
+	File *File `protobuf:"bytes,1,opt,name=file,proto3" json:"file,omitempty"`
+}
+
+func (x *CreateFileRequest) Reset() {
+	*x = CreateFileRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CreateFileRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateFileRequest) ProtoMessage() {}
+
+func (x *CreateFileRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateFileRequest.ProtoReflect.Descriptor instead.
+func (*CreateFileRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *CreateFileRequest) GetFile() *File {
+	if x != nil {
+		return x.File
+	}
+	return nil
+}
+
+// Response for `CreateFile`.
+type CreateFileResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Metadata for the created file.
+	File *File `protobuf:"bytes,1,opt,name=file,proto3" json:"file,omitempty"`
+}
+
+func (x *CreateFileResponse) Reset() {
+	*x = CreateFileResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CreateFileResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateFileResponse) ProtoMessage() {}
+
+func (x *CreateFileResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateFileResponse.ProtoReflect.Descriptor instead.
+func (*CreateFileResponse) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *CreateFileResponse) GetFile() *File {
+	if x != nil {
+		return x.File
+	}
+	return nil
+}
+
+// Request for `ListFiles`.
+type ListFilesRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Optional. Maximum number of `File`s to return per page.
+	// If unspecified, defaults to 10. Maximum `page_size` is 100.
+	PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
+	// Optional. A page token from a previous `ListFiles` call.
+	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
+}
+
+func (x *ListFilesRequest) Reset() {
+	*x = ListFilesRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListFilesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListFilesRequest) ProtoMessage() {}
+
+func (x *ListFilesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListFilesRequest.ProtoReflect.Descriptor instead.
+func (*ListFilesRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ListFilesRequest) GetPageSize() int32 {
+	if x != nil {
+		return x.PageSize
+	}
+	return 0
+}
+
+func (x *ListFilesRequest) GetPageToken() string {
+	if x != nil {
+		return x.PageToken
+	}
+	return ""
+}
+
+// Response for `ListFiles`.
+type ListFilesResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The list of `File`s.
+	Files []*File `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"`
+	// A token that can be sent as a `page_token` into a subsequent `ListFiles`
+	// call.
+	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
+}
+
+func (x *ListFilesResponse) Reset() {
+	*x = ListFilesResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListFilesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListFilesResponse) ProtoMessage() {}
+
+func (x *ListFilesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListFilesResponse.ProtoReflect.Descriptor instead.
+func (*ListFilesResponse) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ListFilesResponse) GetFiles() []*File {
+	if x != nil {
+		return x.Files
+	}
+	return nil
+}
+
+func (x *ListFilesResponse) GetNextPageToken() string {
+	if x != nil {
+		return x.NextPageToken
+	}
+	return ""
+}
+
+// Request for `GetFile`.
+type GetFileRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The name of the `File` to get.
+	// Example: `files/abc-123`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *GetFileRequest) Reset() {
+	*x = GetFileRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetFileRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetFileRequest) ProtoMessage() {}
+
+func (x *GetFileRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetFileRequest.ProtoReflect.Descriptor instead.
+func (*GetFileRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetFileRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// Request for `DeleteFile`.
+type DeleteFileRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The name of the `File` to delete.
+	// Example: `files/abc-123`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *DeleteFileRequest) Reset() {
+	*x = DeleteFileRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DeleteFileRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteFileRequest) ProtoMessage() {}
+
+func (x *DeleteFileRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteFileRequest.ProtoReflect.Descriptor instead.
+func (*DeleteFileRequest) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *DeleteFileRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+var File_google_ai_generativelanguage_v1beta_file_service_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_file_service_proto_rawDesc = []byte{
+	0x0a, 0x36, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65,
+	0x74, 0x61, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69,
+	0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70,
+	0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x57, 0x0a,
+	0x11, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x42, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e,
+	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01,
+	0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x53, 0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
+	0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3d, 0x0a, 0x04,
+	0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
+	0x2e, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x58, 0x0a, 0x10, 0x4c,
+	0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x20, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a,
+	0x65, 0x12, 0x22, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65,
+	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x7c, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c,
+	0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x66, 0x69,
+	0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e,
+	0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e,
+	0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f,
+	0x6b, 0x65, 0x6e, 0x22, 0x54, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x42, 0x2e, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x28, 0x0a, 0x26, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x46,
+	0x69, 0x6c, 0x65, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x57, 0x0a, 0x11, 0x44, 0x65, 0x6c,
+	0x65, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x2e, 0xe0, 0x41,
+	0x02, 0xfa, 0x41, 0x28, 0x0a, 0x26, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
+	0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x32, 0xfa, 0x04, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x12, 0x97, 0x01, 0x0a, 0x0a, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c,
+	0x65, 0x12, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69,
+	0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e,
+	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x18, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x12, 0x3a, 0x01, 0x2a, 0x22, 0x0d, 0x2f,
+	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x91, 0x01, 0x0a,
+	0x09, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x35, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
+	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x46, 0x69, 0x6c, 0x65,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x15, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x0f, 0x12, 0x0d, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x66, 0x69, 0x6c, 0x65, 0x73,
+	0x12, 0x90, 0x01, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x33, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65,
+	0x74, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x22, 0x25, 0xda, 0x41,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x12, 0x16, 0x2f, 0x76, 0x31,
+	0x62, 0x65, 0x74, 0x61, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x66, 0x69, 0x6c, 0x65, 0x73,
+	0x2f, 0x2a, 0x7d, 0x12, 0x83, 0x01, 0x0a, 0x0a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x46, 0x69,
+	0x6c, 0x65, 0x12, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67,
+	0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x46,
+	0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70,
+	0x74, 0x79, 0x22, 0x25, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x18, 0x2a, 0x16, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65,
+	0x3d, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x2f, 0x2a, 0x7d, 0x1a, 0x24, 0xca, 0x41, 0x21, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42,
+	0x9c, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
+	0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x42, 0x10, 0x46, 0x69, 0x6c,
+	0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x5d, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31,
+	0x62, 0x65, 0x74, 0x61, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescData = file_google_ai_generativelanguage_v1beta_file_service_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_file_service_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_google_ai_generativelanguage_v1beta_file_service_proto_goTypes = []any{
+	(*CreateFileRequest)(nil),  // 0: google.ai.generativelanguage.v1beta.CreateFileRequest
+	(*CreateFileResponse)(nil), // 1: google.ai.generativelanguage.v1beta.CreateFileResponse
+	(*ListFilesRequest)(nil),   // 2: google.ai.generativelanguage.v1beta.ListFilesRequest
+	(*ListFilesResponse)(nil),  // 3: google.ai.generativelanguage.v1beta.ListFilesResponse
+	(*GetFileRequest)(nil),     // 4: google.ai.generativelanguage.v1beta.GetFileRequest
+	(*DeleteFileRequest)(nil),  // 5: google.ai.generativelanguage.v1beta.DeleteFileRequest
+	(*File)(nil),               // 6: google.ai.generativelanguage.v1beta.File
+	(*emptypb.Empty)(nil),      // 7: google.protobuf.Empty
+}
+var file_google_ai_generativelanguage_v1beta_file_service_proto_depIdxs = []int32{
+	6, // 0: google.ai.generativelanguage.v1beta.CreateFileRequest.file:type_name -> google.ai.generativelanguage.v1beta.File
+	6, // 1: google.ai.generativelanguage.v1beta.CreateFileResponse.file:type_name -> google.ai.generativelanguage.v1beta.File
+	6, // 2: google.ai.generativelanguage.v1beta.ListFilesResponse.files:type_name -> google.ai.generativelanguage.v1beta.File
+	0, // 3: google.ai.generativelanguage.v1beta.FileService.CreateFile:input_type -> google.ai.generativelanguage.v1beta.CreateFileRequest
+	2, // 4: google.ai.generativelanguage.v1beta.FileService.ListFiles:input_type -> google.ai.generativelanguage.v1beta.ListFilesRequest
+	4, // 5: google.ai.generativelanguage.v1beta.FileService.GetFile:input_type -> google.ai.generativelanguage.v1beta.GetFileRequest
+	5, // 6: google.ai.generativelanguage.v1beta.FileService.DeleteFile:input_type -> google.ai.generativelanguage.v1beta.DeleteFileRequest
+	1, // 7: google.ai.generativelanguage.v1beta.FileService.CreateFile:output_type -> google.ai.generativelanguage.v1beta.CreateFileResponse
+	3, // 8: google.ai.generativelanguage.v1beta.FileService.ListFiles:output_type -> google.ai.generativelanguage.v1beta.ListFilesResponse
+	6, // 9: google.ai.generativelanguage.v1beta.FileService.GetFile:output_type -> google.ai.generativelanguage.v1beta.File
+	7, // 10: google.ai.generativelanguage.v1beta.FileService.DeleteFile:output_type -> google.protobuf.Empty
+	7, // [7:11] is the sub-list for method output_type
+	3, // [3:7] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_file_service_proto_init() }
+func file_google_ai_generativelanguage_v1beta_file_service_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_file_service_proto != nil {
+		return
+	}
+	file_google_ai_generativelanguage_v1beta_file_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*CreateFileRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*CreateFileResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*ListFilesRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*ListFilesResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[4].Exporter = func(v any, i int) any {
+			switch v := v.(*GetFileRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes[5].Exporter = func(v any, i int) any {
+			switch v := v.(*DeleteFileRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_file_service_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   6,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_file_service_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_file_service_proto_depIdxs,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_file_service_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_file_service_proto = out.File
+	file_google_ai_generativelanguage_v1beta_file_service_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_file_service_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_file_service_proto_depIdxs = nil
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConnInterface
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion6
+
+// FileServiceClient is the client API for FileService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type FileServiceClient interface {
+	// Creates a `File`.
+	CreateFile(ctx context.Context, in *CreateFileRequest, opts ...grpc.CallOption) (*CreateFileResponse, error)
+	// Lists the metadata for `File`s owned by the requesting project.
+	ListFiles(ctx context.Context, in *ListFilesRequest, opts ...grpc.CallOption) (*ListFilesResponse, error)
+	// Gets the metadata for the given `File`.
+	GetFile(ctx context.Context, in *GetFileRequest, opts ...grpc.CallOption) (*File, error)
+	// Deletes the `File`.
+	DeleteFile(ctx context.Context, in *DeleteFileRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
+}
+
+type fileServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewFileServiceClient(cc grpc.ClientConnInterface) FileServiceClient {
+	return &fileServiceClient{cc}
+}
+
+func (c *fileServiceClient) CreateFile(ctx context.Context, in *CreateFileRequest, opts ...grpc.CallOption) (*CreateFileResponse, error) {
+	out := new(CreateFileResponse)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.FileService/CreateFile", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *fileServiceClient) ListFiles(ctx context.Context, in *ListFilesRequest, opts ...grpc.CallOption) (*ListFilesResponse, error) {
+	out := new(ListFilesResponse)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.FileService/ListFiles", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *fileServiceClient) GetFile(ctx context.Context, in *GetFileRequest, opts ...grpc.CallOption) (*File, error) {
+	out := new(File)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.FileService/GetFile", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *fileServiceClient) DeleteFile(ctx context.Context, in *DeleteFileRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	out := new(emptypb.Empty)
+	err := c.cc.Invoke(ctx, "/google.ai.generativelanguage.v1beta.FileService/DeleteFile", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// FileServiceServer is the server API for FileService service.
+type FileServiceServer interface {
+	// Creates a `File`.
+	CreateFile(context.Context, *CreateFileRequest) (*CreateFileResponse, error)
+	// Lists the metadata for `File`s owned by the requesting project.
+	ListFiles(context.Context, *ListFilesRequest) (*ListFilesResponse, error)
+	// Gets the metadata for the given `File`.
+	GetFile(context.Context, *GetFileRequest) (*File, error)
+	// Deletes the `File`.
+	DeleteFile(context.Context, *DeleteFileRequest) (*emptypb.Empty, error)
+}
+
+// UnimplementedFileServiceServer can be embedded to have forward compatible implementations.
+type UnimplementedFileServiceServer struct {
+}
+
+func (*UnimplementedFileServiceServer) CreateFile(context.Context, *CreateFileRequest) (*CreateFileResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateFile not implemented")
+}
+func (*UnimplementedFileServiceServer) ListFiles(context.Context, *ListFilesRequest) (*ListFilesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListFiles not implemented")
+}
+func (*UnimplementedFileServiceServer) GetFile(context.Context, *GetFileRequest) (*File, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetFile not implemented")
+}
+func (*UnimplementedFileServiceServer) DeleteFile(context.Context, *DeleteFileRequest) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteFile not implemented")
+}
+
+func RegisterFileServiceServer(s *grpc.Server, srv FileServiceServer) {
+	s.RegisterService(&_FileService_serviceDesc, srv)
+}
+
+func _FileService_CreateFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateFileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(FileServiceServer).CreateFile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.FileService/CreateFile",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(FileServiceServer).CreateFile(ctx, req.(*CreateFileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _FileService_ListFiles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListFilesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(FileServiceServer).ListFiles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.FileService/ListFiles",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(FileServiceServer).ListFiles(ctx, req.(*ListFilesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _FileService_GetFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetFileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(FileServiceServer).GetFile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.FileService/GetFile",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(FileServiceServer).GetFile(ctx, req.(*GetFileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _FileService_DeleteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteFileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(FileServiceServer).DeleteFile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.ai.generativelanguage.v1beta.FileService/DeleteFile",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(FileServiceServer).DeleteFile(ctx, req.(*DeleteFileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _FileService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "google.ai.generativelanguage.v1beta.FileService",
+	HandlerType: (*FileServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateFile",
+			Handler:    _FileService_CreateFile_Handler,
+		},
+		{
+			MethodName: "ListFiles",
+			Handler:    _FileService_ListFiles_Handler,
+		},
+		{
+			MethodName: "GetFile",
+			Handler:    _FileService_GetFile_Handler,
+		},
+		{
+			MethodName: "DeleteFile",
+			Handler:    _FileService_DeleteFile_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "google/ai/generativelanguage/v1beta/file_service.proto",
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/model.pb.go

@@ -0,0 +1,347 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/model.proto
+
+package generativelanguagepb
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Information about a Generative Language Model.
+type Model struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The resource name of the `Model`.
+	//
+	// Format: `models/{model}` with a `{model}` naming convention of:
+	//
+	// * "{base_model_id}-{version}"
+	//
+	// Examples:
+	//
+	// * `models/chat-bison-001`
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Required. The name of the base model, pass this to the generation request.
+	//
+	// Examples:
+	//
+	// * `chat-bison`
+	BaseModelId string `protobuf:"bytes,2,opt,name=base_model_id,json=baseModelId,proto3" json:"base_model_id,omitempty"`
+	// Required. The version number of the model.
+	//
+	// This represents the major version
+	Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
+	// The human-readable name of the model. E.g. "Chat Bison".
+	//
+	// The name can be up to 128 characters long and can consist of any UTF-8
+	// characters.
+	DisplayName string `protobuf:"bytes,4,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
+	// A short description of the model.
+	Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
+	// Maximum number of input tokens allowed for this model.
+	InputTokenLimit int32 `protobuf:"varint,6,opt,name=input_token_limit,json=inputTokenLimit,proto3" json:"input_token_limit,omitempty"`
+	// Maximum number of output tokens available for this model.
+	OutputTokenLimit int32 `protobuf:"varint,7,opt,name=output_token_limit,json=outputTokenLimit,proto3" json:"output_token_limit,omitempty"`
+	// The model's supported generation methods.
+	//
+	// The method names are defined as Pascal case
+	// strings, such as `generateMessage` which correspond to API methods.
+	SupportedGenerationMethods []string `protobuf:"bytes,8,rep,name=supported_generation_methods,json=supportedGenerationMethods,proto3" json:"supported_generation_methods,omitempty"`
+	// Controls the randomness of the output.
+	//
+	// Values can range over `[0.0,max_temperature]`, inclusive. A higher value
+	// will produce responses that are more varied, while a value closer to `0.0`
+	// will typically result in less surprising responses from the model.
+	// This value specifies default to be used by the backend while making the
+	// call to the model.
+	Temperature *float32 `protobuf:"fixed32,9,opt,name=temperature,proto3,oneof" json:"temperature,omitempty"`
+	// The maximum temperature this model can use.
+	MaxTemperature *float32 `protobuf:"fixed32,13,opt,name=max_temperature,json=maxTemperature,proto3,oneof" json:"max_temperature,omitempty"`
+	// For Nucleus sampling.
+	//
+	// Nucleus sampling considers the smallest set of tokens whose probability
+	// sum is at least `top_p`.
+	// This value specifies default to be used by the backend while making the
+	// call to the model.
+	TopP *float32 `protobuf:"fixed32,10,opt,name=top_p,json=topP,proto3,oneof" json:"top_p,omitempty"`
+	// For Top-k sampling.
+	//
+	// Top-k sampling considers the set of `top_k` most probable tokens.
+	// This value specifies default to be used by the backend while making the
+	// call to the model.
+	// If empty, indicates the model doesn't use top-k sampling, and `top_k` isn't
+	// allowed as a generation parameter.
+	TopK *int32 `protobuf:"varint,11,opt,name=top_k,json=topK,proto3,oneof" json:"top_k,omitempty"`
+}
+
+func (x *Model) Reset() {
+	*x = Model{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_model_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Model) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Model) ProtoMessage() {}
+
+func (x *Model) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_model_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Model.ProtoReflect.Descriptor instead.
+func (*Model) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_model_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Model) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Model) GetBaseModelId() string {
+	if x != nil {
+		return x.BaseModelId
+	}
+	return ""
+}
+
+func (x *Model) GetVersion() string {
+	if x != nil {
+		return x.Version
+	}
+	return ""
+}
+
+func (x *Model) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *Model) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Model) GetInputTokenLimit() int32 {
+	if x != nil {
+		return x.InputTokenLimit
+	}
+	return 0
+}
+
+func (x *Model) GetOutputTokenLimit() int32 {
+	if x != nil {
+		return x.OutputTokenLimit
+	}
+	return 0
+}
+
+func (x *Model) GetSupportedGenerationMethods() []string {
+	if x != nil {
+		return x.SupportedGenerationMethods
+	}
+	return nil
+}
+
+func (x *Model) GetTemperature() float32 {
+	if x != nil && x.Temperature != nil {
+		return *x.Temperature
+	}
+	return 0
+}
+
+func (x *Model) GetMaxTemperature() float32 {
+	if x != nil && x.MaxTemperature != nil {
+		return *x.MaxTemperature
+	}
+	return 0
+}
+
+func (x *Model) GetTopP() float32 {
+	if x != nil && x.TopP != nil {
+		return *x.TopP
+	}
+	return 0
+}
+
+func (x *Model) GetTopK() int32 {
+	if x != nil && x.TopK != nil {
+		return *x.TopK
+	}
+	return 0
+}
+
+var File_google_ai_generativelanguage_v1beta_model_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_model_proto_rawDesc = []byte{
+	0x0a, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e,
+	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61,
+	0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f,
+	0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x22, 0xc8, 0x04, 0x0a, 0x05, 0x4d, 0x6f, 0x64, 0x65, 0x6c, 0x12, 0x17, 0x0a, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x27, 0x0a, 0x0d, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x6d, 0x6f,
+	0x64, 0x65, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41,
+	0x02, 0x52, 0x0b, 0x62, 0x61, 0x73, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x6c, 0x49, 0x64, 0x12, 0x1d,
+	0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42,
+	0x03, 0xe0, 0x41, 0x02, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a,
+	0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65,
+	0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x6f, 0x6b, 0x65,
+	0x6e, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0f, 0x69,
+	0x6e, 0x70, 0x75, 0x74, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x2c,
+	0x0a, 0x12, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x6c,
+	0x69, 0x6d, 0x69, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x70,
+	0x75, 0x74, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x40, 0x0a, 0x1c,
+	0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x08, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x1a, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x47, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x25,
+	0x0a, 0x0b, 0x74, 0x65, 0x6d, 0x70, 0x65, 0x72, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x09, 0x20,
+	0x01, 0x28, 0x02, 0x48, 0x00, 0x52, 0x0b, 0x74, 0x65, 0x6d, 0x70, 0x65, 0x72, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x88, 0x01, 0x01, 0x12, 0x2c, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x65, 0x6d,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x02, 0x48, 0x01,
+	0x52, 0x0e, 0x6d, 0x61, 0x78, 0x54, 0x65, 0x6d, 0x70, 0x65, 0x72, 0x61, 0x74, 0x75, 0x72, 0x65,
+	0x88, 0x01, 0x01, 0x12, 0x18, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x5f, 0x70, 0x18, 0x0a, 0x20, 0x01,
+	0x28, 0x02, 0x48, 0x02, 0x52, 0x04, 0x74, 0x6f, 0x70, 0x50, 0x88, 0x01, 0x01, 0x12, 0x18, 0x0a,
+	0x05, 0x74, 0x6f, 0x70, 0x5f, 0x6b, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x48, 0x03, 0x52, 0x04,
+	0x74, 0x6f, 0x70, 0x4b, 0x88, 0x01, 0x01, 0x3a, 0x3c, 0xea, 0x41, 0x39, 0x0a, 0x27, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x4d, 0x6f, 0x64, 0x65, 0x6c, 0x12, 0x0e, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x7b, 0x6d,
+	0x6f, 0x64, 0x65, 0x6c, 0x7d, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x65, 0x6d, 0x70, 0x65, 0x72,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x65,
+	0x6d, 0x70, 0x65, 0x72, 0x61, 0x74, 0x75, 0x72, 0x65, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x74, 0x6f,
+	0x70, 0x5f, 0x70, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x74, 0x6f, 0x70, 0x5f, 0x6b, 0x42, 0x96, 0x01,
+	0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e,
+	0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61,
+	0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x42, 0x0a, 0x4d, 0x6f, 0x64, 0x65, 0x6c,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5d, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69, 0x2f,
+	0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61,
+	0x67, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70,
+	0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_model_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_model_proto_rawDescData = file_google_ai_generativelanguage_v1beta_model_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_model_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_model_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_model_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_model_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_model_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_model_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_google_ai_generativelanguage_v1beta_model_proto_goTypes = []any{
+	(*Model)(nil), // 0: google.ai.generativelanguage.v1beta.Model
+}
+var file_google_ai_generativelanguage_v1beta_model_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_model_proto_init() }
+func file_google_ai_generativelanguage_v1beta_model_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_model_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_model_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*Model); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_ai_generativelanguage_v1beta_model_proto_msgTypes[0].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_model_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_model_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_model_proto_depIdxs,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_model_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_model_proto = out.File
+	file_google_ai_generativelanguage_v1beta_model_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_model_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_model_proto_depIdxs = nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/permission.pb.go

@@ -0,0 +1,385 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/permission.proto
+
+package generativelanguagepb
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Defines types of the grantee of this permission.
+type Permission_GranteeType int32
+
+const (
+	// The default value. This value is unused.
+	Permission_GRANTEE_TYPE_UNSPECIFIED Permission_GranteeType = 0
+	// Represents a user. When set, you must provide email_address for the user.
+	Permission_USER Permission_GranteeType = 1
+	// Represents a group. When set, you must provide email_address for the
+	// group.
+	Permission_GROUP Permission_GranteeType = 2
+	// Represents access to everyone. No extra information is required.
+	Permission_EVERYONE Permission_GranteeType = 3
+)
+
+// Enum value maps for Permission_GranteeType.
+var (
+	Permission_GranteeType_name = map[int32]string{
+		0: "GRANTEE_TYPE_UNSPECIFIED",
+		1: "USER",
+		2: "GROUP",
+		3: "EVERYONE",
+	}
+	Permission_GranteeType_value = map[string]int32{
+		"GRANTEE_TYPE_UNSPECIFIED": 0,
+		"USER":                     1,
+		"GROUP":                    2,
+		"EVERYONE":                 3,
+	}
+)
+
+func (x Permission_GranteeType) Enum() *Permission_GranteeType {
+	p := new(Permission_GranteeType)
+	*p = x
+	return p
+}
+
+func (x Permission_GranteeType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Permission_GranteeType) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_permission_proto_enumTypes[0].Descriptor()
+}
+
+func (Permission_GranteeType) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_permission_proto_enumTypes[0]
+}
+
+func (x Permission_GranteeType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Permission_GranteeType.Descriptor instead.
+func (Permission_GranteeType) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_permission_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// Defines the role granted by this permission.
+type Permission_Role int32
+
+const (
+	// The default value. This value is unused.
+	Permission_ROLE_UNSPECIFIED Permission_Role = 0
+	// Owner can use, update, share and delete the resource.
+	Permission_OWNER Permission_Role = 1
+	// Writer can use, update and share the resource.
+	Permission_WRITER Permission_Role = 2
+	// Reader can use the resource.
+	Permission_READER Permission_Role = 3
+)
+
+// Enum value maps for Permission_Role.
+var (
+	Permission_Role_name = map[int32]string{
+		0: "ROLE_UNSPECIFIED",
+		1: "OWNER",
+		2: "WRITER",
+		3: "READER",
+	}
+	Permission_Role_value = map[string]int32{
+		"ROLE_UNSPECIFIED": 0,
+		"OWNER":            1,
+		"WRITER":           2,
+		"READER":           3,
+	}
+)
+
+func (x Permission_Role) Enum() *Permission_Role {
+	p := new(Permission_Role)
+	*p = x
+	return p
+}
+
+func (x Permission_Role) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Permission_Role) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_permission_proto_enumTypes[1].Descriptor()
+}
+
+func (Permission_Role) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_permission_proto_enumTypes[1]
+}
+
+func (x Permission_Role) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Permission_Role.Descriptor instead.
+func (Permission_Role) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_permission_proto_rawDescGZIP(), []int{0, 1}
+}
+
+// Permission resource grants user, group or the rest of the world access to the
+// PaLM API resource (e.g. a tuned model, corpus).
+//
+// A role is a collection of permitted operations that allows users to perform
+// specific actions on PaLM API resources. To make them available to users,
+// groups, or service accounts, you assign roles. When you assign a role, you
+// grant permissions that the role contains.
+//
+// There are three concentric roles. Each role is a superset of the previous
+// role's permitted operations:
+//
+// - reader can use the resource (e.g. tuned model, corpus) for inference
+// - writer has reader's permissions and additionally can edit and share
+// - owner has writer's permissions and additionally can delete
+type Permission struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Output only. Identifier. The permission name. A unique name will be
+	// generated on create. Examples:
+	//
+	//	tunedModels/{tuned_model}/permissions/{permission}
+	//	corpora/{corpus}/permissions/{permission}
+	//
+	// Output only.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Optional. Immutable. The type of the grantee.
+	GranteeType *Permission_GranteeType `protobuf:"varint,2,opt,name=grantee_type,json=granteeType,proto3,enum=google.ai.generativelanguage.v1beta.Permission_GranteeType,oneof" json:"grantee_type,omitempty"`
+	// Optional. Immutable. The email address of the user of group which this
+	// permission refers. Field is not set when permission's grantee type is
+	// EVERYONE.
+	EmailAddress *string `protobuf:"bytes,3,opt,name=email_address,json=emailAddress,proto3,oneof" json:"email_address,omitempty"`
+	// Required. The role granted by this permission.
+	Role *Permission_Role `protobuf:"varint,4,opt,name=role,proto3,enum=google.ai.generativelanguage.v1beta.Permission_Role,oneof" json:"role,omitempty"`
+}
+
+func (x *Permission) Reset() {
+	*x = Permission{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_permission_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Permission) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Permission) ProtoMessage() {}
+
+func (x *Permission) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_permission_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Permission.ProtoReflect.Descriptor instead.
+func (*Permission) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_permission_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Permission) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Permission) GetGranteeType() Permission_GranteeType {
+	if x != nil && x.GranteeType != nil {
+		return *x.GranteeType
+	}
+	return Permission_GRANTEE_TYPE_UNSPECIFIED
+}
+
+func (x *Permission) GetEmailAddress() string {
+	if x != nil && x.EmailAddress != nil {
+		return *x.EmailAddress
+	}
+	return ""
+}
+
+func (x *Permission) GetRole() Permission_Role {
+	if x != nil && x.Role != nil {
+		return *x.Role
+	}
+	return Permission_ROLE_UNSPECIFIED
+}
+
+var File_google_ai_generativelanguage_v1beta_permission_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_permission_proto_rawDesc = []byte{
+	0x0a, 0x34, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
+	0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x1f, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65,
+	0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x85, 0x05, 0x0a, 0x0a, 0x50, 0x65, 0x72, 0x6d,
+	0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xe0, 0x41, 0x03, 0xe0, 0x41, 0x08, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x6b, 0x0a, 0x0c, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x5f, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x50,
+	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x65,
+	0x65, 0x54, 0x79, 0x70, 0x65, 0x42, 0x06, 0xe0, 0x41, 0x01, 0xe0, 0x41, 0x05, 0x48, 0x00, 0x52,
+	0x0b, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x54, 0x79, 0x70, 0x65, 0x88, 0x01, 0x01, 0x12,
+	0x30, 0x0a, 0x0d, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xe0, 0x41, 0x01, 0xe0, 0x41, 0x05, 0x48, 0x01,
+	0x52, 0x0c, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01,
+	0x01, 0x12, 0x52, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x34, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x02, 0x52, 0x04, 0x72, 0x6f,
+	0x6c, 0x65, 0x88, 0x01, 0x01, 0x22, 0x4e, 0x0a, 0x0b, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x47, 0x52, 0x41, 0x4e, 0x54, 0x45, 0x45, 0x5f,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x55, 0x53, 0x45, 0x52, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05,
+	0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x45, 0x56, 0x45, 0x52, 0x59,
+	0x4f, 0x4e, 0x45, 0x10, 0x03, 0x22, 0x3f, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x14, 0x0a,
+	0x10, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
+	0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x4f, 0x57, 0x4e, 0x45, 0x52, 0x10, 0x01, 0x12, 0x0a,
+	0x0a, 0x06, 0x57, 0x52, 0x49, 0x54, 0x45, 0x52, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x45,
+	0x41, 0x44, 0x45, 0x52, 0x10, 0x03, 0x3a, 0xaa, 0x01, 0xea, 0x41, 0xa6, 0x01, 0x0a, 0x2c, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67,
+	0x65, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x74, 0x75, 0x6e,
+	0x65, 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x7b, 0x74, 0x75, 0x6e, 0x65, 0x64, 0x5f,
+	0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x7d, 0x2f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f,
+	0x6e, 0x73, 0x2f, 0x7b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x12,
+	0x29, 0x63, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x2f, 0x7b, 0x63, 0x6f, 0x72, 0x70, 0x75, 0x73,
+	0x7d, 0x2f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x70,
+	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x2a, 0x0b, 0x70, 0x65, 0x72, 0x6d,
+	0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x0a, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73,
+	0x69, 0x6f, 0x6e, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x5f,
+	0x74, 0x79, 0x70, 0x65, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x5f, 0x61,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x42,
+	0x9b, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
+	0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x42, 0x0f, 0x50, 0x65, 0x72,
+	0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x5d,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x62,
+	0x65, 0x74, 0x61, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_permission_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_permission_proto_rawDescData = file_google_ai_generativelanguage_v1beta_permission_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_permission_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_permission_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_permission_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_permission_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_permission_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_permission_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_google_ai_generativelanguage_v1beta_permission_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_google_ai_generativelanguage_v1beta_permission_proto_goTypes = []any{
+	(Permission_GranteeType)(0), // 0: google.ai.generativelanguage.v1beta.Permission.GranteeType
+	(Permission_Role)(0),        // 1: google.ai.generativelanguage.v1beta.Permission.Role
+	(*Permission)(nil),          // 2: google.ai.generativelanguage.v1beta.Permission
+}
+var file_google_ai_generativelanguage_v1beta_permission_proto_depIdxs = []int32{
+	0, // 0: google.ai.generativelanguage.v1beta.Permission.grantee_type:type_name -> google.ai.generativelanguage.v1beta.Permission.GranteeType
+	1, // 1: google.ai.generativelanguage.v1beta.Permission.role:type_name -> google.ai.generativelanguage.v1beta.Permission.Role
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_permission_proto_init() }
+func file_google_ai_generativelanguage_v1beta_permission_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_permission_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_permission_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*Permission); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_ai_generativelanguage_v1beta_permission_proto_msgTypes[0].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_permission_proto_rawDesc,
+			NumEnums:      2,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_permission_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_permission_proto_depIdxs,
+		EnumInfos:         file_google_ai_generativelanguage_v1beta_permission_proto_enumTypes,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_permission_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_permission_proto = out.File
+	file_google_ai_generativelanguage_v1beta_permission_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_permission_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_permission_proto_depIdxs = nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb/safety.pb.go

@@ -0,0 +1,792 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.34.2
+// 	protoc        v4.25.3
+// source: google/ai/generativelanguage/v1beta/safety.proto
+
+package generativelanguagepb
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	_ "google.golang.org/genproto/googleapis/api/annotations"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The category of a rating.
+//
+// These categories cover various kinds of harms that developers
+// may wish to adjust.
+type HarmCategory int32
+
+const (
+	// Category is unspecified.
+	HarmCategory_HARM_CATEGORY_UNSPECIFIED HarmCategory = 0
+	// Negative or harmful comments targeting identity and/or protected attribute.
+	HarmCategory_HARM_CATEGORY_DEROGATORY HarmCategory = 1
+	// Content that is rude, disrespectful, or profane.
+	HarmCategory_HARM_CATEGORY_TOXICITY HarmCategory = 2
+	// Describes scenarios depicting violence against an individual or group, or
+	// general descriptions of gore.
+	HarmCategory_HARM_CATEGORY_VIOLENCE HarmCategory = 3
+	// Contains references to sexual acts or other lewd content.
+	HarmCategory_HARM_CATEGORY_SEXUAL HarmCategory = 4
+	// Promotes unchecked medical advice.
+	HarmCategory_HARM_CATEGORY_MEDICAL HarmCategory = 5
+	// Dangerous content that promotes, facilitates, or encourages harmful acts.
+	HarmCategory_HARM_CATEGORY_DANGEROUS HarmCategory = 6
+	// Harasment content.
+	HarmCategory_HARM_CATEGORY_HARASSMENT HarmCategory = 7
+	// Hate speech and content.
+	HarmCategory_HARM_CATEGORY_HATE_SPEECH HarmCategory = 8
+	// Sexually explicit content.
+	HarmCategory_HARM_CATEGORY_SEXUALLY_EXPLICIT HarmCategory = 9
+	// Dangerous content.
+	HarmCategory_HARM_CATEGORY_DANGEROUS_CONTENT HarmCategory = 10
+)
+
+// Enum value maps for HarmCategory.
+var (
+	HarmCategory_name = map[int32]string{
+		0:  "HARM_CATEGORY_UNSPECIFIED",
+		1:  "HARM_CATEGORY_DEROGATORY",
+		2:  "HARM_CATEGORY_TOXICITY",
+		3:  "HARM_CATEGORY_VIOLENCE",
+		4:  "HARM_CATEGORY_SEXUAL",
+		5:  "HARM_CATEGORY_MEDICAL",
+		6:  "HARM_CATEGORY_DANGEROUS",
+		7:  "HARM_CATEGORY_HARASSMENT",
+		8:  "HARM_CATEGORY_HATE_SPEECH",
+		9:  "HARM_CATEGORY_SEXUALLY_EXPLICIT",
+		10: "HARM_CATEGORY_DANGEROUS_CONTENT",
+	}
+	HarmCategory_value = map[string]int32{
+		"HARM_CATEGORY_UNSPECIFIED":       0,
+		"HARM_CATEGORY_DEROGATORY":        1,
+		"HARM_CATEGORY_TOXICITY":          2,
+		"HARM_CATEGORY_VIOLENCE":          3,
+		"HARM_CATEGORY_SEXUAL":            4,
+		"HARM_CATEGORY_MEDICAL":           5,
+		"HARM_CATEGORY_DANGEROUS":         6,
+		"HARM_CATEGORY_HARASSMENT":        7,
+		"HARM_CATEGORY_HATE_SPEECH":       8,
+		"HARM_CATEGORY_SEXUALLY_EXPLICIT": 9,
+		"HARM_CATEGORY_DANGEROUS_CONTENT": 10,
+	}
+)
+
+func (x HarmCategory) Enum() *HarmCategory {
+	p := new(HarmCategory)
+	*p = x
+	return p
+}
+
+func (x HarmCategory) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (HarmCategory) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[0].Descriptor()
+}
+
+func (HarmCategory) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[0]
+}
+
+func (x HarmCategory) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use HarmCategory.Descriptor instead.
+func (HarmCategory) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{0}
+}
+
+// A list of reasons why content may have been blocked.
+type ContentFilter_BlockedReason int32
+
+const (
+	// A blocked reason was not specified.
+	ContentFilter_BLOCKED_REASON_UNSPECIFIED ContentFilter_BlockedReason = 0
+	// Content was blocked by safety settings.
+	ContentFilter_SAFETY ContentFilter_BlockedReason = 1
+	// Content was blocked, but the reason is uncategorized.
+	ContentFilter_OTHER ContentFilter_BlockedReason = 2
+)
+
+// Enum value maps for ContentFilter_BlockedReason.
+var (
+	ContentFilter_BlockedReason_name = map[int32]string{
+		0: "BLOCKED_REASON_UNSPECIFIED",
+		1: "SAFETY",
+		2: "OTHER",
+	}
+	ContentFilter_BlockedReason_value = map[string]int32{
+		"BLOCKED_REASON_UNSPECIFIED": 0,
+		"SAFETY":                     1,
+		"OTHER":                      2,
+	}
+)
+
+func (x ContentFilter_BlockedReason) Enum() *ContentFilter_BlockedReason {
+	p := new(ContentFilter_BlockedReason)
+	*p = x
+	return p
+}
+
+func (x ContentFilter_BlockedReason) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ContentFilter_BlockedReason) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[1].Descriptor()
+}
+
+func (ContentFilter_BlockedReason) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[1]
+}
+
+func (x ContentFilter_BlockedReason) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ContentFilter_BlockedReason.Descriptor instead.
+func (ContentFilter_BlockedReason) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// The probability that a piece of content is harmful.
+//
+// The classification system gives the probability of the content being
+// unsafe. This does not indicate the severity of harm for a piece of content.
+type SafetyRating_HarmProbability int32
+
+const (
+	// Probability is unspecified.
+	SafetyRating_HARM_PROBABILITY_UNSPECIFIED SafetyRating_HarmProbability = 0
+	// Content has a negligible chance of being unsafe.
+	SafetyRating_NEGLIGIBLE SafetyRating_HarmProbability = 1
+	// Content has a low chance of being unsafe.
+	SafetyRating_LOW SafetyRating_HarmProbability = 2
+	// Content has a medium chance of being unsafe.
+	SafetyRating_MEDIUM SafetyRating_HarmProbability = 3
+	// Content has a high chance of being unsafe.
+	SafetyRating_HIGH SafetyRating_HarmProbability = 4
+)
+
+// Enum value maps for SafetyRating_HarmProbability.
+var (
+	SafetyRating_HarmProbability_name = map[int32]string{
+		0: "HARM_PROBABILITY_UNSPECIFIED",
+		1: "NEGLIGIBLE",
+		2: "LOW",
+		3: "MEDIUM",
+		4: "HIGH",
+	}
+	SafetyRating_HarmProbability_value = map[string]int32{
+		"HARM_PROBABILITY_UNSPECIFIED": 0,
+		"NEGLIGIBLE":                   1,
+		"LOW":                          2,
+		"MEDIUM":                       3,
+		"HIGH":                         4,
+	}
+)
+
+func (x SafetyRating_HarmProbability) Enum() *SafetyRating_HarmProbability {
+	p := new(SafetyRating_HarmProbability)
+	*p = x
+	return p
+}
+
+func (x SafetyRating_HarmProbability) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SafetyRating_HarmProbability) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[2].Descriptor()
+}
+
+func (SafetyRating_HarmProbability) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[2]
+}
+
+func (x SafetyRating_HarmProbability) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SafetyRating_HarmProbability.Descriptor instead.
+func (SafetyRating_HarmProbability) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{2, 0}
+}
+
+// Block at and beyond a specified harm probability.
+type SafetySetting_HarmBlockThreshold int32
+
+const (
+	// Threshold is unspecified.
+	SafetySetting_HARM_BLOCK_THRESHOLD_UNSPECIFIED SafetySetting_HarmBlockThreshold = 0
+	// Content with NEGLIGIBLE will be allowed.
+	SafetySetting_BLOCK_LOW_AND_ABOVE SafetySetting_HarmBlockThreshold = 1
+	// Content with NEGLIGIBLE and LOW will be allowed.
+	SafetySetting_BLOCK_MEDIUM_AND_ABOVE SafetySetting_HarmBlockThreshold = 2
+	// Content with NEGLIGIBLE, LOW, and MEDIUM will be allowed.
+	SafetySetting_BLOCK_ONLY_HIGH SafetySetting_HarmBlockThreshold = 3
+	// All content will be allowed.
+	SafetySetting_BLOCK_NONE SafetySetting_HarmBlockThreshold = 4
+)
+
+// Enum value maps for SafetySetting_HarmBlockThreshold.
+var (
+	SafetySetting_HarmBlockThreshold_name = map[int32]string{
+		0: "HARM_BLOCK_THRESHOLD_UNSPECIFIED",
+		1: "BLOCK_LOW_AND_ABOVE",
+		2: "BLOCK_MEDIUM_AND_ABOVE",
+		3: "BLOCK_ONLY_HIGH",
+		4: "BLOCK_NONE",
+	}
+	SafetySetting_HarmBlockThreshold_value = map[string]int32{
+		"HARM_BLOCK_THRESHOLD_UNSPECIFIED": 0,
+		"BLOCK_LOW_AND_ABOVE":              1,
+		"BLOCK_MEDIUM_AND_ABOVE":           2,
+		"BLOCK_ONLY_HIGH":                  3,
+		"BLOCK_NONE":                       4,
+	}
+)
+
+func (x SafetySetting_HarmBlockThreshold) Enum() *SafetySetting_HarmBlockThreshold {
+	p := new(SafetySetting_HarmBlockThreshold)
+	*p = x
+	return p
+}
+
+func (x SafetySetting_HarmBlockThreshold) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SafetySetting_HarmBlockThreshold) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[3].Descriptor()
+}
+
+func (SafetySetting_HarmBlockThreshold) Type() protoreflect.EnumType {
+	return &file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes[3]
+}
+
+func (x SafetySetting_HarmBlockThreshold) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SafetySetting_HarmBlockThreshold.Descriptor instead.
+func (SafetySetting_HarmBlockThreshold) EnumDescriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{3, 0}
+}
+
+// Content filtering metadata associated with processing a single request.
+//
+// ContentFilter contains a reason and an optional supporting string. The reason
+// may be unspecified.
+type ContentFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The reason content was blocked during request processing.
+	Reason ContentFilter_BlockedReason `protobuf:"varint,1,opt,name=reason,proto3,enum=google.ai.generativelanguage.v1beta.ContentFilter_BlockedReason" json:"reason,omitempty"`
+	// A string that describes the filtering behavior in more detail.
+	Message *string `protobuf:"bytes,2,opt,name=message,proto3,oneof" json:"message,omitempty"`
+}
+
+func (x *ContentFilter) Reset() {
+	*x = ContentFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ContentFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ContentFilter) ProtoMessage() {}
+
+func (x *ContentFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ContentFilter.ProtoReflect.Descriptor instead.
+func (*ContentFilter) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ContentFilter) GetReason() ContentFilter_BlockedReason {
+	if x != nil {
+		return x.Reason
+	}
+	return ContentFilter_BLOCKED_REASON_UNSPECIFIED
+}
+
+func (x *ContentFilter) GetMessage() string {
+	if x != nil && x.Message != nil {
+		return *x.Message
+	}
+	return ""
+}
+
+// Safety feedback for an entire request.
+//
+// This field is populated if content in the input and/or response is blocked
+// due to safety settings. SafetyFeedback may not exist for every HarmCategory.
+// Each SafetyFeedback will return the safety settings used by the request as
+// well as the lowest HarmProbability that should be allowed in order to return
+// a result.
+type SafetyFeedback struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Safety rating evaluated from content.
+	Rating *SafetyRating `protobuf:"bytes,1,opt,name=rating,proto3" json:"rating,omitempty"`
+	// Safety settings applied to the request.
+	Setting *SafetySetting `protobuf:"bytes,2,opt,name=setting,proto3" json:"setting,omitempty"`
+}
+
+func (x *SafetyFeedback) Reset() {
+	*x = SafetyFeedback{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SafetyFeedback) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SafetyFeedback) ProtoMessage() {}
+
+func (x *SafetyFeedback) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SafetyFeedback.ProtoReflect.Descriptor instead.
+func (*SafetyFeedback) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *SafetyFeedback) GetRating() *SafetyRating {
+	if x != nil {
+		return x.Rating
+	}
+	return nil
+}
+
+func (x *SafetyFeedback) GetSetting() *SafetySetting {
+	if x != nil {
+		return x.Setting
+	}
+	return nil
+}
+
+// Safety rating for a piece of content.
+//
+// The safety rating contains the category of harm and the
+// harm probability level in that category for a piece of content.
+// Content is classified for safety across a number of
+// harm categories and the probability of the harm classification is included
+// here.
+type SafetyRating struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The category for this rating.
+	Category HarmCategory `protobuf:"varint,3,opt,name=category,proto3,enum=google.ai.generativelanguage.v1beta.HarmCategory" json:"category,omitempty"`
+	// Required. The probability of harm for this content.
+	Probability SafetyRating_HarmProbability `protobuf:"varint,4,opt,name=probability,proto3,enum=google.ai.generativelanguage.v1beta.SafetyRating_HarmProbability" json:"probability,omitempty"`
+	// Was this content blocked because of this rating?
+	Blocked bool `protobuf:"varint,5,opt,name=blocked,proto3" json:"blocked,omitempty"`
+}
+
+func (x *SafetyRating) Reset() {
+	*x = SafetyRating{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SafetyRating) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SafetyRating) ProtoMessage() {}
+
+func (x *SafetyRating) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SafetyRating.ProtoReflect.Descriptor instead.
+func (*SafetyRating) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *SafetyRating) GetCategory() HarmCategory {
+	if x != nil {
+		return x.Category
+	}
+	return HarmCategory_HARM_CATEGORY_UNSPECIFIED
+}
+
+func (x *SafetyRating) GetProbability() SafetyRating_HarmProbability {
+	if x != nil {
+		return x.Probability
+	}
+	return SafetyRating_HARM_PROBABILITY_UNSPECIFIED
+}
+
+func (x *SafetyRating) GetBlocked() bool {
+	if x != nil {
+		return x.Blocked
+	}
+	return false
+}
+
+// Safety setting, affecting the safety-blocking behavior.
+//
+// Passing a safety setting for a category changes the allowed probability that
+// content is blocked.
+type SafetySetting struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The category for this setting.
+	Category HarmCategory `protobuf:"varint,3,opt,name=category,proto3,enum=google.ai.generativelanguage.v1beta.HarmCategory" json:"category,omitempty"`
+	// Required. Controls the probability threshold at which harm is blocked.
+	Threshold SafetySetting_HarmBlockThreshold `protobuf:"varint,4,opt,name=threshold,proto3,enum=google.ai.generativelanguage.v1beta.SafetySetting_HarmBlockThreshold" json:"threshold,omitempty"`
+}
+
+func (x *SafetySetting) Reset() {
+	*x = SafetySetting{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SafetySetting) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SafetySetting) ProtoMessage() {}
+
+func (x *SafetySetting) ProtoReflect() protoreflect.Message {
+	mi := &file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SafetySetting.ProtoReflect.Descriptor instead.
+func (*SafetySetting) Descriptor() ([]byte, []int) {
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *SafetySetting) GetCategory() HarmCategory {
+	if x != nil {
+		return x.Category
+	}
+	return HarmCategory_HARM_CATEGORY_UNSPECIFIED
+}
+
+func (x *SafetySetting) GetThreshold() SafetySetting_HarmBlockThreshold {
+	if x != nil {
+		return x.Threshold
+	}
+	return SafetySetting_HARM_BLOCK_THRESHOLD_UNSPECIFIED
+}
+
+var File_google_ai_generativelanguage_v1beta_safety_proto protoreflect.FileDescriptor
+
+var file_google_ai_generativelanguage_v1beta_safety_proto_rawDesc = []byte{
+	0x0a, 0x30, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x76,
+	0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x73, 0x61, 0x66, 0x65, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65,
+	0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69,
+	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdc, 0x01, 0x0a, 0x0d, 0x43, 0x6f, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x58, 0x0a, 0x06, 0x72, 0x65,
+	0x61, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x40, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
+	0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x42,
+	0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x52, 0x06, 0x72, 0x65,
+	0x61, 0x73, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x88, 0x01, 0x01, 0x22, 0x46, 0x0a, 0x0d, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65,
+	0x61, 0x73, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x1a, 0x42, 0x4c, 0x4f, 0x43, 0x4b, 0x45, 0x44, 0x5f,
+	0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x41, 0x46, 0x45, 0x54, 0x59, 0x10, 0x01,
+	0x12, 0x09, 0x0a, 0x05, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x10, 0x02, 0x42, 0x0a, 0x0a, 0x08, 0x5f,
+	0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0xa9, 0x01, 0x0a, 0x0e, 0x53, 0x61, 0x66, 0x65,
+	0x74, 0x79, 0x46, 0x65, 0x65, 0x64, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x49, 0x0a, 0x06, 0x72, 0x61,
+	0x74, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
+	0x2e, 0x53, 0x61, 0x66, 0x65, 0x74, 0x79, 0x52, 0x61, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x72,
+	0x61, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x4c, 0x0a, 0x07, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e,
+	0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x53, 0x61, 0x66,
+	0x65, 0x74, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x73, 0x65, 0x74, 0x74,
+	0x69, 0x6e, 0x67, 0x22, 0xca, 0x02, 0x0a, 0x0c, 0x53, 0x61, 0x66, 0x65, 0x74, 0x79, 0x52, 0x61,
+	0x74, 0x69, 0x6e, 0x67, 0x12, 0x52, 0x0a, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e,
+	0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x48, 0x61, 0x72,
+	0x6d, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08,
+	0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12, 0x68, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x62,
+	0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x41, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62,
+	0x65, 0x74, 0x61, 0x2e, 0x53, 0x61, 0x66, 0x65, 0x74, 0x79, 0x52, 0x61, 0x74, 0x69, 0x6e, 0x67,
+	0x2e, 0x48, 0x61, 0x72, 0x6d, 0x50, 0x72, 0x6f, 0x62, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79,
+	0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x61, 0x62, 0x69, 0x6c, 0x69,
+	0x74, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x22, 0x62, 0x0a, 0x0f,
+	0x48, 0x61, 0x72, 0x6d, 0x50, 0x72, 0x6f, 0x62, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12,
+	0x20, 0x0a, 0x1c, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x42, 0x41, 0x42, 0x49, 0x4c,
+	0x49, 0x54, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x4e, 0x45, 0x47, 0x4c, 0x49, 0x47, 0x49, 0x42, 0x4c, 0x45, 0x10,
+	0x01, 0x12, 0x07, 0x0a, 0x03, 0x4c, 0x4f, 0x57, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x45,
+	0x44, 0x49, 0x55, 0x4d, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x49, 0x47, 0x48, 0x10, 0x04,
+	0x22, 0xe4, 0x02, 0x0a, 0x0d, 0x53, 0x61, 0x66, 0x65, 0x74, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69,
+	0x6e, 0x67, 0x12, 0x52, 0x0a, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69,
+	0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75,
+	0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e, 0x48, 0x61, 0x72, 0x6d, 0x43,
+	0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x63, 0x61,
+	0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12, 0x68, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68,
+	0x6f, 0x6c, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x45, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2e,
+	0x53, 0x61, 0x66, 0x65, 0x74, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x48, 0x61,
+	0x72, 0x6d, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64,
+	0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64,
+	0x22, 0x94, 0x01, 0x0a, 0x12, 0x48, 0x61, 0x72, 0x6d, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x54, 0x68,
+	0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x41, 0x52, 0x4d, 0x5f,
+	0x42, 0x4c, 0x4f, 0x43, 0x4b, 0x5f, 0x54, 0x48, 0x52, 0x45, 0x53, 0x48, 0x4f, 0x4c, 0x44, 0x5f,
+	0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x17, 0x0a,
+	0x13, 0x42, 0x4c, 0x4f, 0x43, 0x4b, 0x5f, 0x4c, 0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x41,
+	0x42, 0x4f, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x42, 0x4c, 0x4f, 0x43, 0x4b, 0x5f,
+	0x4d, 0x45, 0x44, 0x49, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x41, 0x42, 0x4f, 0x56, 0x45,
+	0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x42, 0x4c, 0x4f, 0x43, 0x4b, 0x5f, 0x4f, 0x4e, 0x4c, 0x59,
+	0x5f, 0x48, 0x49, 0x47, 0x48, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x42, 0x4c, 0x4f, 0x43, 0x4b,
+	0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x04, 0x2a, 0xdc, 0x02, 0x0a, 0x0c, 0x48, 0x61, 0x72, 0x6d,
+	0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x41, 0x52, 0x4d,
+	0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x41, 0x52, 0x4d, 0x5f,
+	0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x52, 0x4f, 0x47, 0x41, 0x54,
+	0x4f, 0x52, 0x59, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41,
+	0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x54, 0x4f, 0x58, 0x49, 0x43, 0x49, 0x54, 0x59, 0x10,
+	0x02, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f,
+	0x52, 0x59, 0x5f, 0x56, 0x49, 0x4f, 0x4c, 0x45, 0x4e, 0x43, 0x45, 0x10, 0x03, 0x12, 0x18, 0x0a,
+	0x14, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x53,
+	0x45, 0x58, 0x55, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x41, 0x52, 0x4d, 0x5f,
+	0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x4d, 0x45, 0x44, 0x49, 0x43, 0x41, 0x4c,
+	0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47,
+	0x4f, 0x52, 0x59, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x10, 0x06, 0x12,
+	0x1c, 0x0a, 0x18, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59,
+	0x5f, 0x48, 0x41, 0x52, 0x41, 0x53, 0x53, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x07, 0x12, 0x1d, 0x0a,
+	0x19, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x48,
+	0x41, 0x54, 0x45, 0x5f, 0x53, 0x50, 0x45, 0x45, 0x43, 0x48, 0x10, 0x08, 0x12, 0x23, 0x0a, 0x1f,
+	0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f, 0x52, 0x59, 0x5f, 0x53, 0x45,
+	0x58, 0x55, 0x41, 0x4c, 0x4c, 0x59, 0x5f, 0x45, 0x58, 0x50, 0x4c, 0x49, 0x43, 0x49, 0x54, 0x10,
+	0x09, 0x12, 0x23, 0x0a, 0x1f, 0x48, 0x41, 0x52, 0x4d, 0x5f, 0x43, 0x41, 0x54, 0x45, 0x47, 0x4f,
+	0x52, 0x59, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x4e,
+	0x54, 0x45, 0x4e, 0x54, 0x10, 0x0a, 0x42, 0x97, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x69, 0x2e, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65,
+	0x74, 0x61, 0x42, 0x0b, 0x53, 0x61, 0x66, 0x65, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x5d, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x2f, 0x61, 0x70, 0x69,
+	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62, 0x3b, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x70, 0x62,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_ai_generativelanguage_v1beta_safety_proto_rawDescOnce sync.Once
+	file_google_ai_generativelanguage_v1beta_safety_proto_rawDescData = file_google_ai_generativelanguage_v1beta_safety_proto_rawDesc
+)
+
+func file_google_ai_generativelanguage_v1beta_safety_proto_rawDescGZIP() []byte {
+	file_google_ai_generativelanguage_v1beta_safety_proto_rawDescOnce.Do(func() {
+		file_google_ai_generativelanguage_v1beta_safety_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_ai_generativelanguage_v1beta_safety_proto_rawDescData)
+	})
+	return file_google_ai_generativelanguage_v1beta_safety_proto_rawDescData
+}
+
+var file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
+var file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_google_ai_generativelanguage_v1beta_safety_proto_goTypes = []any{
+	(HarmCategory)(0),                     // 0: google.ai.generativelanguage.v1beta.HarmCategory
+	(ContentFilter_BlockedReason)(0),      // 1: google.ai.generativelanguage.v1beta.ContentFilter.BlockedReason
+	(SafetyRating_HarmProbability)(0),     // 2: google.ai.generativelanguage.v1beta.SafetyRating.HarmProbability
+	(SafetySetting_HarmBlockThreshold)(0), // 3: google.ai.generativelanguage.v1beta.SafetySetting.HarmBlockThreshold
+	(*ContentFilter)(nil),                 // 4: google.ai.generativelanguage.v1beta.ContentFilter
+	(*SafetyFeedback)(nil),                // 5: google.ai.generativelanguage.v1beta.SafetyFeedback
+	(*SafetyRating)(nil),                  // 6: google.ai.generativelanguage.v1beta.SafetyRating
+	(*SafetySetting)(nil),                 // 7: google.ai.generativelanguage.v1beta.SafetySetting
+}
+var file_google_ai_generativelanguage_v1beta_safety_proto_depIdxs = []int32{
+	1, // 0: google.ai.generativelanguage.v1beta.ContentFilter.reason:type_name -> google.ai.generativelanguage.v1beta.ContentFilter.BlockedReason
+	6, // 1: google.ai.generativelanguage.v1beta.SafetyFeedback.rating:type_name -> google.ai.generativelanguage.v1beta.SafetyRating
+	7, // 2: google.ai.generativelanguage.v1beta.SafetyFeedback.setting:type_name -> google.ai.generativelanguage.v1beta.SafetySetting
+	0, // 3: google.ai.generativelanguage.v1beta.SafetyRating.category:type_name -> google.ai.generativelanguage.v1beta.HarmCategory
+	2, // 4: google.ai.generativelanguage.v1beta.SafetyRating.probability:type_name -> google.ai.generativelanguage.v1beta.SafetyRating.HarmProbability
+	0, // 5: google.ai.generativelanguage.v1beta.SafetySetting.category:type_name -> google.ai.generativelanguage.v1beta.HarmCategory
+	3, // 6: google.ai.generativelanguage.v1beta.SafetySetting.threshold:type_name -> google.ai.generativelanguage.v1beta.SafetySetting.HarmBlockThreshold
+	7, // [7:7] is the sub-list for method output_type
+	7, // [7:7] is the sub-list for method input_type
+	7, // [7:7] is the sub-list for extension type_name
+	7, // [7:7] is the sub-list for extension extendee
+	0, // [0:7] is the sub-list for field type_name
+}
+
+func init() { file_google_ai_generativelanguage_v1beta_safety_proto_init() }
+func file_google_ai_generativelanguage_v1beta_safety_proto_init() {
+	if File_google_ai_generativelanguage_v1beta_safety_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*ContentFilter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*SafetyFeedback); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*SafetyRating); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*SafetySetting); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes[0].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_ai_generativelanguage_v1beta_safety_proto_rawDesc,
+			NumEnums:      4,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_ai_generativelanguage_v1beta_safety_proto_goTypes,
+		DependencyIndexes: file_google_ai_generativelanguage_v1beta_safety_proto_depIdxs,
+		EnumInfos:         file_google_ai_generativelanguage_v1beta_safety_proto_enumTypes,
+		MessageInfos:      file_google_ai_generativelanguage_v1beta_safety_proto_msgTypes,
+	}.Build()
+	File_google_ai_generativelanguage_v1beta_safety_proto = out.File
+	file_google_ai_generativelanguage_v1beta_safety_proto_rawDesc = nil
+	file_google_ai_generativelanguage_v1beta_safety_proto_goTypes = nil
+	file_google_ai_generativelanguage_v1beta_safety_proto_depIdxs = nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/info.go

@@ -0,0 +1,49 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// SetGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Also passes any
+// provided key-value pairs. Intended for use by Google-written clients.
+//
+// Internal use only.
+
+package generativelanguage
+
+func (c *DiscussClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}
+
+func (c *FileClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}
+
+func (c *GenerativeClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}
+
+func (c *ModelClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}
+
+func (c *PermissionClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}
+
+func (c *RetrieverClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}
+
+func (c *TextClient) SetGoogleClientInfo(keyval ...string) {
+	c.setGoogleClientInfo(keyval...)
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/permission_client.go

@@ -0,0 +1,952 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+package generativelanguage
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+	"time"
+
+	generativelanguagepb "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb"
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
+	"google.golang.org/api/option/internaloption"
+	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
+var newPermissionClientHook clientHook
+
+// PermissionCallOptions contains the retry settings for each method of PermissionClient.
+type PermissionCallOptions struct {
+	CreatePermission  []gax.CallOption
+	GetPermission     []gax.CallOption
+	ListPermissions   []gax.CallOption
+	UpdatePermission  []gax.CallOption
+	DeletePermission  []gax.CallOption
+	TransferOwnership []gax.CallOption
+}
+
+func defaultPermissionGRPCClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("generativelanguage.googleapis.com:443"),
+		internaloption.WithDefaultEndpointTemplate("generativelanguage.UNIVERSE_DOMAIN:443"),
+		internaloption.WithDefaultMTLSEndpoint("generativelanguage.mtls.googleapis.com:443"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+		internaloption.EnableJwtWithScope(),
+		option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(math.MaxInt32))),
+	}
+}
+
+func defaultPermissionCallOptions() *PermissionCallOptions {
+	return &PermissionCallOptions{
+		CreatePermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		GetPermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		ListPermissions: []gax.CallOption{},
+		UpdatePermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		DeletePermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		TransferOwnership: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+	}
+}
+
+func defaultPermissionRESTCallOptions() *PermissionCallOptions {
+	return &PermissionCallOptions{
+		CreatePermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		GetPermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		ListPermissions: []gax.CallOption{},
+		UpdatePermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		DeletePermission: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		TransferOwnership: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+	}
+}
+
+// internalPermissionClient is an interface that defines the methods available from Generative Language API.
+type internalPermissionClient interface {
+	Close() error
+	setGoogleClientInfo(...string)
+	Connection() *grpc.ClientConn
+	CreatePermission(context.Context, *generativelanguagepb.CreatePermissionRequest, ...gax.CallOption) (*generativelanguagepb.Permission, error)
+	GetPermission(context.Context, *generativelanguagepb.GetPermissionRequest, ...gax.CallOption) (*generativelanguagepb.Permission, error)
+	ListPermissions(context.Context, *generativelanguagepb.ListPermissionsRequest, ...gax.CallOption) *PermissionIterator
+	UpdatePermission(context.Context, *generativelanguagepb.UpdatePermissionRequest, ...gax.CallOption) (*generativelanguagepb.Permission, error)
+	DeletePermission(context.Context, *generativelanguagepb.DeletePermissionRequest, ...gax.CallOption) error
+	TransferOwnership(context.Context, *generativelanguagepb.TransferOwnershipRequest, ...gax.CallOption) (*generativelanguagepb.TransferOwnershipResponse, error)
+}
+
+// PermissionClient is a client for interacting with Generative Language API.
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+//
+// Provides methods for managing permissions to PaLM API resources.
+type PermissionClient struct {
+	// The internal transport-dependent client.
+	internalClient internalPermissionClient
+
+	// The call options for this service.
+	CallOptions *PermissionCallOptions
+}
+
+// Wrapper methods routed to the internal client.
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *PermissionClient) Close() error {
+	return c.internalClient.Close()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *PermissionClient) setGoogleClientInfo(keyval ...string) {
+	c.internalClient.setGoogleClientInfo(keyval...)
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *PermissionClient) Connection() *grpc.ClientConn {
+	return c.internalClient.Connection()
+}
+
+// CreatePermission create a permission to a specific resource.
+func (c *PermissionClient) CreatePermission(ctx context.Context, req *generativelanguagepb.CreatePermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	return c.internalClient.CreatePermission(ctx, req, opts...)
+}
+
+// GetPermission gets information about a specific Permission.
+func (c *PermissionClient) GetPermission(ctx context.Context, req *generativelanguagepb.GetPermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	return c.internalClient.GetPermission(ctx, req, opts...)
+}
+
+// ListPermissions lists permissions for the specific resource.
+func (c *PermissionClient) ListPermissions(ctx context.Context, req *generativelanguagepb.ListPermissionsRequest, opts ...gax.CallOption) *PermissionIterator {
+	return c.internalClient.ListPermissions(ctx, req, opts...)
+}
+
+// UpdatePermission updates the permission.
+func (c *PermissionClient) UpdatePermission(ctx context.Context, req *generativelanguagepb.UpdatePermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	return c.internalClient.UpdatePermission(ctx, req, opts...)
+}
+
+// DeletePermission deletes the permission.
+func (c *PermissionClient) DeletePermission(ctx context.Context, req *generativelanguagepb.DeletePermissionRequest, opts ...gax.CallOption) error {
+	return c.internalClient.DeletePermission(ctx, req, opts...)
+}
+
+// TransferOwnership transfers ownership of the tuned model.
+// This is the only way to change ownership of the tuned model.
+// The current owner will be downgraded to writer role.
+func (c *PermissionClient) TransferOwnership(ctx context.Context, req *generativelanguagepb.TransferOwnershipRequest, opts ...gax.CallOption) (*generativelanguagepb.TransferOwnershipResponse, error) {
+	return c.internalClient.TransferOwnership(ctx, req, opts...)
+}
+
+// permissionGRPCClient is a client for interacting with Generative Language API over gRPC transport.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type permissionGRPCClient struct {
+	// Connection pool of gRPC connections to the service.
+	connPool gtransport.ConnPool
+
+	// Points back to the CallOptions field of the containing PermissionClient
+	CallOptions **PermissionCallOptions
+
+	// The gRPC API client.
+	permissionClient generativelanguagepb.PermissionServiceClient
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogHeaders []string
+}
+
+// NewPermissionClient creates a new permission service client based on gRPC.
+// The returned client must be Closed when it is done being used to clean up its underlying connections.
+//
+// Provides methods for managing permissions to PaLM API resources.
+func NewPermissionClient(ctx context.Context, opts ...option.ClientOption) (*PermissionClient, error) {
+	clientOpts := defaultPermissionGRPCClientOptions()
+	if newPermissionClientHook != nil {
+		hookOpts, err := newPermissionClientHook(ctx, clientHookParams{})
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, hookOpts...)
+	}
+
+	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
+	if err != nil {
+		return nil, err
+	}
+	client := PermissionClient{CallOptions: defaultPermissionCallOptions()}
+
+	c := &permissionGRPCClient{
+		connPool:         connPool,
+		permissionClient: generativelanguagepb.NewPermissionServiceClient(connPool),
+		CallOptions:      &client.CallOptions,
+	}
+	c.setGoogleClientInfo()
+
+	client.internalClient = c
+
+	return &client, nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *permissionGRPCClient) Connection() *grpc.ClientConn {
+	return c.connPool.Conn()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *permissionGRPCClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *permissionGRPCClient) Close() error {
+	return c.connPool.Close()
+}
+
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type permissionRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
+
+	// Points back to the CallOptions field of the containing PermissionClient
+	CallOptions **PermissionCallOptions
+}
+
+// NewPermissionRESTClient creates a new permission service rest client.
+//
+// Provides methods for managing permissions to PaLM API resources.
+func NewPermissionRESTClient(ctx context.Context, opts ...option.ClientOption) (*PermissionClient, error) {
+	clientOpts := append(defaultPermissionRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultPermissionRESTCallOptions()
+	c := &permissionRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &PermissionClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultPermissionRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://generativelanguage.googleapis.com"),
+		internaloption.WithDefaultEndpointTemplate("https://generativelanguage.UNIVERSE_DOMAIN"),
+		internaloption.WithDefaultMTLSEndpoint("https://generativelanguage.mtls.googleapis.com"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *permissionRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *permissionRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *permissionRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
+func (c *permissionGRPCClient) CreatePermission(ctx context.Context, req *generativelanguagepb.CreatePermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).CreatePermission[0:len((*c.CallOptions).CreatePermission):len((*c.CallOptions).CreatePermission)], opts...)
+	var resp *generativelanguagepb.Permission
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.permissionClient.CreatePermission(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *permissionGRPCClient) GetPermission(ctx context.Context, req *generativelanguagepb.GetPermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).GetPermission[0:len((*c.CallOptions).GetPermission):len((*c.CallOptions).GetPermission)], opts...)
+	var resp *generativelanguagepb.Permission
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.permissionClient.GetPermission(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *permissionGRPCClient) ListPermissions(ctx context.Context, req *generativelanguagepb.ListPermissionsRequest, opts ...gax.CallOption) *PermissionIterator {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).ListPermissions[0:len((*c.CallOptions).ListPermissions):len((*c.CallOptions).ListPermissions)], opts...)
+	it := &PermissionIterator{}
+	req = proto.Clone(req).(*generativelanguagepb.ListPermissionsRequest)
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*generativelanguagepb.Permission, string, error) {
+		resp := &generativelanguagepb.ListPermissionsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			var err error
+			resp, err = c.permissionClient.ListPermissions(ctx, req, settings.GRPC...)
+			return err
+		}, opts...)
+		if err != nil {
+			return nil, "", err
+		}
+
+		it.Response = resp
+		return resp.GetPermissions(), resp.GetNextPageToken(), nil
+	}
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+func (c *permissionGRPCClient) UpdatePermission(ctx context.Context, req *generativelanguagepb.UpdatePermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "permission.name", url.QueryEscape(req.GetPermission().GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).UpdatePermission[0:len((*c.CallOptions).UpdatePermission):len((*c.CallOptions).UpdatePermission)], opts...)
+	var resp *generativelanguagepb.Permission
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.permissionClient.UpdatePermission(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *permissionGRPCClient) DeletePermission(ctx context.Context, req *generativelanguagepb.DeletePermissionRequest, opts ...gax.CallOption) error {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).DeletePermission[0:len((*c.CallOptions).DeletePermission):len((*c.CallOptions).DeletePermission)], opts...)
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		_, err = c.permissionClient.DeletePermission(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	return err
+}
+
+func (c *permissionGRPCClient) TransferOwnership(ctx context.Context, req *generativelanguagepb.TransferOwnershipRequest, opts ...gax.CallOption) (*generativelanguagepb.TransferOwnershipResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).TransferOwnership[0:len((*c.CallOptions).TransferOwnership):len((*c.CallOptions).TransferOwnership)], opts...)
+	var resp *generativelanguagepb.TransferOwnershipResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.permissionClient.TransferOwnership(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// CreatePermission create a permission to a specific resource.
+func (c *permissionRESTClient) CreatePermission(ctx context.Context, req *generativelanguagepb.CreatePermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetPermission()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v/permissions", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).CreatePermission[0:len((*c.CallOptions).CreatePermission):len((*c.CallOptions).CreatePermission)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.Permission{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetPermission gets information about a specific Permission.
+func (c *permissionRESTClient) GetPermission(ctx context.Context, req *generativelanguagepb.GetPermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).GetPermission[0:len((*c.CallOptions).GetPermission):len((*c.CallOptions).GetPermission)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.Permission{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// ListPermissions lists permissions for the specific resource.
+func (c *permissionRESTClient) ListPermissions(ctx context.Context, req *generativelanguagepb.ListPermissionsRequest, opts ...gax.CallOption) *PermissionIterator {
+	it := &PermissionIterator{}
+	req = proto.Clone(req).(*generativelanguagepb.ListPermissionsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*generativelanguagepb.Permission, string, error) {
+		resp := &generativelanguagepb.ListPermissionsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1beta/%v/permissions", req.GetParent())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetPermissions(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// UpdatePermission updates the permission.
+func (c *permissionRESTClient) UpdatePermission(ctx context.Context, req *generativelanguagepb.UpdatePermissionRequest, opts ...gax.CallOption) (*generativelanguagepb.Permission, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetPermission()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetPermission().GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetUpdateMask() != nil {
+		updateMask, err := protojson.Marshal(req.GetUpdateMask())
+		if err != nil {
+			return nil, err
+		}
+		params.Add("updateMask", string(updateMask[1:len(updateMask)-1]))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "permission.name", url.QueryEscape(req.GetPermission().GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).UpdatePermission[0:len((*c.CallOptions).UpdatePermission):len((*c.CallOptions).UpdatePermission)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.Permission{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("PATCH", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// DeletePermission deletes the permission.
+func (c *permissionRESTClient) DeletePermission(ctx context.Context, req *generativelanguagepb.DeletePermissionRequest, opts ...gax.CallOption) error {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	return gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("DELETE", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		// Returns nil if there is no error, otherwise wraps
+		// the response code and body into a non-nil error
+		return googleapi.CheckResponse(httpRsp)
+	}, opts...)
+}
+
+// TransferOwnership transfers ownership of the tuned model.
+// This is the only way to change ownership of the tuned model.
+// The current owner will be downgraded to writer role.
+func (c *permissionRESTClient) TransferOwnership(ctx context.Context, req *generativelanguagepb.TransferOwnershipRequest, opts ...gax.CallOption) (*generativelanguagepb.TransferOwnershipResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:transferOwnership", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).TransferOwnership[0:len((*c.CallOptions).TransferOwnership):len((*c.CallOptions).TransferOwnership)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.TransferOwnershipResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/text_client.go

@@ -0,0 +1,724 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go_gapic. DO NOT EDIT.
+
+package generativelanguage
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+	"time"
+
+	generativelanguagepb "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb"
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/api/option"
+	"google.golang.org/api/option/internaloption"
+	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+var newTextClientHook clientHook
+
+// TextCallOptions contains the retry settings for each method of TextClient.
+type TextCallOptions struct {
+	GenerateText    []gax.CallOption
+	EmbedText       []gax.CallOption
+	BatchEmbedText  []gax.CallOption
+	CountTextTokens []gax.CallOption
+}
+
+func defaultTextGRPCClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("generativelanguage.googleapis.com:443"),
+		internaloption.WithDefaultEndpointTemplate("generativelanguage.UNIVERSE_DOMAIN:443"),
+		internaloption.WithDefaultMTLSEndpoint("generativelanguage.mtls.googleapis.com:443"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+		internaloption.EnableJwtWithScope(),
+		option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(math.MaxInt32))),
+	}
+}
+
+func defaultTextCallOptions() *TextCallOptions {
+	return &TextCallOptions{
+		GenerateText: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		EmbedText: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		BatchEmbedText: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+		CountTextTokens: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				})
+			}),
+		},
+	}
+}
+
+func defaultTextRESTCallOptions() *TextCallOptions {
+	return &TextCallOptions{
+		GenerateText: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		EmbedText: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		BatchEmbedText: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+		CountTextTokens: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    1000 * time.Millisecond,
+					Max:        10000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable)
+			}),
+		},
+	}
+}
+
+// internalTextClient is an interface that defines the methods available from Generative Language API.
+type internalTextClient interface {
+	Close() error
+	setGoogleClientInfo(...string)
+	Connection() *grpc.ClientConn
+	GenerateText(context.Context, *generativelanguagepb.GenerateTextRequest, ...gax.CallOption) (*generativelanguagepb.GenerateTextResponse, error)
+	EmbedText(context.Context, *generativelanguagepb.EmbedTextRequest, ...gax.CallOption) (*generativelanguagepb.EmbedTextResponse, error)
+	BatchEmbedText(context.Context, *generativelanguagepb.BatchEmbedTextRequest, ...gax.CallOption) (*generativelanguagepb.BatchEmbedTextResponse, error)
+	CountTextTokens(context.Context, *generativelanguagepb.CountTextTokensRequest, ...gax.CallOption) (*generativelanguagepb.CountTextTokensResponse, error)
+}
+
+// TextClient is a client for interacting with Generative Language API.
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+//
+// API for using Generative Language Models (GLMs) trained to generate text.
+//
+// Also known as Large Language Models (LLM)s, these generate text given an
+// input prompt from the user.
+type TextClient struct {
+	// The internal transport-dependent client.
+	internalClient internalTextClient
+
+	// The call options for this service.
+	CallOptions *TextCallOptions
+}
+
+// Wrapper methods routed to the internal client.
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *TextClient) Close() error {
+	return c.internalClient.Close()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *TextClient) setGoogleClientInfo(keyval ...string) {
+	c.internalClient.setGoogleClientInfo(keyval...)
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *TextClient) Connection() *grpc.ClientConn {
+	return c.internalClient.Connection()
+}
+
+// GenerateText generates a response from the model given an input message.
+func (c *TextClient) GenerateText(ctx context.Context, req *generativelanguagepb.GenerateTextRequest, opts ...gax.CallOption) (*generativelanguagepb.GenerateTextResponse, error) {
+	return c.internalClient.GenerateText(ctx, req, opts...)
+}
+
+// EmbedText generates an embedding from the model given an input message.
+func (c *TextClient) EmbedText(ctx context.Context, req *generativelanguagepb.EmbedTextRequest, opts ...gax.CallOption) (*generativelanguagepb.EmbedTextResponse, error) {
+	return c.internalClient.EmbedText(ctx, req, opts...)
+}
+
+// BatchEmbedText generates multiple embeddings from the model given input text in a
+// synchronous call.
+func (c *TextClient) BatchEmbedText(ctx context.Context, req *generativelanguagepb.BatchEmbedTextRequest, opts ...gax.CallOption) (*generativelanguagepb.BatchEmbedTextResponse, error) {
+	return c.internalClient.BatchEmbedText(ctx, req, opts...)
+}
+
+// CountTextTokens runs a model’s tokenizer on a text and returns the token count.
+func (c *TextClient) CountTextTokens(ctx context.Context, req *generativelanguagepb.CountTextTokensRequest, opts ...gax.CallOption) (*generativelanguagepb.CountTextTokensResponse, error) {
+	return c.internalClient.CountTextTokens(ctx, req, opts...)
+}
+
+// textGRPCClient is a client for interacting with Generative Language API over gRPC transport.
+//
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type textGRPCClient struct {
+	// Connection pool of gRPC connections to the service.
+	connPool gtransport.ConnPool
+
+	// Points back to the CallOptions field of the containing TextClient
+	CallOptions **TextCallOptions
+
+	// The gRPC API client.
+	textClient generativelanguagepb.TextServiceClient
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogHeaders []string
+}
+
+// NewTextClient creates a new text service client based on gRPC.
+// The returned client must be Closed when it is done being used to clean up its underlying connections.
+//
+// API for using Generative Language Models (GLMs) trained to generate text.
+//
+// Also known as Large Language Models (LLM)s, these generate text given an
+// input prompt from the user.
+func NewTextClient(ctx context.Context, opts ...option.ClientOption) (*TextClient, error) {
+	clientOpts := defaultTextGRPCClientOptions()
+	if newTextClientHook != nil {
+		hookOpts, err := newTextClientHook(ctx, clientHookParams{})
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, hookOpts...)
+	}
+
+	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
+	if err != nil {
+		return nil, err
+	}
+	client := TextClient{CallOptions: defaultTextCallOptions()}
+
+	c := &textGRPCClient{
+		connPool:    connPool,
+		textClient:  generativelanguagepb.NewTextServiceClient(connPool),
+		CallOptions: &client.CallOptions,
+	}
+	c.setGoogleClientInfo()
+
+	client.internalClient = c
+
+	return &client, nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: Connections are now pooled so this method does not always
+// return the same resource.
+func (c *textGRPCClient) Connection() *grpc.ClientConn {
+	return c.connPool.Conn()
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *textGRPCClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *textGRPCClient) Close() error {
+	return c.connPool.Close()
+}
+
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type textRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
+
+	// Points back to the CallOptions field of the containing TextClient
+	CallOptions **TextCallOptions
+}
+
+// NewTextRESTClient creates a new text service rest client.
+//
+// API for using Generative Language Models (GLMs) trained to generate text.
+//
+// Also known as Large Language Models (LLM)s, these generate text given an
+// input prompt from the user.
+func NewTextRESTClient(ctx context.Context, opts ...option.ClientOption) (*TextClient, error) {
+	clientOpts := append(defaultTextRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultTextRESTCallOptions()
+	c := &textRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &TextClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultTextRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://generativelanguage.googleapis.com"),
+		internaloption.WithDefaultEndpointTemplate("https://generativelanguage.UNIVERSE_DOMAIN"),
+		internaloption.WithDefaultMTLSEndpoint("https://generativelanguage.mtls.googleapis.com"),
+		internaloption.WithDefaultUniverseDomain("googleapis.com"),
+		internaloption.WithDefaultAudience("https://generativelanguage.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *textRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogHeaders = []string{
+		"x-goog-api-client", gax.XGoogHeader(kv...),
+	}
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *textRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *textRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
+func (c *textGRPCClient) GenerateText(ctx context.Context, req *generativelanguagepb.GenerateTextRequest, opts ...gax.CallOption) (*generativelanguagepb.GenerateTextResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).GenerateText[0:len((*c.CallOptions).GenerateText):len((*c.CallOptions).GenerateText)], opts...)
+	var resp *generativelanguagepb.GenerateTextResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.textClient.GenerateText(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *textGRPCClient) EmbedText(ctx context.Context, req *generativelanguagepb.EmbedTextRequest, opts ...gax.CallOption) (*generativelanguagepb.EmbedTextResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).EmbedText[0:len((*c.CallOptions).EmbedText):len((*c.CallOptions).EmbedText)], opts...)
+	var resp *generativelanguagepb.EmbedTextResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.textClient.EmbedText(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *textGRPCClient) BatchEmbedText(ctx context.Context, req *generativelanguagepb.BatchEmbedTextRequest, opts ...gax.CallOption) (*generativelanguagepb.BatchEmbedTextResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).BatchEmbedText[0:len((*c.CallOptions).BatchEmbedText):len((*c.CallOptions).BatchEmbedText)], opts...)
+	var resp *generativelanguagepb.BatchEmbedTextResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.textClient.BatchEmbedText(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *textGRPCClient) CountTextTokens(ctx context.Context, req *generativelanguagepb.CountTextTokensRequest, opts ...gax.CallOption) (*generativelanguagepb.CountTextTokensResponse, error) {
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
+	opts = append((*c.CallOptions).CountTextTokens[0:len((*c.CallOptions).CountTextTokens):len((*c.CallOptions).CountTextTokens)], opts...)
+	var resp *generativelanguagepb.CountTextTokensResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.textClient.CountTextTokens(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// GenerateText generates a response from the model given an input message.
+func (c *textRESTClient) GenerateText(ctx context.Context, req *generativelanguagepb.GenerateTextRequest, opts ...gax.CallOption) (*generativelanguagepb.GenerateTextResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:generateText", req.GetModel())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).GenerateText[0:len((*c.CallOptions).GenerateText):len((*c.CallOptions).GenerateText)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.GenerateTextResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// EmbedText generates an embedding from the model given an input message.
+func (c *textRESTClient) EmbedText(ctx context.Context, req *generativelanguagepb.EmbedTextRequest, opts ...gax.CallOption) (*generativelanguagepb.EmbedTextResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:embedText", req.GetModel())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).EmbedText[0:len((*c.CallOptions).EmbedText):len((*c.CallOptions).EmbedText)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.EmbedTextResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// BatchEmbedText generates multiple embeddings from the model given input text in a
+// synchronous call.
+func (c *textRESTClient) BatchEmbedText(ctx context.Context, req *generativelanguagepb.BatchEmbedTextRequest, opts ...gax.CallOption) (*generativelanguagepb.BatchEmbedTextResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:batchEmbedText", req.GetModel())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).BatchEmbedText[0:len((*c.CallOptions).BatchEmbedText):len((*c.CallOptions).BatchEmbedText)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.BatchEmbedTextResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CountTextTokens runs a model’s tokenizer on a text and returns the token count.
+func (c *textRESTClient) CountTextTokens(ctx context.Context, req *generativelanguagepb.CountTextTokensRequest, opts ...gax.CallOption) (*generativelanguagepb.CountTextTokensResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1beta/%v:countTextTokens", req.GetModel())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "model", url.QueryEscape(req.GetModel()))}
+
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
+	opts = append((*c.CallOptions).CountTextTokens[0:len((*c.CallOptions).CountTextTokens):len((*c.CallOptions).CountTextTokens)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &generativelanguagepb.CountTextTokensResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}

vendor/cloud.google.com/go/ai/generativelanguage/apiv1beta/version.go

@@ -0,0 +1,23 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by gapicgen. DO NOT EDIT.
+
+package generativelanguage
+
+import "cloud.google.com/go/ai/internal"
+
+func init() {
+	versionClient = internal.Version
+}

vendor/cloud.google.com/go/ai/internal/version.go

@@ -0,0 +1,20 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by gapicgen. DO NOT EDIT.
+
+package internal
+
+// Version is the current tagged release of the library.
+const Version = "0.8.0"

vendor/cloud.google.com/go/auth/CHANGES.md

@@ -0,0 +1,168 @@
+# Changelog
+
+## [0.6.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.5.2...auth/v0.6.0) (2024-06-25)
+
+
+### Features
+
+* **auth:** Add non-blocking token refresh for compute MDS ([#10263](https://github.com/googleapis/google-cloud-go/issues/10263)) ([9ac350d](https://github.com/googleapis/google-cloud-go/commit/9ac350da11a49b8e2174d3fc5b1a5070fec78b4e))
+
+
+### Bug Fixes
+
+* **auth:** Return error if envvar detected file returns an error ([#10431](https://github.com/googleapis/google-cloud-go/issues/10431)) ([e52b9a7](https://github.com/googleapis/google-cloud-go/commit/e52b9a7c45468827f5d220ab00965191faeb9d05))
+
+## [0.5.2](https://github.com/googleapis/google-cloud-go/compare/auth/v0.5.1...auth/v0.5.2) (2024-06-24)
+
+
+### Bug Fixes
+
+* **auth:** Fetch initial token when CachedTokenProviderOptions.DisableAutoRefresh is true ([#10415](https://github.com/googleapis/google-cloud-go/issues/10415)) ([3266763](https://github.com/googleapis/google-cloud-go/commit/32667635ca2efad05cd8c087c004ca07d7406913)), refs [#10414](https://github.com/googleapis/google-cloud-go/issues/10414)
+
+## [0.5.1](https://github.com/googleapis/google-cloud-go/compare/auth/v0.5.0...auth/v0.5.1) (2024-05-31)
+
+
+### Bug Fixes
+
+* **auth:** Pass through client to 2LO and 3LO flows ([#10290](https://github.com/googleapis/google-cloud-go/issues/10290)) ([685784e](https://github.com/googleapis/google-cloud-go/commit/685784ea84358c15e9214bdecb307d37aa3b6d2f))
+
+## [0.5.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.4.2...auth/v0.5.0) (2024-05-28)
+
+
+### Features
+
+* **auth:** Adds X509 workload certificate provider ([#10233](https://github.com/googleapis/google-cloud-go/issues/10233)) ([17a9db7](https://github.com/googleapis/google-cloud-go/commit/17a9db73af35e3d1a7a25ac4fd1377a103de6150))
+
+## [0.4.2](https://github.com/googleapis/google-cloud-go/compare/auth/v0.4.1...auth/v0.4.2) (2024-05-16)
+
+
+### Bug Fixes
+
+* **auth:** Enable client certificates by default only for GDU ([#10151](https://github.com/googleapis/google-cloud-go/issues/10151)) ([7c52978](https://github.com/googleapis/google-cloud-go/commit/7c529786275a39b7e00525f7d5e7be0d963e9e15))
+* **auth:** Handle non-Transport DefaultTransport ([#10162](https://github.com/googleapis/google-cloud-go/issues/10162)) ([fa3bfdb](https://github.com/googleapis/google-cloud-go/commit/fa3bfdb23aaa45b34394a8b61e753b3587506782)), refs [#10159](https://github.com/googleapis/google-cloud-go/issues/10159)
+* **auth:** Have refresh time match docs ([#10147](https://github.com/googleapis/google-cloud-go/issues/10147)) ([bcb5568](https://github.com/googleapis/google-cloud-go/commit/bcb5568c07a54dd3d2e869d15f502b0741a609e8))
+* **auth:** Update compute token fetching error with named prefix ([#10180](https://github.com/googleapis/google-cloud-go/issues/10180)) ([4573504](https://github.com/googleapis/google-cloud-go/commit/4573504828d2928bebedc875d87650ba227829ea))
+
+## [0.4.1](https://github.com/googleapis/google-cloud-go/compare/auth/v0.4.0...auth/v0.4.1) (2024-05-09)
+
+
+### Bug Fixes
+
+* **auth:** Don't try to detect default creds it opt configured ([#10143](https://github.com/googleapis/google-cloud-go/issues/10143)) ([804632e](https://github.com/googleapis/google-cloud-go/commit/804632e7c5b0b85ff522f7951114485e256eb5bc))
+
+## [0.4.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.3.0...auth/v0.4.0) (2024-05-07)
+
+
+### Features
+
+* **auth:** Enable client certificates by default ([#10102](https://github.com/googleapis/google-cloud-go/issues/10102)) ([9013e52](https://github.com/googleapis/google-cloud-go/commit/9013e5200a6ec0f178ed91acb255481ffb073a2c))
+
+
+### Bug Fixes
+
+* **auth:** Get s2a logic up to date ([#10093](https://github.com/googleapis/google-cloud-go/issues/10093)) ([4fe9ae4](https://github.com/googleapis/google-cloud-go/commit/4fe9ae4b7101af2a5221d6d6b2e77b479305bb06))
+
+## [0.3.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.2.2...auth/v0.3.0) (2024-04-23)
+
+
+### Features
+
+* **auth/httptransport:** Add ability to customize transport ([#10023](https://github.com/googleapis/google-cloud-go/issues/10023)) ([72c7f6b](https://github.com/googleapis/google-cloud-go/commit/72c7f6bbec3136cc7a62788fc7186bc33ef6c3b3)), refs [#9812](https://github.com/googleapis/google-cloud-go/issues/9812) [#9814](https://github.com/googleapis/google-cloud-go/issues/9814)
+
+
+### Bug Fixes
+
+* **auth/credentials:** Error on bad file name if explicitly set ([#10018](https://github.com/googleapis/google-cloud-go/issues/10018)) ([55beaa9](https://github.com/googleapis/google-cloud-go/commit/55beaa993aaf052d8be39766afc6777c3c2a0bdd)), refs [#9809](https://github.com/googleapis/google-cloud-go/issues/9809)
+
+## [0.2.2](https://github.com/googleapis/google-cloud-go/compare/auth/v0.2.1...auth/v0.2.2) (2024-04-19)
+
+
+### Bug Fixes
+
+* **auth:** Add internal opt to skip validation on transports ([#9999](https://github.com/googleapis/google-cloud-go/issues/9999)) ([9e20ef8](https://github.com/googleapis/google-cloud-go/commit/9e20ef89f6287d6bd03b8697d5898dc43b4a77cf)), refs [#9823](https://github.com/googleapis/google-cloud-go/issues/9823)
+* **auth:** Set secure flag for gRPC conn pools ([#10002](https://github.com/googleapis/google-cloud-go/issues/10002)) ([14e3956](https://github.com/googleapis/google-cloud-go/commit/14e3956dfd736399731b5ee8d9b178ae085cf7ba)), refs [#9833](https://github.com/googleapis/google-cloud-go/issues/9833)
+
+## [0.2.1](https://github.com/googleapis/google-cloud-go/compare/auth/v0.2.0...auth/v0.2.1) (2024-04-18)
+
+
+### Bug Fixes
+
+* **auth:** Default gRPC token type to Bearer if not set ([#9800](https://github.com/googleapis/google-cloud-go/issues/9800)) ([5284066](https://github.com/googleapis/google-cloud-go/commit/5284066670b6fe65d79089cfe0199c9660f87fc7))
+
+## [0.2.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.1.1...auth/v0.2.0) (2024-04-15)
+
+### Breaking Changes
+
+In the below mentioned commits there were a few large breaking changes since the
+last release of the module.
+
+1. The `Credentials` type has been moved to the root of the module as it is
+   becoming the core abstraction for the whole module.
+2. Because of the above mentioned change many functions that previously
+   returned a `TokenProvider` now return `Credentials`. Similarly, these
+   functions have been renamed to be more specific.
+3. Most places that used to take an optional `TokenProvider` now accept
+   `Credentials`. You can make a `Credentials` from a `TokenProvider` using the
+   constructor found in the `auth` package.
+4. The `detect` package has been renamed to `credentials`. With this change some
+   function signatures were also updated for better readability.
+5. Derivative auth flows like `impersonate` and `downscope` have been moved to
+   be under the new `credentials` package.
+
+Although these changes are disruptive we think that they are for the best of the
+long-term health of the module. We do not expect any more large breaking changes
+like these in future revisions, even before 1.0.0. This version will be the
+first version of the auth library that our client libraries start to use and
+depend on.
+
+### Features
+
+* **auth/credentials/externalaccount:** Add default TokenURL ([#9700](https://github.com/googleapis/google-cloud-go/issues/9700)) ([81830e6](https://github.com/googleapis/google-cloud-go/commit/81830e6848ceefd055aa4d08f933d1154455a0f6))
+* **auth:** Add downscope.Options.UniverseDomain ([#9634](https://github.com/googleapis/google-cloud-go/issues/9634)) ([52cf7d7](https://github.com/googleapis/google-cloud-go/commit/52cf7d780853594291c4e34302d618299d1f5a1d))
+* **auth:** Add universe domain to grpctransport and httptransport ([#9663](https://github.com/googleapis/google-cloud-go/issues/9663)) ([67d353b](https://github.com/googleapis/google-cloud-go/commit/67d353beefe3b607c08c891876fbd95ab89e5fe3)), refs [#9670](https://github.com/googleapis/google-cloud-go/issues/9670)
+* **auth:** Add UniverseDomain to DetectOptions ([#9536](https://github.com/googleapis/google-cloud-go/issues/9536)) ([3618d3f](https://github.com/googleapis/google-cloud-go/commit/3618d3f7061615c0e189f376c75abc201203b501))
+* **auth:** Make package externalaccount public ([#9633](https://github.com/googleapis/google-cloud-go/issues/9633)) ([a0978d8](https://github.com/googleapis/google-cloud-go/commit/a0978d8e96968399940ebd7d092539772bf9caac))
+* **auth:** Move credentials to base auth package ([#9590](https://github.com/googleapis/google-cloud-go/issues/9590)) ([1a04baf](https://github.com/googleapis/google-cloud-go/commit/1a04bafa83c27342b9308d785645e1e5423ea10d))
+* **auth:** Refactor public sigs to use Credentials ([#9603](https://github.com/googleapis/google-cloud-go/issues/9603)) ([69cb240](https://github.com/googleapis/google-cloud-go/commit/69cb240c530b1f7173a9af2555c19e9a1beb56c5))
+
+
+### Bug Fixes
+
+* **auth/oauth2adapt:** Update protobuf dep to v1.33.0 ([30b038d](https://github.com/googleapis/google-cloud-go/commit/30b038d8cac0b8cd5dd4761c87f3f298760dd33a))
+* **auth:** Fix uint32 conversion ([9221c7f](https://github.com/googleapis/google-cloud-go/commit/9221c7fa12cef9d5fb7ddc92f41f1d6204971c7b))
+* **auth:** Port sts expires fix ([#9618](https://github.com/googleapis/google-cloud-go/issues/9618)) ([7bec97b](https://github.com/googleapis/google-cloud-go/commit/7bec97b2f51ed3ac4f9b88bf100d301da3f5d1bd))
+* **auth:** Read universe_domain from all credentials files ([#9632](https://github.com/googleapis/google-cloud-go/issues/9632)) ([16efbb5](https://github.com/googleapis/google-cloud-go/commit/16efbb52e39ea4a319e5ee1e95c0e0305b6d9824))
+* **auth:** Remove content-type header from idms get requests ([#9508](https://github.com/googleapis/google-cloud-go/issues/9508)) ([8589f41](https://github.com/googleapis/google-cloud-go/commit/8589f41599d265d7c3d46a3d86c9fab2329cbdd9))
+* **auth:** Update protobuf dep to v1.33.0 ([30b038d](https://github.com/googleapis/google-cloud-go/commit/30b038d8cac0b8cd5dd4761c87f3f298760dd33a))
+
+## [0.1.1](https://github.com/googleapis/google-cloud-go/compare/auth/v0.1.0...auth/v0.1.1) (2024-03-10)
+
+
+### Bug Fixes
+
+* **auth/impersonate:** Properly send default detect params ([#9529](https://github.com/googleapis/google-cloud-go/issues/9529)) ([5b6b8be](https://github.com/googleapis/google-cloud-go/commit/5b6b8bef577f82707e51f5cc5d258d5bdf90218f)), refs [#9136](https://github.com/googleapis/google-cloud-go/issues/9136)
+* **auth:** Update grpc-go to v1.56.3 ([343cea8](https://github.com/googleapis/google-cloud-go/commit/343cea8c43b1e31ae21ad50ad31d3b0b60143f8c))
+* **auth:** Update grpc-go to v1.59.0 ([81a97b0](https://github.com/googleapis/google-cloud-go/commit/81a97b06cb28b25432e4ece595c55a9857e960b7))
+
+## 0.1.0 (2023-10-18)
+
+
+### Features
+
+* **auth:** Add base auth package ([#8465](https://github.com/googleapis/google-cloud-go/issues/8465)) ([6a45f26](https://github.com/googleapis/google-cloud-go/commit/6a45f26b809b64edae21f312c18d4205f96b180e))
+* **auth:** Add cert support to httptransport ([#8569](https://github.com/googleapis/google-cloud-go/issues/8569)) ([37e3435](https://github.com/googleapis/google-cloud-go/commit/37e3435f8e98595eafab481bdfcb31a4c56fa993))
+* **auth:** Add Credentials.UniverseDomain() ([#8654](https://github.com/googleapis/google-cloud-go/issues/8654)) ([af0aa1e](https://github.com/googleapis/google-cloud-go/commit/af0aa1ed8015bc8fe0dd87a7549ae029107cbdb8))
+* **auth:** Add detect package ([#8491](https://github.com/googleapis/google-cloud-go/issues/8491)) ([d977419](https://github.com/googleapis/google-cloud-go/commit/d977419a3269f6acc193df77a2136a6eb4b4add7))
+* **auth:** Add downscope package ([#8532](https://github.com/googleapis/google-cloud-go/issues/8532)) ([dda9bff](https://github.com/googleapis/google-cloud-go/commit/dda9bff8ec70e6d104901b4105d13dcaa4e2404c))
+* **auth:** Add grpctransport package ([#8625](https://github.com/googleapis/google-cloud-go/issues/8625)) ([69a8347](https://github.com/googleapis/google-cloud-go/commit/69a83470bdcc7ed10c6c36d1abc3b7cfdb8a0ee5))
+* **auth:** Add httptransport package ([#8567](https://github.com/googleapis/google-cloud-go/issues/8567)) ([6898597](https://github.com/googleapis/google-cloud-go/commit/6898597d2ea95d630fcd00fd15c58c75ea843bff))
+* **auth:** Add idtoken package ([#8580](https://github.com/googleapis/google-cloud-go/issues/8580)) ([a79e693](https://github.com/googleapis/google-cloud-go/commit/a79e693e97e4e3e1c6742099af3dbc58866d88fe))
+* **auth:** Add impersonate package ([#8578](https://github.com/googleapis/google-cloud-go/issues/8578)) ([e29ba0c](https://github.com/googleapis/google-cloud-go/commit/e29ba0cb7bd3888ab9e808087027dc5a32474c04))
+* **auth:** Add support for external accounts in detect ([#8508](https://github.com/googleapis/google-cloud-go/issues/8508)) ([62210d5](https://github.com/googleapis/google-cloud-go/commit/62210d5d3e56e8e9f35db8e6ac0defec19582507))
+* **auth:** Port external account changes ([#8697](https://github.com/googleapis/google-cloud-go/issues/8697)) ([5823db5](https://github.com/googleapis/google-cloud-go/commit/5823db5d633069999b58b9131a7f9cd77e82c899))
+
+
+### Bug Fixes
+
+* **auth/oauth2adapt:** Update golang.org/x/net to v0.17.0 ([174da47](https://github.com/googleapis/google-cloud-go/commit/174da47254fefb12921bbfc65b7829a453af6f5d))
+* **auth:** Update golang.org/x/net to v0.17.0 ([174da47](https://github.com/googleapis/google-cloud-go/commit/174da47254fefb12921bbfc65b7829a453af6f5d))

vendor/cloud.google.com/go/auth/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

vendor/cloud.google.com/go/auth/README.md

@@ -0,0 +1,4 @@
+# auth
+
+This module is currently EXPERIMENTAL and under active development. It is not
+yet intended to be used.

vendor/cloud.google.com/go/auth/auth.go

@@ -0,0 +1,591 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+	"time"
+
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/jwt"
+)
+
+const (
+	// Parameter keys for AuthCodeURL method to support PKCE.
+	codeChallengeKey       = "code_challenge"
+	codeChallengeMethodKey = "code_challenge_method"
+
+	// Parameter key for Exchange method to support PKCE.
+	codeVerifierKey = "code_verifier"
+
+	// 3 minutes and 45 seconds before expiration. The shortest MDS cache is 4 minutes,
+	// so we give it 15 seconds to refresh it's cache before attempting to refresh a token.
+	defaultExpiryDelta = 225 * time.Second
+
+	universeDomainDefault = "googleapis.com"
+)
+
+// tokenState represents different states for a [Token].
+type tokenState int
+
+const (
+	// fresh indicates that the [Token] is valid. It is not expired or close to
+	// expired, or the token has no expiry.
+	fresh tokenState = iota
+	// stale indicates that the [Token] is close to expired, and should be
+	// refreshed. The token can be used normally.
+	stale
+	// invalid indicates that the [Token] is expired or invalid. The token
+	// cannot be used for a normal operation.
+	invalid
+)
+
+var (
+	defaultGrantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"
+	defaultHeader    = &jwt.Header{Algorithm: jwt.HeaderAlgRSA256, Type: jwt.HeaderType}
+
+	// for testing
+	timeNow = time.Now
+)
+
+// TokenProvider specifies an interface for anything that can return a token.
+type TokenProvider interface {
+	// Token returns a Token or an error.
+	// The Token returned must be safe to use
+	// concurrently.
+	// The returned Token must not be modified.
+	// The context provided must be sent along to any requests that are made in
+	// the implementing code.
+	Token(context.Context) (*Token, error)
+}
+
+// Token holds the credential token used to authorized requests. All fields are
+// considered read-only.
+type Token struct {
+	// Value is the token used to authorize requests. It is usually an access
+	// token but may be other types of tokens such as ID tokens in some flows.
+	Value string
+	// Type is the type of token Value is. If uninitialized, it should be
+	// assumed to be a "Bearer" token.
+	Type string
+	// Expiry is the time the token is set to expire.
+	Expiry time.Time
+	// Metadata  may include, but is not limited to, the body of the token
+	// response returned by the server.
+	Metadata map[string]interface{} // TODO(codyoss): maybe make a method to flatten metadata to avoid []string for url.Values
+}
+
+// IsValid reports that a [Token] is non-nil, has a [Token.Value], and has not
+// expired. A token is considered expired if [Token.Expiry] has passed or will
+// pass in the next 225 seconds.
+func (t *Token) IsValid() bool {
+	return t.isValidWithEarlyExpiry(defaultExpiryDelta)
+}
+
+func (t *Token) isValidWithEarlyExpiry(earlyExpiry time.Duration) bool {
+	if t.isEmpty() {
+		return false
+	}
+	if t.Expiry.IsZero() {
+		return true
+	}
+	return !t.Expiry.Round(0).Add(-earlyExpiry).Before(timeNow())
+}
+
+func (t *Token) isEmpty() bool {
+	return t == nil || t.Value == ""
+}
+
+// Credentials holds Google credentials, including
+// [Application Default Credentials](https://developers.google.com/accounts/docs/application-default-credentials).
+type Credentials struct {
+	json           []byte
+	projectID      CredentialsPropertyProvider
+	quotaProjectID CredentialsPropertyProvider
+	// universeDomain is the default service domain for a given Cloud universe.
+	universeDomain CredentialsPropertyProvider
+
+	TokenProvider
+}
+
+// JSON returns the bytes associated with the the file used to source
+// credentials if one was used.
+func (c *Credentials) JSON() []byte {
+	return c.json
+}
+
+// ProjectID returns the associated project ID from the underlying file or
+// environment.
+func (c *Credentials) ProjectID(ctx context.Context) (string, error) {
+	if c.projectID == nil {
+		return internal.GetProjectID(c.json, ""), nil
+	}
+	v, err := c.projectID.GetProperty(ctx)
+	if err != nil {
+		return "", err
+	}
+	return internal.GetProjectID(c.json, v), nil
+}
+
+// QuotaProjectID returns the associated quota project ID from the underlying
+// file or environment.
+func (c *Credentials) QuotaProjectID(ctx context.Context) (string, error) {
+	if c.quotaProjectID == nil {
+		return internal.GetQuotaProject(c.json, ""), nil
+	}
+	v, err := c.quotaProjectID.GetProperty(ctx)
+	if err != nil {
+		return "", err
+	}
+	return internal.GetQuotaProject(c.json, v), nil
+}
+
+// UniverseDomain returns the default service domain for a given Cloud universe.
+// The default value is "googleapis.com".
+func (c *Credentials) UniverseDomain(ctx context.Context) (string, error) {
+	if c.universeDomain == nil {
+		return universeDomainDefault, nil
+	}
+	v, err := c.universeDomain.GetProperty(ctx)
+	if err != nil {
+		return "", err
+	}
+	if v == "" {
+		return universeDomainDefault, nil
+	}
+	return v, err
+}
+
+// CredentialsPropertyProvider provides an implementation to fetch a property
+// value for [Credentials].
+type CredentialsPropertyProvider interface {
+	GetProperty(context.Context) (string, error)
+}
+
+// CredentialsPropertyFunc is a type adapter to allow the use of ordinary
+// functions as a [CredentialsPropertyProvider].
+type CredentialsPropertyFunc func(context.Context) (string, error)
+
+// GetProperty loads the properly value provided the given context.
+func (p CredentialsPropertyFunc) GetProperty(ctx context.Context) (string, error) {
+	return p(ctx)
+}
+
+// CredentialsOptions are used to configure [Credentials].
+type CredentialsOptions struct {
+	// TokenProvider is a means of sourcing a token for the credentials. Required.
+	TokenProvider TokenProvider
+	// JSON is the raw contents of the credentials file if sourced from a file.
+	JSON []byte
+	// ProjectIDProvider resolves the project ID associated with the
+	// credentials.
+	ProjectIDProvider CredentialsPropertyProvider
+	// QuotaProjectIDProvider resolves the quota project ID associated with the
+	// credentials.
+	QuotaProjectIDProvider CredentialsPropertyProvider
+	// UniverseDomainProvider resolves the universe domain with the credentials.
+	UniverseDomainProvider CredentialsPropertyProvider
+}
+
+// NewCredentials returns new [Credentials] from the provided options. Most users
+// will want to build this object a function from the
+// [cloud.google.com/go/auth/credentials] package.
+func NewCredentials(opts *CredentialsOptions) *Credentials {
+	creds := &Credentials{
+		TokenProvider:  opts.TokenProvider,
+		json:           opts.JSON,
+		projectID:      opts.ProjectIDProvider,
+		quotaProjectID: opts.QuotaProjectIDProvider,
+		universeDomain: opts.UniverseDomainProvider,
+	}
+
+	return creds
+}
+
+// CachedTokenProviderOptions provided options for configuring a
+// CachedTokenProvider.
+type CachedTokenProviderOptions struct {
+	// DisableAutoRefresh makes the TokenProvider always return the same token,
+	// even if it is expired. The default is false. Optional.
+	DisableAutoRefresh bool
+	// ExpireEarly configures the amount of time before a token expires, that it
+	// should be refreshed. If unset, the default value is 3 minutes and 45
+	// seconds. Optional.
+	ExpireEarly time.Duration
+	// DisableAsyncRefresh configures a synchronous workflow that refreshes
+	// stale tokens while blocking. The default is false. Optional.
+	DisableAsyncRefresh bool
+}
+
+func (ctpo *CachedTokenProviderOptions) autoRefresh() bool {
+	if ctpo == nil {
+		return true
+	}
+	return !ctpo.DisableAutoRefresh
+}
+
+func (ctpo *CachedTokenProviderOptions) expireEarly() time.Duration {
+	if ctpo == nil {
+		return defaultExpiryDelta
+	}
+	return ctpo.ExpireEarly
+}
+
+func (ctpo *CachedTokenProviderOptions) blockingRefresh() bool {
+	if ctpo == nil {
+		return false
+	}
+	return ctpo.DisableAsyncRefresh
+}
+
+// NewCachedTokenProvider wraps a [TokenProvider] to cache the tokens returned
+// by the underlying provider. By default it will refresh tokens asynchronously
+// (non-blocking mode) within a window that starts 3 minutes and 45 seconds
+// before they expire. The asynchronous (non-blocking) refresh can be changed to
+// a synchronous (blocking) refresh using the
+// CachedTokenProviderOptions.DisableAsyncRefresh option. The time-before-expiry
+// duration can be configured using the CachedTokenProviderOptions.ExpireEarly
+// option.
+func NewCachedTokenProvider(tp TokenProvider, opts *CachedTokenProviderOptions) TokenProvider {
+	if ctp, ok := tp.(*cachedTokenProvider); ok {
+		return ctp
+	}
+	return &cachedTokenProvider{
+		tp:              tp,
+		autoRefresh:     opts.autoRefresh(),
+		expireEarly:     opts.expireEarly(),
+		blockingRefresh: opts.blockingRefresh(),
+	}
+}
+
+type cachedTokenProvider struct {
+	tp              TokenProvider
+	autoRefresh     bool
+	expireEarly     time.Duration
+	blockingRefresh bool
+
+	mu          sync.Mutex
+	cachedToken *Token
+	// isRefreshRunning ensures that the non-blocking refresh will only be
+	// attempted once, even if multiple callers enter the Token method.
+	isRefreshRunning bool
+	// isRefreshErr ensures that the non-blocking refresh will only be attempted
+	// once per refresh window if an error is encountered.
+	isRefreshErr bool
+}
+
+func (c *cachedTokenProvider) Token(ctx context.Context) (*Token, error) {
+	if c.blockingRefresh {
+		return c.tokenBlocking(ctx)
+	}
+	return c.tokenNonBlocking(ctx)
+}
+
+func (c *cachedTokenProvider) tokenNonBlocking(ctx context.Context) (*Token, error) {
+	switch c.tokenState() {
+	case fresh:
+		c.mu.Lock()
+		defer c.mu.Unlock()
+		return c.cachedToken, nil
+	case stale:
+		c.tokenAsync(ctx)
+		// Return the stale token immediately to not block customer requests to Cloud services.
+		c.mu.Lock()
+		defer c.mu.Unlock()
+		return c.cachedToken, nil
+	default: // invalid
+		return c.tokenBlocking(ctx)
+	}
+}
+
+// tokenState reports the token's validity.
+func (c *cachedTokenProvider) tokenState() tokenState {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	t := c.cachedToken
+	if t == nil || t.Value == "" {
+		return invalid
+	} else if t.Expiry.IsZero() {
+		return fresh
+	} else if timeNow().After(t.Expiry.Round(0)) {
+		return invalid
+	} else if timeNow().After(t.Expiry.Round(0).Add(-c.expireEarly)) {
+		return stale
+	}
+	return fresh
+}
+
+// tokenAsync uses a bool to ensure that only one non-blocking token refresh
+// happens at a time, even if multiple callers have entered this function
+// concurrently. This avoids creating an arbitrary number of concurrent
+// goroutines. Retries should be attempted and managed within the Token method.
+// If the refresh attempt fails, no further attempts are made until the refresh
+// window expires and the token enters the invalid state, at which point the
+// blocking call to Token should likely return the same error on the main goroutine.
+func (c *cachedTokenProvider) tokenAsync(ctx context.Context) {
+	fn := func() {
+		c.mu.Lock()
+		c.isRefreshRunning = true
+		c.mu.Unlock()
+		t, err := c.tp.Token(ctx)
+		c.mu.Lock()
+		defer c.mu.Unlock()
+		c.isRefreshRunning = false
+		if err != nil {
+			// Discard errors from the non-blocking refresh, but prevent further
+			// attempts.
+			c.isRefreshErr = true
+			return
+		}
+		c.cachedToken = t
+	}
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if !c.isRefreshRunning && !c.isRefreshErr {
+		go fn()
+	}
+}
+
+func (c *cachedTokenProvider) tokenBlocking(ctx context.Context) (*Token, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.isRefreshErr = false
+	if c.cachedToken.IsValid() || (!c.autoRefresh && !c.cachedToken.isEmpty()) {
+		return c.cachedToken, nil
+	}
+	t, err := c.tp.Token(ctx)
+	if err != nil {
+		return nil, err
+	}
+	c.cachedToken = t
+	return t, nil
+}
+
+// Error is a error associated with retrieving a [Token]. It can hold useful
+// additional details for debugging.
+type Error struct {
+	// Response is the HTTP response associated with error. The body will always
+	// be already closed and consumed.
+	Response *http.Response
+	// Body is the HTTP response body.
+	Body []byte
+	// Err is the underlying wrapped error.
+	Err error
+
+	// code returned in the token response
+	code string
+	// description returned in the token response
+	description string
+	// uri returned in the token response
+	uri string
+}
+
+func (e *Error) Error() string {
+	if e.code != "" {
+		s := fmt.Sprintf("auth: %q", e.code)
+		if e.description != "" {
+			s += fmt.Sprintf(" %q", e.description)
+		}
+		if e.uri != "" {
+			s += fmt.Sprintf(" %q", e.uri)
+		}
+		return s
+	}
+	return fmt.Sprintf("auth: cannot fetch token: %v\nResponse: %s", e.Response.StatusCode, e.Body)
+}
+
+// Temporary returns true if the error is considered temporary and may be able
+// to be retried.
+func (e *Error) Temporary() bool {
+	if e.Response == nil {
+		return false
+	}
+	sc := e.Response.StatusCode
+	return sc == http.StatusInternalServerError || sc == http.StatusServiceUnavailable || sc == http.StatusRequestTimeout || sc == http.StatusTooManyRequests
+}
+
+func (e *Error) Unwrap() error {
+	return e.Err
+}
+
+// Style describes how the token endpoint wants to receive the ClientID and
+// ClientSecret.
+type Style int
+
+const (
+	// StyleUnknown means the value has not been initiated. Sending this in
+	// a request will cause the token exchange to fail.
+	StyleUnknown Style = iota
+	// StyleInParams sends client info in the body of a POST request.
+	StyleInParams
+	// StyleInHeader sends client info using Basic Authorization header.
+	StyleInHeader
+)
+
+// Options2LO is the configuration settings for doing a 2-legged JWT OAuth2 flow.
+type Options2LO struct {
+	// Email is the OAuth2 client ID. This value is set as the "iss" in the
+	// JWT.
+	Email string
+	// PrivateKey contains the contents of an RSA private key or the
+	// contents of a PEM file that contains a private key. It is used to sign
+	// the JWT created.
+	PrivateKey []byte
+	// TokenURL is th URL the JWT is sent to. Required.
+	TokenURL string
+	// PrivateKeyID is the ID of the key used to sign the JWT. It is used as the
+	// "kid" in the JWT header. Optional.
+	PrivateKeyID string
+	// Subject is the used for to impersonate a user. It is used as the "sub" in
+	// the JWT.m Optional.
+	Subject string
+	// Scopes specifies requested permissions for the token. Optional.
+	Scopes []string
+	// Expires specifies the lifetime of the token. Optional.
+	Expires time.Duration
+	// Audience specifies the "aud" in the JWT. Optional.
+	Audience string
+	// PrivateClaims allows specifying any custom claims for the JWT. Optional.
+	PrivateClaims map[string]interface{}
+
+	// Client is the client to be used to make the underlying token requests.
+	// Optional.
+	Client *http.Client
+	// UseIDToken requests that the token returned be an ID token if one is
+	// returned from the server. Optional.
+	UseIDToken bool
+}
+
+func (o *Options2LO) client() *http.Client {
+	if o.Client != nil {
+		return o.Client
+	}
+	return internal.CloneDefaultClient()
+}
+
+func (o *Options2LO) validate() error {
+	if o == nil {
+		return errors.New("auth: options must be provided")
+	}
+	if o.Email == "" {
+		return errors.New("auth: email must be provided")
+	}
+	if len(o.PrivateKey) == 0 {
+		return errors.New("auth: private key must be provided")
+	}
+	if o.TokenURL == "" {
+		return errors.New("auth: token URL must be provided")
+	}
+	return nil
+}
+
+// New2LOTokenProvider returns a [TokenProvider] from the provided options.
+func New2LOTokenProvider(opts *Options2LO) (TokenProvider, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+	return tokenProvider2LO{opts: opts, Client: opts.client()}, nil
+}
+
+type tokenProvider2LO struct {
+	opts   *Options2LO
+	Client *http.Client
+}
+
+func (tp tokenProvider2LO) Token(ctx context.Context) (*Token, error) {
+	pk, err := internal.ParseKey(tp.opts.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+	claimSet := &jwt.Claims{
+		Iss:              tp.opts.Email,
+		Scope:            strings.Join(tp.opts.Scopes, " "),
+		Aud:              tp.opts.TokenURL,
+		AdditionalClaims: tp.opts.PrivateClaims,
+		Sub:              tp.opts.Subject,
+	}
+	if t := tp.opts.Expires; t > 0 {
+		claimSet.Exp = time.Now().Add(t).Unix()
+	}
+	if aud := tp.opts.Audience; aud != "" {
+		claimSet.Aud = aud
+	}
+	h := *defaultHeader
+	h.KeyID = tp.opts.PrivateKeyID
+	payload, err := jwt.EncodeJWS(&h, claimSet, pk)
+	if err != nil {
+		return nil, err
+	}
+	v := url.Values{}
+	v.Set("grant_type", defaultGrantType)
+	v.Set("assertion", payload)
+	resp, err := tp.Client.PostForm(tp.opts.TokenURL, v)
+	if err != nil {
+		return nil, fmt.Errorf("auth: cannot fetch token: %w", err)
+	}
+	defer resp.Body.Close()
+	body, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("auth: cannot fetch token: %w", err)
+	}
+	if c := resp.StatusCode; c < http.StatusOK || c >= http.StatusMultipleChoices {
+		return nil, &Error{
+			Response: resp,
+			Body:     body,
+		}
+	}
+	// tokenRes is the JSON response body.
+	var tokenRes struct {
+		AccessToken string `json:"access_token"`
+		TokenType   string `json:"token_type"`
+		IDToken     string `json:"id_token"`
+		ExpiresIn   int64  `json:"expires_in"`
+	}
+	if err := json.Unmarshal(body, &tokenRes); err != nil {
+		return nil, fmt.Errorf("auth: cannot fetch token: %w", err)
+	}
+	token := &Token{
+		Value: tokenRes.AccessToken,
+		Type:  tokenRes.TokenType,
+	}
+	token.Metadata = make(map[string]interface{})
+	json.Unmarshal(body, &token.Metadata) // no error checks for optional fields
+
+	if secs := tokenRes.ExpiresIn; secs > 0 {
+		token.Expiry = time.Now().Add(time.Duration(secs) * time.Second)
+	}
+	if v := tokenRes.IDToken; v != "" {
+		// decode returned id token to get expiry
+		claimSet, err := jwt.DecodeJWS(v)
+		if err != nil {
+			return nil, fmt.Errorf("auth: error decoding JWT token: %w", err)
+		}
+		token.Expiry = time.Unix(claimSet.Exp, 0)
+	}
+	if tp.opts.UseIDToken {
+		if tokenRes.IDToken == "" {
+			return nil, fmt.Errorf("auth: response doesn't have JWT token")
+		}
+		token.Value = tokenRes.IDToken
+	}
+	return token, nil
+}

vendor/cloud.google.com/go/auth/credentials/compute.go

@@ -0,0 +1,86 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credentials
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/compute/metadata"
+)
+
+var (
+	computeTokenMetadata = map[string]interface{}{
+		"auth.google.tokenSource":    "compute-metadata",
+		"auth.google.serviceAccount": "default",
+	}
+	computeTokenURI = "instance/service-accounts/default/token"
+)
+
+// computeTokenProvider creates a [cloud.google.com/go/auth.TokenProvider] that
+// uses the metadata service to retrieve tokens.
+func computeTokenProvider(opts *DetectOptions) auth.TokenProvider {
+	return auth.NewCachedTokenProvider(computeProvider{scopes: opts.Scopes}, &auth.CachedTokenProviderOptions{
+		ExpireEarly:         opts.EarlyTokenRefresh,
+		DisableAsyncRefresh: opts.DisableAsyncRefresh,
+	})
+}
+
+// computeProvider fetches tokens from the google cloud metadata service.
+type computeProvider struct {
+	scopes []string
+}
+
+type metadataTokenResp struct {
+	AccessToken  string `json:"access_token"`
+	ExpiresInSec int    `json:"expires_in"`
+	TokenType    string `json:"token_type"`
+}
+
+func (cs computeProvider) Token(ctx context.Context) (*auth.Token, error) {
+	tokenURI, err := url.Parse(computeTokenURI)
+	if err != nil {
+		return nil, err
+	}
+	if len(cs.scopes) > 0 {
+		v := url.Values{}
+		v.Set("scopes", strings.Join(cs.scopes, ","))
+		tokenURI.RawQuery = v.Encode()
+	}
+	tokenJSON, err := metadata.GetWithContext(ctx, tokenURI.String())
+	if err != nil {
+		return nil, fmt.Errorf("credentials: cannot fetch token: %w", err)
+	}
+	var res metadataTokenResp
+	if err := json.NewDecoder(strings.NewReader(tokenJSON)).Decode(&res); err != nil {
+		return nil, fmt.Errorf("credentials: invalid token JSON from metadata: %w", err)
+	}
+	if res.ExpiresInSec == 0 || res.AccessToken == "" {
+		return nil, errors.New("credentials: incomplete token received from metadata")
+	}
+	return &auth.Token{
+		Value:    res.AccessToken,
+		Type:     res.TokenType,
+		Expiry:   time.Now().Add(time.Duration(res.ExpiresInSec) * time.Second),
+		Metadata: computeTokenMetadata,
+	}, nil
+
+}

vendor/cloud.google.com/go/auth/credentials/detect.go

@@ -0,0 +1,259 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credentials
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"os"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/credsfile"
+	"cloud.google.com/go/compute/metadata"
+)
+
+const (
+	// jwtTokenURL is Google's OAuth 2.0 token URL to use with the JWT(2LO) flow.
+	jwtTokenURL = "https://oauth2.googleapis.com/token"
+
+	// Google's OAuth 2.0 default endpoints.
+	googleAuthURL  = "https://accounts.google.com/o/oauth2/auth"
+	googleTokenURL = "https://oauth2.googleapis.com/token"
+
+	// Help on default credentials
+	adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+)
+
+var (
+	// for testing
+	allowOnGCECheck = true
+)
+
+// OnGCE reports whether this process is running in Google Cloud.
+func OnGCE() bool {
+	// TODO(codyoss): once all libs use this auth lib move metadata check here
+	return allowOnGCECheck && metadata.OnGCE()
+}
+
+// DetectDefault searches for "Application Default Credentials" and returns
+// a credential based on the [DetectOptions] provided.
+//
+// It looks for credentials in the following places, preferring the first
+// location found:
+//
+//   - A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS
+//     environment variable. For workload identity federation, refer to
+//     https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation
+//     on how to generate the JSON configuration file for on-prem/non-Google
+//     cloud platforms.
+//   - A JSON file in a location known to the gcloud command-line tool. On
+//     Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On
+//     other systems, $HOME/.config/gcloud/application_default_credentials.json.
+//   - On Google Compute Engine, Google App Engine standard second generation
+//     runtimes, and Google App Engine flexible environment, it fetches
+//     credentials from the metadata server.
+func DetectDefault(opts *DetectOptions) (*auth.Credentials, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+	if opts.CredentialsJSON != nil {
+		return readCredentialsFileJSON(opts.CredentialsJSON, opts)
+	}
+	if opts.CredentialsFile != "" {
+		return readCredentialsFile(opts.CredentialsFile, opts)
+	}
+	if filename := os.Getenv(credsfile.GoogleAppCredsEnvVar); filename != "" {
+		creds, err := readCredentialsFile(filename, opts)
+		if err != nil {
+			return nil, err
+		}
+		return creds, nil
+	}
+
+	fileName := credsfile.GetWellKnownFileName()
+	if b, err := os.ReadFile(fileName); err == nil {
+		return readCredentialsFileJSON(b, opts)
+	}
+
+	if OnGCE() {
+		return auth.NewCredentials(&auth.CredentialsOptions{
+			TokenProvider: computeTokenProvider(opts),
+			ProjectIDProvider: auth.CredentialsPropertyFunc(func(context.Context) (string, error) {
+				return metadata.ProjectID()
+			}),
+			UniverseDomainProvider: &internal.ComputeUniverseDomainProvider{},
+		}), nil
+	}
+
+	return nil, fmt.Errorf("credentials: could not find default credentials. See %v for more information", adcSetupURL)
+}
+
+// DetectOptions provides configuration for [DetectDefault].
+type DetectOptions struct {
+	// Scopes that credentials tokens should have. Example:
+	// https://www.googleapis.com/auth/cloud-platform. Required if Audience is
+	// not provided.
+	Scopes []string
+	// Audience that credentials tokens should have. Only applicable for 2LO
+	// flows with service accounts. If specified, scopes should not be provided.
+	Audience string
+	// Subject is the user email used for [domain wide delegation](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority).
+	// Optional.
+	Subject string
+	// EarlyTokenRefresh configures how early before a token expires that it
+	// should be refreshed. Once the token’s time until expiration has entered
+	// this refresh window the token is considered valid but stale. If unset,
+	// the default value is 3 minutes and 45 seconds. Optional.
+	EarlyTokenRefresh time.Duration
+	// DisableAsyncRefresh configures a synchronous workflow that refreshes
+	// stale tokens while blocking. The default is false. Optional.
+	DisableAsyncRefresh bool
+	// AuthHandlerOptions configures an authorization handler and other options
+	// for 3LO flows. It is required, and only used, for client credential
+	// flows.
+	AuthHandlerOptions *auth.AuthorizationHandlerOptions
+	// TokenURL allows to set the token endpoint for user credential flows. If
+	// unset the default value is: https://oauth2.googleapis.com/token.
+	// Optional.
+	TokenURL string
+	// STSAudience is the audience sent to when retrieving an STS token.
+	// Currently this only used for GDCH auth flow, for which it is required.
+	STSAudience string
+	// CredentialsFile overrides detection logic and sources a credential file
+	// from the provided filepath. If provided, CredentialsJSON must not be.
+	// Optional.
+	CredentialsFile string
+	// CredentialsJSON overrides detection logic and uses the JSON bytes as the
+	// source for the credential. If provided, CredentialsFile must not be.
+	// Optional.
+	CredentialsJSON []byte
+	// UseSelfSignedJWT directs service account based credentials to create a
+	// self-signed JWT with the private key found in the file, skipping any
+	// network requests that would normally be made. Optional.
+	UseSelfSignedJWT bool
+	// Client configures the underlying client used to make network requests
+	// when fetching tokens. Optional.
+	Client *http.Client
+	// UniverseDomain is the default service domain for a given Cloud universe.
+	// The default value is "googleapis.com". This option is ignored for
+	// authentication flows that do not support universe domain. Optional.
+	UniverseDomain string
+}
+
+func (o *DetectOptions) validate() error {
+	if o == nil {
+		return errors.New("credentials: options must be provided")
+	}
+	if len(o.Scopes) > 0 && o.Audience != "" {
+		return errors.New("credentials: both scopes and audience were provided")
+	}
+	if len(o.CredentialsJSON) > 0 && o.CredentialsFile != "" {
+		return errors.New("credentials: both credentials file and JSON were provided")
+	}
+	return nil
+}
+
+func (o *DetectOptions) tokenURL() string {
+	if o.TokenURL != "" {
+		return o.TokenURL
+	}
+	return googleTokenURL
+}
+
+func (o *DetectOptions) scopes() []string {
+	scopes := make([]string, len(o.Scopes))
+	copy(scopes, o.Scopes)
+	return scopes
+}
+
+func (o *DetectOptions) client() *http.Client {
+	if o.Client != nil {
+		return o.Client
+	}
+	return internal.CloneDefaultClient()
+}
+
+func readCredentialsFile(filename string, opts *DetectOptions) (*auth.Credentials, error) {
+	b, err := os.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	return readCredentialsFileJSON(b, opts)
+}
+
+func readCredentialsFileJSON(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
+	// attempt to parse jsonData as a Google Developers Console client_credentials.json.
+	config := clientCredConfigFromJSON(b, opts)
+	if config != nil {
+		if config.AuthHandlerOpts == nil {
+			return nil, errors.New("credentials: auth handler must be specified for this credential filetype")
+		}
+		tp, err := auth.New3LOTokenProvider(config)
+		if err != nil {
+			return nil, err
+		}
+		return auth.NewCredentials(&auth.CredentialsOptions{
+			TokenProvider: tp,
+			JSON:          b,
+		}), nil
+	}
+	return fileCredentials(b, opts)
+}
+
+func clientCredConfigFromJSON(b []byte, opts *DetectOptions) *auth.Options3LO {
+	var creds credsfile.ClientCredentialsFile
+	var c *credsfile.Config3LO
+	if err := json.Unmarshal(b, &creds); err != nil {
+		return nil
+	}
+	switch {
+	case creds.Web != nil:
+		c = creds.Web
+	case creds.Installed != nil:
+		c = creds.Installed
+	default:
+		return nil
+	}
+	if len(c.RedirectURIs) < 1 {
+		return nil
+	}
+	var handleOpts *auth.AuthorizationHandlerOptions
+	if opts.AuthHandlerOptions != nil {
+		handleOpts = &auth.AuthorizationHandlerOptions{
+			Handler:  opts.AuthHandlerOptions.Handler,
+			State:    opts.AuthHandlerOptions.State,
+			PKCEOpts: opts.AuthHandlerOptions.PKCEOpts,
+		}
+	}
+	return &auth.Options3LO{
+		ClientID:         c.ClientID,
+		ClientSecret:     c.ClientSecret,
+		RedirectURL:      c.RedirectURIs[0],
+		Scopes:           opts.scopes(),
+		AuthURL:          c.AuthURI,
+		TokenURL:         c.TokenURI,
+		Client:           opts.client(),
+		EarlyTokenExpiry: opts.EarlyTokenRefresh,
+		AuthHandlerOpts:  handleOpts,
+		// TODO(codyoss): refactor this out. We need to add in auto-detection
+		// for this use case.
+		AuthStyle: auth.StyleInParams,
+	}
+}

vendor/cloud.google.com/go/auth/credentials/doc.go

@@ -0,0 +1,45 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package credentials provides support for making OAuth2 authorized and
+// authenticated HTTP requests to Google APIs. It supports the Web server flow,
+// client-side credentials, service accounts, Google Compute Engine service
+// accounts, Google App Engine service accounts and workload identity federation
+// from non-Google cloud platforms.
+//
+// A brief overview of the package follows. For more information, please read
+// https://developers.google.com/accounts/docs/OAuth2
+// and
+// https://developers.google.com/accounts/docs/application-default-credentials.
+// For more information on using workload identity federation, refer to
+// https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation.
+//
+// # Credentials
+//
+// The [cloud.google.com/go/auth.Credentials] type represents Google
+// credentials, including Application Default Credentials.
+//
+// Use [DetectDefault] to obtain Application Default Credentials.
+//
+// Application Default Credentials support workload identity federation to
+// access Google Cloud resources from non-Google Cloud platforms including Amazon
+// Web Services (AWS), Microsoft Azure or any identity provider that supports
+// OpenID Connect (OIDC). Workload identity federation is recommended for
+// non-Google Cloud environments as it avoids the need to download, manage, and
+// store service account private keys locally.
+//
+// # Workforce Identity Federation
+//
+// For more information on this feature see [cloud.google.com/go/auth/credentials/externalaccount].
+package credentials

vendor/cloud.google.com/go/auth/credentials/filetypes.go

@@ -0,0 +1,221 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credentials
+
+import (
+	"errors"
+	"fmt"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/credentials/internal/externalaccount"
+	"cloud.google.com/go/auth/credentials/internal/externalaccountuser"
+	"cloud.google.com/go/auth/credentials/internal/gdch"
+	"cloud.google.com/go/auth/credentials/internal/impersonate"
+	internalauth "cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/credsfile"
+)
+
+func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
+	fileType, err := credsfile.ParseFileType(b)
+	if err != nil {
+		return nil, err
+	}
+
+	var projectID, quotaProjectID, universeDomain string
+	var tp auth.TokenProvider
+	switch fileType {
+	case credsfile.ServiceAccountKey:
+		f, err := credsfile.ParseServiceAccount(b)
+		if err != nil {
+			return nil, err
+		}
+		tp, err = handleServiceAccount(f, opts)
+		if err != nil {
+			return nil, err
+		}
+		projectID = f.ProjectID
+		universeDomain = resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain)
+	case credsfile.UserCredentialsKey:
+		f, err := credsfile.ParseUserCredentials(b)
+		if err != nil {
+			return nil, err
+		}
+		tp, err = handleUserCredential(f, opts)
+		if err != nil {
+			return nil, err
+		}
+		quotaProjectID = f.QuotaProjectID
+		universeDomain = f.UniverseDomain
+	case credsfile.ExternalAccountKey:
+		f, err := credsfile.ParseExternalAccount(b)
+		if err != nil {
+			return nil, err
+		}
+		tp, err = handleExternalAccount(f, opts)
+		if err != nil {
+			return nil, err
+		}
+		quotaProjectID = f.QuotaProjectID
+		universeDomain = resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain)
+	case credsfile.ExternalAccountAuthorizedUserKey:
+		f, err := credsfile.ParseExternalAccountAuthorizedUser(b)
+		if err != nil {
+			return nil, err
+		}
+		tp, err = handleExternalAccountAuthorizedUser(f, opts)
+		if err != nil {
+			return nil, err
+		}
+		quotaProjectID = f.QuotaProjectID
+		universeDomain = f.UniverseDomain
+	case credsfile.ImpersonatedServiceAccountKey:
+		f, err := credsfile.ParseImpersonatedServiceAccount(b)
+		if err != nil {
+			return nil, err
+		}
+		tp, err = handleImpersonatedServiceAccount(f, opts)
+		if err != nil {
+			return nil, err
+		}
+		universeDomain = resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain)
+	case credsfile.GDCHServiceAccountKey:
+		f, err := credsfile.ParseGDCHServiceAccount(b)
+		if err != nil {
+			return nil, err
+		}
+		tp, err = handleGDCHServiceAccount(f, opts)
+		if err != nil {
+			return nil, err
+		}
+		projectID = f.Project
+		universeDomain = f.UniverseDomain
+	default:
+		return nil, fmt.Errorf("credentials: unsupported filetype %q", fileType)
+	}
+	return auth.NewCredentials(&auth.CredentialsOptions{
+		TokenProvider: auth.NewCachedTokenProvider(tp, &auth.CachedTokenProviderOptions{
+			ExpireEarly: opts.EarlyTokenRefresh,
+		}),
+		JSON:                   b,
+		ProjectIDProvider:      internalauth.StaticCredentialsProperty(projectID),
+		QuotaProjectIDProvider: internalauth.StaticCredentialsProperty(quotaProjectID),
+		UniverseDomainProvider: internalauth.StaticCredentialsProperty(universeDomain),
+	}), nil
+}
+
+// resolveUniverseDomain returns optsUniverseDomain if non-empty, in order to
+// support configuring universe-specific credentials in code. Auth flows
+// unsupported for universe domain should not use this func, but should instead
+// simply set the file universe domain on the credentials.
+func resolveUniverseDomain(optsUniverseDomain, fileUniverseDomain string) string {
+	if optsUniverseDomain != "" {
+		return optsUniverseDomain
+	}
+	return fileUniverseDomain
+}
+
+func handleServiceAccount(f *credsfile.ServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	if opts.UseSelfSignedJWT {
+		return configureSelfSignedJWT(f, opts)
+	}
+	opts2LO := &auth.Options2LO{
+		Email:        f.ClientEmail,
+		PrivateKey:   []byte(f.PrivateKey),
+		PrivateKeyID: f.PrivateKeyID,
+		Scopes:       opts.scopes(),
+		TokenURL:     f.TokenURL,
+		Subject:      opts.Subject,
+		Client:       opts.client(),
+	}
+	if opts2LO.TokenURL == "" {
+		opts2LO.TokenURL = jwtTokenURL
+	}
+	return auth.New2LOTokenProvider(opts2LO)
+}
+
+func handleUserCredential(f *credsfile.UserCredentialsFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	opts3LO := &auth.Options3LO{
+		ClientID:         f.ClientID,
+		ClientSecret:     f.ClientSecret,
+		Scopes:           opts.scopes(),
+		AuthURL:          googleAuthURL,
+		TokenURL:         opts.tokenURL(),
+		AuthStyle:        auth.StyleInParams,
+		EarlyTokenExpiry: opts.EarlyTokenRefresh,
+		RefreshToken:     f.RefreshToken,
+		Client:           opts.client(),
+	}
+	return auth.New3LOTokenProvider(opts3LO)
+}
+
+func handleExternalAccount(f *credsfile.ExternalAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	externalOpts := &externalaccount.Options{
+		Audience:                       f.Audience,
+		SubjectTokenType:               f.SubjectTokenType,
+		TokenURL:                       f.TokenURL,
+		TokenInfoURL:                   f.TokenInfoURL,
+		ServiceAccountImpersonationURL: f.ServiceAccountImpersonationURL,
+		ClientSecret:                   f.ClientSecret,
+		ClientID:                       f.ClientID,
+		CredentialSource:               f.CredentialSource,
+		QuotaProjectID:                 f.QuotaProjectID,
+		Scopes:                         opts.scopes(),
+		WorkforcePoolUserProject:       f.WorkforcePoolUserProject,
+		Client:                         opts.client(),
+	}
+	if f.ServiceAccountImpersonation != nil {
+		externalOpts.ServiceAccountImpersonationLifetimeSeconds = f.ServiceAccountImpersonation.TokenLifetimeSeconds
+	}
+	return externalaccount.NewTokenProvider(externalOpts)
+}
+
+func handleExternalAccountAuthorizedUser(f *credsfile.ExternalAccountAuthorizedUserFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	externalOpts := &externalaccountuser.Options{
+		Audience:     f.Audience,
+		RefreshToken: f.RefreshToken,
+		TokenURL:     f.TokenURL,
+		TokenInfoURL: f.TokenInfoURL,
+		ClientID:     f.ClientID,
+		ClientSecret: f.ClientSecret,
+		Scopes:       opts.scopes(),
+		Client:       opts.client(),
+	}
+	return externalaccountuser.NewTokenProvider(externalOpts)
+}
+
+func handleImpersonatedServiceAccount(f *credsfile.ImpersonatedServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	if f.ServiceAccountImpersonationURL == "" || f.CredSource == nil {
+		return nil, errors.New("missing 'source_credentials' field or 'service_account_impersonation_url' in credentials")
+	}
+
+	tp, err := fileCredentials(f.CredSource, opts)
+	if err != nil {
+		return nil, err
+	}
+	return impersonate.NewTokenProvider(&impersonate.Options{
+		URL:       f.ServiceAccountImpersonationURL,
+		Scopes:    opts.scopes(),
+		Tp:        tp,
+		Delegates: f.Delegates,
+		Client:    opts.client(),
+	})
+}
+
+func handleGDCHServiceAccount(f *credsfile.GDCHServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	return gdch.NewTokenProvider(f, &gdch.Options{
+		STSAudience: opts.STSAudience,
+		Client:      opts.client(),
+	})
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/aws_provider.go

@@ -0,0 +1,547 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import (
+	"bytes"
+	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"sort"
+	"strings"
+	"time"
+
+	"cloud.google.com/go/auth/internal"
+)
+
+var (
+	// getenv aliases os.Getenv for testing
+	getenv = os.Getenv
+)
+
+const (
+	// AWS Signature Version 4 signing algorithm identifier.
+	awsAlgorithm = "AWS4-HMAC-SHA256"
+
+	// The termination string for the AWS credential scope value as defined in
+	// https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
+	awsRequestType = "aws4_request"
+
+	// The AWS authorization header name for the security session token if available.
+	awsSecurityTokenHeader = "x-amz-security-token"
+
+	// The name of the header containing the session token for metadata endpoint calls
+	awsIMDSv2SessionTokenHeader = "X-aws-ec2-metadata-token"
+
+	awsIMDSv2SessionTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds"
+
+	awsIMDSv2SessionTTL = "300"
+
+	// The AWS authorization header name for the auto-generated date.
+	awsDateHeader = "x-amz-date"
+
+	defaultRegionalCredentialVerificationURL = "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15"
+
+	// Supported AWS configuration environment variables.
+	awsAccessKeyIDEnvVar     = "AWS_ACCESS_KEY_ID"
+	awsDefaultRegionEnvVar   = "AWS_DEFAULT_REGION"
+	awsRegionEnvVar          = "AWS_REGION"
+	awsSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY"
+	awsSessionTokenEnvVar    = "AWS_SESSION_TOKEN"
+
+	awsTimeFormatLong  = "20060102T150405Z"
+	awsTimeFormatShort = "20060102"
+	awsProviderType    = "aws"
+)
+
+type awsSubjectProvider struct {
+	EnvironmentID               string
+	RegionURL                   string
+	RegionalCredVerificationURL string
+	CredVerificationURL         string
+	IMDSv2SessionTokenURL       string
+	TargetResource              string
+	requestSigner               *awsRequestSigner
+	region                      string
+	securityCredentialsProvider AwsSecurityCredentialsProvider
+	reqOpts                     *RequestOptions
+
+	Client *http.Client
+}
+
+func (sp *awsSubjectProvider) subjectToken(ctx context.Context) (string, error) {
+	// Set Defaults
+	if sp.RegionalCredVerificationURL == "" {
+		sp.RegionalCredVerificationURL = defaultRegionalCredentialVerificationURL
+	}
+	if sp.requestSigner == nil {
+		headers := make(map[string]string)
+		if sp.shouldUseMetadataServer() {
+			awsSessionToken, err := sp.getAWSSessionToken(ctx)
+			if err != nil {
+				return "", err
+			}
+
+			if awsSessionToken != "" {
+				headers[awsIMDSv2SessionTokenHeader] = awsSessionToken
+			}
+		}
+
+		awsSecurityCredentials, err := sp.getSecurityCredentials(ctx, headers)
+		if err != nil {
+			return "", err
+		}
+		if sp.region, err = sp.getRegion(ctx, headers); err != nil {
+			return "", err
+		}
+		sp.requestSigner = &awsRequestSigner{
+			RegionName:             sp.region,
+			AwsSecurityCredentials: awsSecurityCredentials,
+		}
+	}
+
+	// Generate the signed request to AWS STS GetCallerIdentity API.
+	// Use the required regional endpoint. Otherwise, the request will fail.
+	req, err := http.NewRequest("POST", strings.Replace(sp.RegionalCredVerificationURL, "{region}", sp.region, 1), nil)
+	if err != nil {
+		return "", err
+	}
+	// The full, canonical resource name of the workload identity pool
+	// provider, with or without the HTTPS prefix.
+	// Including this header as part of the signature is recommended to
+	// ensure data integrity.
+	if sp.TargetResource != "" {
+		req.Header.Set("x-goog-cloud-target-resource", sp.TargetResource)
+	}
+	sp.requestSigner.signRequest(req)
+
+	/*
+	   The GCP STS endpoint expects the headers to be formatted as:
+	   # [
+	   #   {key: 'x-amz-date', value: '...'},
+	   #   {key: 'Authorization', value: '...'},
+	   #   ...
+	   # ]
+	   # And then serialized as:
+	   # quote(json.dumps({
+	   #   url: '...',
+	   #   method: 'POST',
+	   #   headers: [{key: 'x-amz-date', value: '...'}, ...]
+	   # }))
+	*/
+
+	awsSignedReq := awsRequest{
+		URL:    req.URL.String(),
+		Method: "POST",
+	}
+	for headerKey, headerList := range req.Header {
+		for _, headerValue := range headerList {
+			awsSignedReq.Headers = append(awsSignedReq.Headers, awsRequestHeader{
+				Key:   headerKey,
+				Value: headerValue,
+			})
+		}
+	}
+	sort.Slice(awsSignedReq.Headers, func(i, j int) bool {
+		headerCompare := strings.Compare(awsSignedReq.Headers[i].Key, awsSignedReq.Headers[j].Key)
+		if headerCompare == 0 {
+			return strings.Compare(awsSignedReq.Headers[i].Value, awsSignedReq.Headers[j].Value) < 0
+		}
+		return headerCompare < 0
+	})
+
+	result, err := json.Marshal(awsSignedReq)
+	if err != nil {
+		return "", err
+	}
+	return url.QueryEscape(string(result)), nil
+}
+
+func (sp *awsSubjectProvider) providerType() string {
+	if sp.securityCredentialsProvider != nil {
+		return programmaticProviderType
+	}
+	return awsProviderType
+}
+
+func (sp *awsSubjectProvider) getAWSSessionToken(ctx context.Context) (string, error) {
+	if sp.IMDSv2SessionTokenURL == "" {
+		return "", nil
+	}
+	req, err := http.NewRequestWithContext(ctx, "PUT", sp.IMDSv2SessionTokenURL, nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set(awsIMDSv2SessionTTLHeader, awsIMDSv2SessionTTL)
+
+	resp, err := sp.Client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("credentials: unable to retrieve AWS session token: %s", respBody)
+	}
+	return string(respBody), nil
+}
+
+func (sp *awsSubjectProvider) getRegion(ctx context.Context, headers map[string]string) (string, error) {
+	if sp.securityCredentialsProvider != nil {
+		return sp.securityCredentialsProvider.AwsRegion(ctx, sp.reqOpts)
+	}
+	if canRetrieveRegionFromEnvironment() {
+		if envAwsRegion := getenv(awsRegionEnvVar); envAwsRegion != "" {
+			return envAwsRegion, nil
+		}
+		return getenv(awsDefaultRegionEnvVar), nil
+	}
+
+	if sp.RegionURL == "" {
+		return "", errors.New("credentials: unable to determine AWS region")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "GET", sp.RegionURL, nil)
+	if err != nil {
+		return "", err
+	}
+
+	for name, value := range headers {
+		req.Header.Add(name, value)
+	}
+
+	resp, err := sp.Client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("credentials: unable to retrieve AWS region - %s", respBody)
+	}
+
+	// This endpoint will return the region in format: us-east-2b.
+	// Only the us-east-2 part should be used.
+	bodyLen := len(respBody)
+	if bodyLen == 0 {
+		return "", nil
+	}
+	return string(respBody[:bodyLen-1]), nil
+}
+
+func (sp *awsSubjectProvider) getSecurityCredentials(ctx context.Context, headers map[string]string) (result *AwsSecurityCredentials, err error) {
+	if sp.securityCredentialsProvider != nil {
+		return sp.securityCredentialsProvider.AwsSecurityCredentials(ctx, sp.reqOpts)
+	}
+	if canRetrieveSecurityCredentialFromEnvironment() {
+		return &AwsSecurityCredentials{
+			AccessKeyID:     getenv(awsAccessKeyIDEnvVar),
+			SecretAccessKey: getenv(awsSecretAccessKeyEnvVar),
+			SessionToken:    getenv(awsSessionTokenEnvVar),
+		}, nil
+	}
+
+	roleName, err := sp.getMetadataRoleName(ctx, headers)
+	if err != nil {
+		return
+	}
+	credentials, err := sp.getMetadataSecurityCredentials(ctx, roleName, headers)
+	if err != nil {
+		return
+	}
+
+	if credentials.AccessKeyID == "" {
+		return result, errors.New("credentials: missing AccessKeyId credential")
+	}
+	if credentials.SecretAccessKey == "" {
+		return result, errors.New("credentials: missing SecretAccessKey credential")
+	}
+
+	return credentials, nil
+}
+
+func (sp *awsSubjectProvider) getMetadataSecurityCredentials(ctx context.Context, roleName string, headers map[string]string) (*AwsSecurityCredentials, error) {
+	var result *AwsSecurityCredentials
+
+	req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/%s", sp.CredVerificationURL, roleName), nil)
+	if err != nil {
+		return result, err
+	}
+	for name, value := range headers {
+		req.Header.Add(name, value)
+	}
+
+	resp, err := sp.Client.Do(req)
+	if err != nil {
+		return result, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return result, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return result, fmt.Errorf("credentials: unable to retrieve AWS security credentials - %s", respBody)
+	}
+	err = json.Unmarshal(respBody, &result)
+	return result, err
+}
+
+func (sp *awsSubjectProvider) getMetadataRoleName(ctx context.Context, headers map[string]string) (string, error) {
+	if sp.CredVerificationURL == "" {
+		return "", errors.New("credentials: unable to determine the AWS metadata server security credentials endpoint")
+	}
+	req, err := http.NewRequestWithContext(ctx, "GET", sp.CredVerificationURL, nil)
+	if err != nil {
+		return "", err
+	}
+	for name, value := range headers {
+		req.Header.Add(name, value)
+	}
+
+	resp, err := sp.Client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("credentials: unable to retrieve AWS role name - %s", respBody)
+	}
+	return string(respBody), nil
+}
+
+// awsRequestSigner is a utility class to sign http requests using a AWS V4 signature.
+type awsRequestSigner struct {
+	RegionName             string
+	AwsSecurityCredentials *AwsSecurityCredentials
+}
+
+// signRequest adds the appropriate headers to an http.Request
+// or returns an error if something prevented this.
+func (rs *awsRequestSigner) signRequest(req *http.Request) error {
+	// req is assumed non-nil
+	signedRequest := cloneRequest(req)
+	timestamp := Now()
+	signedRequest.Header.Set("host", requestHost(req))
+	if rs.AwsSecurityCredentials.SessionToken != "" {
+		signedRequest.Header.Set(awsSecurityTokenHeader, rs.AwsSecurityCredentials.SessionToken)
+	}
+	if signedRequest.Header.Get("date") == "" {
+		signedRequest.Header.Set(awsDateHeader, timestamp.Format(awsTimeFormatLong))
+	}
+	authorizationCode, err := rs.generateAuthentication(signedRequest, timestamp)
+	if err != nil {
+		return err
+	}
+	signedRequest.Header.Set("Authorization", authorizationCode)
+	req.Header = signedRequest.Header
+	return nil
+}
+
+func (rs *awsRequestSigner) generateAuthentication(req *http.Request, timestamp time.Time) (string, error) {
+	canonicalHeaderColumns, canonicalHeaderData := canonicalHeaders(req)
+	dateStamp := timestamp.Format(awsTimeFormatShort)
+	serviceName := ""
+
+	if splitHost := strings.Split(requestHost(req), "."); len(splitHost) > 0 {
+		serviceName = splitHost[0]
+	}
+	credentialScope := strings.Join([]string{dateStamp, rs.RegionName, serviceName, awsRequestType}, "/")
+	requestString, err := canonicalRequest(req, canonicalHeaderColumns, canonicalHeaderData)
+	if err != nil {
+		return "", err
+	}
+	requestHash, err := getSha256([]byte(requestString))
+	if err != nil {
+		return "", err
+	}
+
+	stringToSign := strings.Join([]string{awsAlgorithm, timestamp.Format(awsTimeFormatLong), credentialScope, requestHash}, "\n")
+	signingKey := []byte("AWS4" + rs.AwsSecurityCredentials.SecretAccessKey)
+	for _, signingInput := range []string{
+		dateStamp, rs.RegionName, serviceName, awsRequestType, stringToSign,
+	} {
+		signingKey, err = getHmacSha256(signingKey, []byte(signingInput))
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return fmt.Sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", awsAlgorithm, rs.AwsSecurityCredentials.AccessKeyID, credentialScope, canonicalHeaderColumns, hex.EncodeToString(signingKey)), nil
+}
+
+func getSha256(input []byte) (string, error) {
+	hash := sha256.New()
+	if _, err := hash.Write(input); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(hash.Sum(nil)), nil
+}
+
+func getHmacSha256(key, input []byte) ([]byte, error) {
+	hash := hmac.New(sha256.New, key)
+	if _, err := hash.Write(input); err != nil {
+		return nil, err
+	}
+	return hash.Sum(nil), nil
+}
+
+func cloneRequest(r *http.Request) *http.Request {
+	r2 := new(http.Request)
+	*r2 = *r
+	if r.Header != nil {
+		r2.Header = make(http.Header, len(r.Header))
+
+		// Find total number of values.
+		headerCount := 0
+		for _, headerValues := range r.Header {
+			headerCount += len(headerValues)
+		}
+		copiedHeaders := make([]string, headerCount) // shared backing array for headers' values
+
+		for headerKey, headerValues := range r.Header {
+			headerCount = copy(copiedHeaders, headerValues)
+			r2.Header[headerKey] = copiedHeaders[:headerCount:headerCount]
+			copiedHeaders = copiedHeaders[headerCount:]
+		}
+	}
+	return r2
+}
+
+func canonicalPath(req *http.Request) string {
+	result := req.URL.EscapedPath()
+	if result == "" {
+		return "/"
+	}
+	return path.Clean(result)
+}
+
+func canonicalQuery(req *http.Request) string {
+	queryValues := req.URL.Query()
+	for queryKey := range queryValues {
+		sort.Strings(queryValues[queryKey])
+	}
+	return queryValues.Encode()
+}
+
+func canonicalHeaders(req *http.Request) (string, string) {
+	// Header keys need to be sorted alphabetically.
+	var headers []string
+	lowerCaseHeaders := make(http.Header)
+	for k, v := range req.Header {
+		k := strings.ToLower(k)
+		if _, ok := lowerCaseHeaders[k]; ok {
+			// include additional values
+			lowerCaseHeaders[k] = append(lowerCaseHeaders[k], v...)
+		} else {
+			headers = append(headers, k)
+			lowerCaseHeaders[k] = v
+		}
+	}
+	sort.Strings(headers)
+
+	var fullHeaders bytes.Buffer
+	for _, header := range headers {
+		headerValue := strings.Join(lowerCaseHeaders[header], ",")
+		fullHeaders.WriteString(header)
+		fullHeaders.WriteRune(':')
+		fullHeaders.WriteString(headerValue)
+		fullHeaders.WriteRune('\n')
+	}
+
+	return strings.Join(headers, ";"), fullHeaders.String()
+}
+
+func requestDataHash(req *http.Request) (string, error) {
+	var requestData []byte
+	if req.Body != nil {
+		requestBody, err := req.GetBody()
+		if err != nil {
+			return "", err
+		}
+		defer requestBody.Close()
+
+		requestData, err = internal.ReadAll(requestBody)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return getSha256(requestData)
+}
+
+func requestHost(req *http.Request) string {
+	if req.Host != "" {
+		return req.Host
+	}
+	return req.URL.Host
+}
+
+func canonicalRequest(req *http.Request, canonicalHeaderColumns, canonicalHeaderData string) (string, error) {
+	dataHash, err := requestDataHash(req)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s", req.Method, canonicalPath(req), canonicalQuery(req), canonicalHeaderData, canonicalHeaderColumns, dataHash), nil
+}
+
+type awsRequestHeader struct {
+	Key   string `json:"key"`
+	Value string `json:"value"`
+}
+
+type awsRequest struct {
+	URL     string             `json:"url"`
+	Method  string             `json:"method"`
+	Headers []awsRequestHeader `json:"headers"`
+}
+
+// The AWS region can be provided through AWS_REGION or AWS_DEFAULT_REGION. Only one is
+// required.
+func canRetrieveRegionFromEnvironment() bool {
+	return getenv(awsRegionEnvVar) != "" || getenv(awsDefaultRegionEnvVar) != ""
+}
+
+// Check if both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are available.
+func canRetrieveSecurityCredentialFromEnvironment() bool {
+	return getenv(awsAccessKeyIDEnvVar) != "" && getenv(awsSecretAccessKeyEnvVar) != ""
+}
+
+func (sp *awsSubjectProvider) shouldUseMetadataServer() bool {
+	return sp.securityCredentialsProvider == nil && (!canRetrieveRegionFromEnvironment() || !canRetrieveSecurityCredentialFromEnvironment())
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/executable_provider.go

@@ -0,0 +1,284 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+	"time"
+
+	"cloud.google.com/go/auth/internal"
+)
+
+const (
+	executableSupportedMaxVersion = 1
+	executableDefaultTimeout      = 30 * time.Second
+	executableSource              = "response"
+	executableProviderType        = "executable"
+	outputFileSource              = "output file"
+
+	allowExecutablesEnvVar = "GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES"
+
+	jwtTokenType   = "urn:ietf:params:oauth:token-type:jwt"
+	idTokenType    = "urn:ietf:params:oauth:token-type:id_token"
+	saml2TokenType = "urn:ietf:params:oauth:token-type:saml2"
+)
+
+var (
+	serviceAccountImpersonationRE = regexp.MustCompile(`https://iamcredentials..+/v1/projects/-/serviceAccounts/(.*@.*):generateAccessToken`)
+)
+
+type nonCacheableError struct {
+	message string
+}
+
+func (nce nonCacheableError) Error() string {
+	return nce.message
+}
+
+// environment is a contract for testing
+type environment interface {
+	existingEnv() []string
+	getenv(string) string
+	run(ctx context.Context, command string, env []string) ([]byte, error)
+	now() time.Time
+}
+
+type runtimeEnvironment struct{}
+
+func (r runtimeEnvironment) existingEnv() []string {
+	return os.Environ()
+}
+func (r runtimeEnvironment) getenv(key string) string {
+	return os.Getenv(key)
+}
+func (r runtimeEnvironment) now() time.Time {
+	return time.Now().UTC()
+}
+
+func (r runtimeEnvironment) run(ctx context.Context, command string, env []string) ([]byte, error) {
+	splitCommand := strings.Fields(command)
+	cmd := exec.CommandContext(ctx, splitCommand[0], splitCommand[1:]...)
+	cmd.Env = env
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	if err := cmd.Run(); err != nil {
+		if ctx.Err() == context.DeadlineExceeded {
+			return nil, context.DeadlineExceeded
+		}
+		if exitError, ok := err.(*exec.ExitError); ok {
+			return nil, exitCodeError(exitError)
+		}
+		return nil, executableError(err)
+	}
+
+	bytesStdout := bytes.TrimSpace(stdout.Bytes())
+	if len(bytesStdout) > 0 {
+		return bytesStdout, nil
+	}
+	return bytes.TrimSpace(stderr.Bytes()), nil
+}
+
+type executableSubjectProvider struct {
+	Command    string
+	Timeout    time.Duration
+	OutputFile string
+	client     *http.Client
+	opts       *Options
+	env        environment
+}
+
+type executableResponse struct {
+	Version        int    `json:"version,omitempty"`
+	Success        *bool  `json:"success,omitempty"`
+	TokenType      string `json:"token_type,omitempty"`
+	ExpirationTime int64  `json:"expiration_time,omitempty"`
+	IDToken        string `json:"id_token,omitempty"`
+	SamlResponse   string `json:"saml_response,omitempty"`
+	Code           string `json:"code,omitempty"`
+	Message        string `json:"message,omitempty"`
+}
+
+func (sp *executableSubjectProvider) parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) {
+	var result executableResponse
+	if err := json.Unmarshal(response, &result); err != nil {
+		return "", jsonParsingError(source, string(response))
+	}
+	// Validate
+	if result.Version == 0 {
+		return "", missingFieldError(source, "version")
+	}
+	if result.Success == nil {
+		return "", missingFieldError(source, "success")
+	}
+	if !*result.Success {
+		if result.Code == "" || result.Message == "" {
+			return "", malformedFailureError()
+		}
+		return "", userDefinedError(result.Code, result.Message)
+	}
+	if result.Version > executableSupportedMaxVersion || result.Version < 0 {
+		return "", unsupportedVersionError(source, result.Version)
+	}
+	if result.ExpirationTime == 0 && sp.OutputFile != "" {
+		return "", missingFieldError(source, "expiration_time")
+	}
+	if result.TokenType == "" {
+		return "", missingFieldError(source, "token_type")
+	}
+	if result.ExpirationTime != 0 && result.ExpirationTime < now {
+		return "", tokenExpiredError()
+	}
+
+	switch result.TokenType {
+	case jwtTokenType, idTokenType:
+		if result.IDToken == "" {
+			return "", missingFieldError(source, "id_token")
+		}
+		return result.IDToken, nil
+	case saml2TokenType:
+		if result.SamlResponse == "" {
+			return "", missingFieldError(source, "saml_response")
+		}
+		return result.SamlResponse, nil
+	default:
+		return "", tokenTypeError(source)
+	}
+}
+
+func (sp *executableSubjectProvider) subjectToken(ctx context.Context) (string, error) {
+	if token, err := sp.getTokenFromOutputFile(); token != "" || err != nil {
+		return token, err
+	}
+	return sp.getTokenFromExecutableCommand(ctx)
+}
+
+func (sp *executableSubjectProvider) providerType() string {
+	return executableProviderType
+}
+
+func (sp *executableSubjectProvider) getTokenFromOutputFile() (token string, err error) {
+	if sp.OutputFile == "" {
+		// This ExecutableCredentialSource doesn't use an OutputFile.
+		return "", nil
+	}
+
+	file, err := os.Open(sp.OutputFile)
+	if err != nil {
+		// No OutputFile found. Hasn't been created yet, so skip it.
+		return "", nil
+	}
+	defer file.Close()
+
+	data, err := internal.ReadAll(file)
+	if err != nil || len(data) == 0 {
+		// Cachefile exists, but no data found. Get new credential.
+		return "", nil
+	}
+
+	token, err = sp.parseSubjectTokenFromSource(data, outputFileSource, sp.env.now().Unix())
+	if err != nil {
+		if _, ok := err.(nonCacheableError); ok {
+			// If the cached token is expired we need a new token,
+			// and if the cache contains a failure, we need to try again.
+			return "", nil
+		}
+
+		// There was an error in the cached token, and the developer should be aware of it.
+		return "", err
+	}
+	// Token parsing succeeded.  Use found token.
+	return token, nil
+}
+
+func (sp *executableSubjectProvider) executableEnvironment() []string {
+	result := sp.env.existingEnv()
+	result = append(result, fmt.Sprintf("GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE=%v", sp.opts.Audience))
+	result = append(result, fmt.Sprintf("GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE=%v", sp.opts.SubjectTokenType))
+	result = append(result, "GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE=0")
+	if sp.opts.ServiceAccountImpersonationURL != "" {
+		matches := serviceAccountImpersonationRE.FindStringSubmatch(sp.opts.ServiceAccountImpersonationURL)
+		if matches != nil {
+			result = append(result, fmt.Sprintf("GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL=%v", matches[1]))
+		}
+	}
+	if sp.OutputFile != "" {
+		result = append(result, fmt.Sprintf("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE=%v", sp.OutputFile))
+	}
+	return result
+}
+
+func (sp *executableSubjectProvider) getTokenFromExecutableCommand(ctx context.Context) (string, error) {
+	// For security reasons, we need our consumers to set this environment variable to allow executables to be run.
+	if sp.env.getenv(allowExecutablesEnvVar) != "1" {
+		return "", errors.New("credentials: executables need to be explicitly allowed (set GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES to '1') to run")
+	}
+
+	ctx, cancel := context.WithDeadline(ctx, sp.env.now().Add(sp.Timeout))
+	defer cancel()
+
+	output, err := sp.env.run(ctx, sp.Command, sp.executableEnvironment())
+	if err != nil {
+		return "", err
+	}
+	return sp.parseSubjectTokenFromSource(output, executableSource, sp.env.now().Unix())
+}
+
+func missingFieldError(source, field string) error {
+	return fmt.Errorf("credentials: %q missing %q field", source, field)
+}
+
+func jsonParsingError(source, data string) error {
+	return fmt.Errorf("credentials: unable to parse %q: %v", source, data)
+}
+
+func malformedFailureError() error {
+	return nonCacheableError{"credentials: response must include `error` and `message` fields when unsuccessful"}
+}
+
+func userDefinedError(code, message string) error {
+	return nonCacheableError{fmt.Sprintf("credentials: response contains unsuccessful response: (%v) %v", code, message)}
+}
+
+func unsupportedVersionError(source string, version int) error {
+	return fmt.Errorf("credentials: %v contains unsupported version: %v", source, version)
+}
+
+func tokenExpiredError() error {
+	return nonCacheableError{"credentials: the token returned by the executable is expired"}
+}
+
+func tokenTypeError(source string) error {
+	return fmt.Errorf("credentials: %v contains unsupported token type", source)
+}
+
+func exitCodeError(err *exec.ExitError) error {
+	return fmt.Errorf("credentials: executable command failed with exit code %v: %w", err.ExitCode(), err)
+}
+
+func executableError(err error) error {
+	return fmt.Errorf("credentials: executable command failed: %w", err)
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go

@@ -0,0 +1,367 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/credentials/internal/impersonate"
+	"cloud.google.com/go/auth/credentials/internal/stsexchange"
+	"cloud.google.com/go/auth/internal/credsfile"
+)
+
+const (
+	timeoutMinimum = 5 * time.Second
+	timeoutMaximum = 120 * time.Second
+
+	universeDomainPlaceholder = "UNIVERSE_DOMAIN"
+	defaultTokenURL           = "https://sts.UNIVERSE_DOMAIN/v1/token"
+	defaultUniverseDomain     = "googleapis.com"
+)
+
+var (
+	// Now aliases time.Now for testing
+	Now = func() time.Time {
+		return time.Now().UTC()
+	}
+	validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
+)
+
+// Options stores the configuration for fetching tokens with external credentials.
+type Options struct {
+	// Audience is the Secure Token Service (STS) audience which contains the resource name for the workload
+	// identity pool or the workforce pool and the provider identifier in that pool.
+	Audience string
+	// SubjectTokenType is the STS token type based on the Oauth2.0 token exchange spec
+	// e.g. `urn:ietf:params:oauth:token-type:jwt`.
+	SubjectTokenType string
+	// TokenURL is the STS token exchange endpoint.
+	TokenURL string
+	// TokenInfoURL is the token_info endpoint used to retrieve the account related information (
+	// user attributes like account identifier, eg. email, username, uid, etc). This is
+	// needed for gCloud session account identification.
+	TokenInfoURL string
+	// ServiceAccountImpersonationURL is the URL for the service account impersonation request. This is only
+	// required for workload identity pools when APIs to be accessed have not integrated with UberMint.
+	ServiceAccountImpersonationURL string
+	// ServiceAccountImpersonationLifetimeSeconds is the number of seconds the service account impersonation
+	// token will be valid for.
+	ServiceAccountImpersonationLifetimeSeconds int
+	// ClientSecret is currently only required if token_info endpoint also
+	// needs to be called with the generated GCP access token. When provided, STS will be
+	// called with additional basic authentication using client_id as username and client_secret as password.
+	ClientSecret string
+	// ClientID is only required in conjunction with ClientSecret, as described above.
+	ClientID string
+	// CredentialSource contains the necessary information to retrieve the token itself, as well
+	// as some environmental information.
+	CredentialSource *credsfile.CredentialSource
+	// QuotaProjectID is injected by gCloud. If the value is non-empty, the Auth libraries
+	// will set the x-goog-user-project which overrides the project associated with the credentials.
+	QuotaProjectID string
+	// Scopes contains the desired scopes for the returned access token.
+	Scopes []string
+	// WorkforcePoolUserProject should be set when it is a workforce pool and
+	// not a workload identity pool. The underlying principal must still have
+	// serviceusage.services.use IAM permission to use the project for
+	// billing/quota. Optional.
+	WorkforcePoolUserProject string
+	// UniverseDomain is the default service domain for a given Cloud universe.
+	// This value will be used in the default STS token URL. The default value
+	// is "googleapis.com". It will not be used if TokenURL is set. Optional.
+	UniverseDomain string
+	// SubjectTokenProvider is an optional token provider for OIDC/SAML
+	// credentials. One of SubjectTokenProvider, AWSSecurityCredentialProvider
+	// or CredentialSource must be provided. Optional.
+	SubjectTokenProvider SubjectTokenProvider
+	// AwsSecurityCredentialsProvider is an AWS Security Credential provider
+	// for AWS credentials. One of SubjectTokenProvider,
+	// AWSSecurityCredentialProvider or CredentialSource must be provided. Optional.
+	AwsSecurityCredentialsProvider AwsSecurityCredentialsProvider
+	// Client for token request.
+	Client *http.Client
+}
+
+// SubjectTokenProvider can be used to supply a subject token to exchange for a
+// GCP access token.
+type SubjectTokenProvider interface {
+	// SubjectToken should return a valid subject token or an error.
+	// The external account token provider does not cache the returned subject
+	// token, so caching logic should be implemented in the provider to prevent
+	// multiple requests for the same subject token.
+	SubjectToken(ctx context.Context, opts *RequestOptions) (string, error)
+}
+
+// RequestOptions contains information about the requested subject token or AWS
+// security credentials from the Google external account credential.
+type RequestOptions struct {
+	// Audience is the requested audience for the external account credential.
+	Audience string
+	// Subject token type is the requested subject token type for the external
+	// account credential. Expected values include:
+	// “urn:ietf:params:oauth:token-type:jwt”
+	// “urn:ietf:params:oauth:token-type:id-token”
+	// “urn:ietf:params:oauth:token-type:saml2”
+	// “urn:ietf:params:aws:token-type:aws4_request”
+	SubjectTokenType string
+}
+
+// AwsSecurityCredentialsProvider can be used to supply AwsSecurityCredentials
+// and an AWS Region to exchange for a GCP access token.
+type AwsSecurityCredentialsProvider interface {
+	// AwsRegion should return the AWS region or an error.
+	AwsRegion(ctx context.Context, opts *RequestOptions) (string, error)
+	// GetAwsSecurityCredentials should return a valid set of
+	// AwsSecurityCredentials or an error. The external account token provider
+	// does not cache the returned security credentials, so caching logic should
+	// be implemented in the provider to prevent multiple requests for the
+	// same security credentials.
+	AwsSecurityCredentials(ctx context.Context, opts *RequestOptions) (*AwsSecurityCredentials, error)
+}
+
+// AwsSecurityCredentials models AWS security credentials.
+type AwsSecurityCredentials struct {
+	// AccessKeyId is the AWS Access Key ID - Required.
+	AccessKeyID string `json:"AccessKeyID"`
+	// SecretAccessKey is the AWS Secret Access Key - Required.
+	SecretAccessKey string `json:"SecretAccessKey"`
+	// SessionToken is the AWS Session token. This should be provided for
+	// temporary AWS security credentials - Optional.
+	SessionToken string `json:"Token"`
+}
+
+func (o *Options) validate() error {
+	if o.Audience == "" {
+		return fmt.Errorf("externalaccount: Audience must be set")
+	}
+	if o.SubjectTokenType == "" {
+		return fmt.Errorf("externalaccount: Subject token type must be set")
+	}
+	if o.WorkforcePoolUserProject != "" {
+		if valid := validWorkforceAudiencePattern.MatchString(o.Audience); !valid {
+			return fmt.Errorf("externalaccount: workforce_pool_user_project should not be set for non-workforce pool credentials")
+		}
+	}
+	count := 0
+	if o.CredentialSource != nil {
+		count++
+	}
+	if o.SubjectTokenProvider != nil {
+		count++
+	}
+	if o.AwsSecurityCredentialsProvider != nil {
+		count++
+	}
+	if count == 0 {
+		return fmt.Errorf("externalaccount: one of CredentialSource, SubjectTokenProvider, or AwsSecurityCredentialsProvider must be set")
+	}
+	if count > 1 {
+		return fmt.Errorf("externalaccount: only one of CredentialSource, SubjectTokenProvider, or AwsSecurityCredentialsProvider must be set")
+	}
+	return nil
+}
+
+// resolveTokenURL sets the default STS token endpoint with the configured
+// universe domain.
+func (o *Options) resolveTokenURL() {
+	if o.TokenURL != "" {
+		return
+	} else if o.UniverseDomain != "" {
+		o.TokenURL = strings.Replace(defaultTokenURL, universeDomainPlaceholder, o.UniverseDomain, 1)
+	} else {
+		o.TokenURL = strings.Replace(defaultTokenURL, universeDomainPlaceholder, defaultUniverseDomain, 1)
+	}
+}
+
+// NewTokenProvider returns a [cloud.google.com/go/auth.TokenProvider]
+// configured with the provided options.
+func NewTokenProvider(opts *Options) (auth.TokenProvider, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+	opts.resolveTokenURL()
+	stp, err := newSubjectTokenProvider(opts)
+	if err != nil {
+		return nil, err
+	}
+	tp := &tokenProvider{
+		client: opts.Client,
+		opts:   opts,
+		stp:    stp,
+	}
+	if opts.ServiceAccountImpersonationURL == "" {
+		return auth.NewCachedTokenProvider(tp, nil), nil
+	}
+
+	scopes := make([]string, len(opts.Scopes))
+	copy(scopes, opts.Scopes)
+	// needed for impersonation
+	tp.opts.Scopes = []string{"https://www.googleapis.com/auth/cloud-platform"}
+	imp, err := impersonate.NewTokenProvider(&impersonate.Options{
+		Client:               opts.Client,
+		URL:                  opts.ServiceAccountImpersonationURL,
+		Scopes:               scopes,
+		Tp:                   auth.NewCachedTokenProvider(tp, nil),
+		TokenLifetimeSeconds: opts.ServiceAccountImpersonationLifetimeSeconds,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return auth.NewCachedTokenProvider(imp, nil), nil
+}
+
+type subjectTokenProvider interface {
+	subjectToken(ctx context.Context) (string, error)
+	providerType() string
+}
+
+// tokenProvider is the provider that handles external credentials. It is used to retrieve Tokens.
+type tokenProvider struct {
+	client *http.Client
+	opts   *Options
+	stp    subjectTokenProvider
+}
+
+func (tp *tokenProvider) Token(ctx context.Context) (*auth.Token, error) {
+	subjectToken, err := tp.stp.subjectToken(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	stsRequest := &stsexchange.TokenRequest{
+		GrantType:          stsexchange.GrantType,
+		Audience:           tp.opts.Audience,
+		Scope:              tp.opts.Scopes,
+		RequestedTokenType: stsexchange.TokenType,
+		SubjectToken:       subjectToken,
+		SubjectTokenType:   tp.opts.SubjectTokenType,
+	}
+	header := make(http.Header)
+	header.Set("Content-Type", "application/x-www-form-urlencoded")
+	header.Add("x-goog-api-client", getGoogHeaderValue(tp.opts, tp.stp))
+	clientAuth := stsexchange.ClientAuthentication{
+		AuthStyle:    auth.StyleInHeader,
+		ClientID:     tp.opts.ClientID,
+		ClientSecret: tp.opts.ClientSecret,
+	}
+	var options map[string]interface{}
+	// Do not pass workforce_pool_user_project when client authentication is used.
+	// The client ID is sufficient for determining the user project.
+	if tp.opts.WorkforcePoolUserProject != "" && tp.opts.ClientID == "" {
+		options = map[string]interface{}{
+			"userProject": tp.opts.WorkforcePoolUserProject,
+		}
+	}
+	stsResp, err := stsexchange.ExchangeToken(ctx, &stsexchange.Options{
+		Client:         tp.client,
+		Endpoint:       tp.opts.TokenURL,
+		Request:        stsRequest,
+		Authentication: clientAuth,
+		Headers:        header,
+		ExtraOpts:      options,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	tok := &auth.Token{
+		Value: stsResp.AccessToken,
+		Type:  stsResp.TokenType,
+	}
+	// The RFC8693 doesn't define the explicit 0 of "expires_in" field behavior.
+	if stsResp.ExpiresIn <= 0 {
+		return nil, fmt.Errorf("credentials: got invalid expiry from security token service")
+	}
+	tok.Expiry = Now().Add(time.Duration(stsResp.ExpiresIn) * time.Second)
+	return tok, nil
+}
+
+// newSubjectTokenProvider determines the type of credsfile.CredentialSource needed to create a
+// subjectTokenProvider
+func newSubjectTokenProvider(o *Options) (subjectTokenProvider, error) {
+	reqOpts := &RequestOptions{Audience: o.Audience, SubjectTokenType: o.SubjectTokenType}
+	if o.AwsSecurityCredentialsProvider != nil {
+		return &awsSubjectProvider{
+			securityCredentialsProvider: o.AwsSecurityCredentialsProvider,
+			TargetResource:              o.Audience,
+			reqOpts:                     reqOpts,
+		}, nil
+	} else if o.SubjectTokenProvider != nil {
+		return &programmaticProvider{stp: o.SubjectTokenProvider, opts: reqOpts}, nil
+	} else if len(o.CredentialSource.EnvironmentID) > 3 && o.CredentialSource.EnvironmentID[:3] == "aws" {
+		if awsVersion, err := strconv.Atoi(o.CredentialSource.EnvironmentID[3:]); err == nil {
+			if awsVersion != 1 {
+				return nil, fmt.Errorf("credentials: aws version '%d' is not supported in the current build", awsVersion)
+			}
+
+			awsProvider := &awsSubjectProvider{
+				EnvironmentID:               o.CredentialSource.EnvironmentID,
+				RegionURL:                   o.CredentialSource.RegionURL,
+				RegionalCredVerificationURL: o.CredentialSource.RegionalCredVerificationURL,
+				CredVerificationURL:         o.CredentialSource.URL,
+				TargetResource:              o.Audience,
+				Client:                      o.Client,
+			}
+			if o.CredentialSource.IMDSv2SessionTokenURL != "" {
+				awsProvider.IMDSv2SessionTokenURL = o.CredentialSource.IMDSv2SessionTokenURL
+			}
+
+			return awsProvider, nil
+		}
+	} else if o.CredentialSource.File != "" {
+		return &fileSubjectProvider{File: o.CredentialSource.File, Format: o.CredentialSource.Format}, nil
+	} else if o.CredentialSource.URL != "" {
+		return &urlSubjectProvider{URL: o.CredentialSource.URL, Headers: o.CredentialSource.Headers, Format: o.CredentialSource.Format, Client: o.Client}, nil
+	} else if o.CredentialSource.Executable != nil {
+		ec := o.CredentialSource.Executable
+		if ec.Command == "" {
+			return nil, errors.New("credentials: missing `command` field — executable command must be provided")
+		}
+
+		execProvider := &executableSubjectProvider{}
+		execProvider.Command = ec.Command
+		if ec.TimeoutMillis == 0 {
+			execProvider.Timeout = executableDefaultTimeout
+		} else {
+			execProvider.Timeout = time.Duration(ec.TimeoutMillis) * time.Millisecond
+			if execProvider.Timeout < timeoutMinimum || execProvider.Timeout > timeoutMaximum {
+				return nil, fmt.Errorf("credentials: invalid `timeout_millis` field — executable timeout must be between %v and %v seconds", timeoutMinimum.Seconds(), timeoutMaximum.Seconds())
+			}
+		}
+		execProvider.OutputFile = ec.OutputFile
+		execProvider.client = o.Client
+		execProvider.opts = o
+		execProvider.env = runtimeEnvironment{}
+		return execProvider, nil
+	}
+	return nil, errors.New("credentials: unable to parse credential source")
+}
+
+func getGoogHeaderValue(conf *Options, p subjectTokenProvider) string {
+	return fmt.Sprintf("gl-go/%s auth/%s google-byoid-sdk source/%s sa-impersonation/%t config-lifetime/%t",
+		goVersion(),
+		"unknown",
+		p.providerType(),
+		conf.ServiceAccountImpersonationURL != "",
+		conf.ServiceAccountImpersonationLifetimeSeconds != 0)
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/file_provider.go

@@ -0,0 +1,78 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/credsfile"
+)
+
+const (
+	fileProviderType = "file"
+)
+
+type fileSubjectProvider struct {
+	File   string
+	Format *credsfile.Format
+}
+
+func (sp *fileSubjectProvider) subjectToken(context.Context) (string, error) {
+	tokenFile, err := os.Open(sp.File)
+	if err != nil {
+		return "", fmt.Errorf("credentials: failed to open credential file %q: %w", sp.File, err)
+	}
+	defer tokenFile.Close()
+	tokenBytes, err := internal.ReadAll(tokenFile)
+	if err != nil {
+		return "", fmt.Errorf("credentials: failed to read credential file: %w", err)
+	}
+	tokenBytes = bytes.TrimSpace(tokenBytes)
+
+	if sp.Format == nil {
+		return string(tokenBytes), nil
+	}
+	switch sp.Format.Type {
+	case fileTypeJSON:
+		jsonData := make(map[string]interface{})
+		err = json.Unmarshal(tokenBytes, &jsonData)
+		if err != nil {
+			return "", fmt.Errorf("credentials: failed to unmarshal subject token file: %w", err)
+		}
+		val, ok := jsonData[sp.Format.SubjectTokenFieldName]
+		if !ok {
+			return "", errors.New("credentials: provided subject_token_field_name not found in credentials")
+		}
+		token, ok := val.(string)
+		if !ok {
+			return "", errors.New("credentials: improperly formatted subject token")
+		}
+		return token, nil
+	case fileTypeText:
+		return string(tokenBytes), nil
+	default:
+		return "", errors.New("credentials: invalid credential_source file format type: " + sp.Format.Type)
+	}
+}
+
+func (sp *fileSubjectProvider) providerType() string {
+	return fileProviderType
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/info.go

@@ -0,0 +1,74 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import (
+	"runtime"
+	"strings"
+	"unicode"
+)
+
+var (
+	// version is a package internal global variable for testing purposes.
+	version = runtime.Version
+)
+
+// versionUnknown is only used when the runtime version cannot be determined.
+const versionUnknown = "UNKNOWN"
+
+// goVersion returns a Go runtime version derived from the runtime environment
+// that is modified to be suitable for reporting in a header, meaning it has no
+// whitespace. If it is unable to determine the Go runtime version, it returns
+// versionUnknown.
+func goVersion() string {
+	const develPrefix = "devel +"
+
+	s := version()
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	} else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+		s = s[:p]
+	}
+
+	notSemverRune := func(r rune) bool {
+		return !strings.ContainsRune("0123456789.", r)
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			// Some release candidates already have a dash in them.
+			if !strings.HasPrefix(prerelease, "-") {
+				prerelease = "-" + prerelease
+			}
+			s += prerelease
+		}
+		return s
+	}
+	return versionUnknown
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/programmatic_provider.go

@@ -0,0 +1,30 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import "context"
+
+type programmaticProvider struct {
+	opts *RequestOptions
+	stp  SubjectTokenProvider
+}
+
+func (pp *programmaticProvider) providerType() string {
+	return programmaticProviderType
+}
+
+func (pp *programmaticProvider) subjectToken(ctx context.Context) (string, error) {
+	return pp.stp.SubjectToken(ctx, pp.opts)
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/url_provider.go

@@ -0,0 +1,93 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccount
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/credsfile"
+)
+
+const (
+	fileTypeText             = "text"
+	fileTypeJSON             = "json"
+	urlProviderType          = "url"
+	programmaticProviderType = "programmatic"
+)
+
+type urlSubjectProvider struct {
+	URL     string
+	Headers map[string]string
+	Format  *credsfile.Format
+	Client  *http.Client
+}
+
+func (sp *urlSubjectProvider) subjectToken(ctx context.Context) (string, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", sp.URL, nil)
+	if err != nil {
+		return "", fmt.Errorf("credentials: HTTP request for URL-sourced credential failed: %w", err)
+	}
+
+	for key, val := range sp.Headers {
+		req.Header.Add(key, val)
+	}
+	resp, err := sp.Client.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("credentials: invalid response when retrieving subject token: %w", err)
+	}
+	defer resp.Body.Close()
+
+	respBody, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return "", fmt.Errorf("credentials: invalid body in subject token URL query: %w", err)
+	}
+	if c := resp.StatusCode; c < http.StatusOK || c >= http.StatusMultipleChoices {
+		return "", fmt.Errorf("credentials: status code %d: %s", c, respBody)
+	}
+
+	if sp.Format == nil {
+		return string(respBody), nil
+	}
+	switch sp.Format.Type {
+	case "json":
+		jsonData := make(map[string]interface{})
+		err = json.Unmarshal(respBody, &jsonData)
+		if err != nil {
+			return "", fmt.Errorf("credentials: failed to unmarshal subject token file: %w", err)
+		}
+		val, ok := jsonData[sp.Format.SubjectTokenFieldName]
+		if !ok {
+			return "", errors.New("credentials: provided subject_token_field_name not found in credentials")
+		}
+		token, ok := val.(string)
+		if !ok {
+			return "", errors.New("credentials: improperly formatted subject token")
+		}
+		return token, nil
+	case fileTypeText:
+		return string(respBody), nil
+	default:
+		return "", errors.New("credentials: invalid credential_source file format type: " + sp.Format.Type)
+	}
+}
+
+func (sp *urlSubjectProvider) providerType() string {
+	return urlProviderType
+}

vendor/cloud.google.com/go/auth/credentials/internal/externalaccountuser/externalaccountuser.go

@@ -0,0 +1,110 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package externalaccountuser
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/credentials/internal/stsexchange"
+	"cloud.google.com/go/auth/internal"
+)
+
+// Options stores the configuration for fetching tokens with external authorized
+// user credentials.
+type Options struct {
+	// Audience is the Secure Token Service (STS) audience which contains the
+	// resource name for the workforce pool and the provider identifier in that
+	// pool.
+	Audience string
+	// RefreshToken is the OAuth 2.0 refresh token.
+	RefreshToken string
+	// TokenURL is the STS token exchange endpoint for refresh.
+	TokenURL string
+	// TokenInfoURL is the STS endpoint URL for token introspection. Optional.
+	TokenInfoURL string
+	// ClientID is only required in conjunction with ClientSecret, as described
+	// below.
+	ClientID string
+	// ClientSecret is currently only required if token_info endpoint also needs
+	// to be called with the generated a cloud access token. When provided, STS
+	// will be called with additional basic authentication using client_id as
+	// username and client_secret as password.
+	ClientSecret string
+	// Scopes contains the desired scopes for the returned access token.
+	Scopes []string
+
+	// Client for token request.
+	Client *http.Client
+}
+
+func (c *Options) validate() bool {
+	return c.ClientID != "" && c.ClientSecret != "" && c.RefreshToken != "" && c.TokenURL != ""
+}
+
+// NewTokenProvider returns a [cloud.google.com/go/auth.TokenProvider]
+// configured with the provided options.
+func NewTokenProvider(opts *Options) (auth.TokenProvider, error) {
+	if !opts.validate() {
+		return nil, errors.New("credentials: invalid external_account_authorized_user configuration")
+	}
+
+	tp := &tokenProvider{
+		o: opts,
+	}
+	return auth.NewCachedTokenProvider(tp, nil), nil
+}
+
+type tokenProvider struct {
+	o *Options
+}
+
+func (tp *tokenProvider) Token(ctx context.Context) (*auth.Token, error) {
+	opts := tp.o
+
+	clientAuth := stsexchange.ClientAuthentication{
+		AuthStyle:    auth.StyleInHeader,
+		ClientID:     opts.ClientID,
+		ClientSecret: opts.ClientSecret,
+	}
+	headers := make(http.Header)
+	headers.Set("Content-Type", "application/x-www-form-urlencoded")
+	stsResponse, err := stsexchange.RefreshAccessToken(ctx, &stsexchange.Options{
+		Client:         opts.Client,
+		Endpoint:       opts.TokenURL,
+		RefreshToken:   opts.RefreshToken,
+		Authentication: clientAuth,
+		Headers:        headers,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if stsResponse.ExpiresIn < 0 {
+		return nil, errors.New("credentials: invalid expiry from security token service")
+	}
+
+	// guarded by the wrapping with CachedTokenProvider
+	if stsResponse.RefreshToken != "" {
+		opts.RefreshToken = stsResponse.RefreshToken
+	}
+	return &auth.Token{
+		Value:  stsResponse.AccessToken,
+		Expiry: time.Now().UTC().Add(time.Duration(stsResponse.ExpiresIn) * time.Second),
+		Type:   internal.TokenTypeBearer,
+	}, nil
+}

vendor/cloud.google.com/go/auth/credentials/internal/gdch/gdch.go

@@ -0,0 +1,182 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package gdch
+
+import (
+	"context"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/credsfile"
+	"cloud.google.com/go/auth/internal/jwt"
+)
+
+const (
+	// GrantType is the grant type for the token request.
+	GrantType        = "urn:ietf:params:oauth:token-type:token-exchange"
+	requestTokenType = "urn:ietf:params:oauth:token-type:access_token"
+	subjectTokenType = "urn:k8s:params:oauth:token-type:serviceaccount"
+)
+
+var (
+	gdchSupportFormatVersions map[string]bool = map[string]bool{
+		"1": true,
+	}
+)
+
+// Options for [NewTokenProvider].
+type Options struct {
+	STSAudience string
+	Client      *http.Client
+}
+
+// NewTokenProvider returns a [cloud.google.com/go/auth.TokenProvider] from a
+// GDCH cred file.
+func NewTokenProvider(f *credsfile.GDCHServiceAccountFile, o *Options) (auth.TokenProvider, error) {
+	if !gdchSupportFormatVersions[f.FormatVersion] {
+		return nil, fmt.Errorf("credentials: unsupported gdch_service_account format %q", f.FormatVersion)
+	}
+	if o.STSAudience == "" {
+		return nil, errors.New("credentials: STSAudience must be set for the GDCH auth flows")
+	}
+	pk, err := internal.ParseKey([]byte(f.PrivateKey))
+	if err != nil {
+		return nil, err
+	}
+	certPool, err := loadCertPool(f.CertPath)
+	if err != nil {
+		return nil, err
+	}
+
+	tp := gdchProvider{
+		serviceIdentity: fmt.Sprintf("system:serviceaccount:%s:%s", f.Project, f.Name),
+		tokenURL:        f.TokenURL,
+		aud:             o.STSAudience,
+		pk:              pk,
+		pkID:            f.PrivateKeyID,
+		certPool:        certPool,
+		client:          o.Client,
+	}
+	return tp, nil
+}
+
+func loadCertPool(path string) (*x509.CertPool, error) {
+	pool := x509.NewCertPool()
+	pem, err := os.ReadFile(path)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: failed to read certificate: %w", err)
+	}
+	pool.AppendCertsFromPEM(pem)
+	return pool, nil
+}
+
+type gdchProvider struct {
+	serviceIdentity string
+	tokenURL        string
+	aud             string
+	pk              *rsa.PrivateKey
+	pkID            string
+	certPool        *x509.CertPool
+
+	client *http.Client
+}
+
+func (g gdchProvider) Token(ctx context.Context) (*auth.Token, error) {
+	addCertToTransport(g.client, g.certPool)
+	iat := time.Now()
+	exp := iat.Add(time.Hour)
+	claims := jwt.Claims{
+		Iss: g.serviceIdentity,
+		Sub: g.serviceIdentity,
+		Aud: g.tokenURL,
+		Iat: iat.Unix(),
+		Exp: exp.Unix(),
+	}
+	h := jwt.Header{
+		Algorithm: jwt.HeaderAlgRSA256,
+		Type:      jwt.HeaderType,
+		KeyID:     string(g.pkID),
+	}
+	payload, err := jwt.EncodeJWS(&h, &claims, g.pk)
+	if err != nil {
+		return nil, err
+	}
+	v := url.Values{}
+	v.Set("grant_type", GrantType)
+	v.Set("audience", g.aud)
+	v.Set("requested_token_type", requestTokenType)
+	v.Set("subject_token", payload)
+	v.Set("subject_token_type", subjectTokenType)
+	resp, err := g.client.PostForm(g.tokenURL, v)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: cannot fetch token: %w", err)
+	}
+	defer resp.Body.Close()
+	body, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: cannot fetch token: %w", err)
+	}
+	if c := resp.StatusCode; c < http.StatusOK || c > http.StatusMultipleChoices {
+		return nil, &auth.Error{
+			Response: resp,
+			Body:     body,
+		}
+	}
+
+	var tokenRes struct {
+		AccessToken string `json:"access_token"`
+		TokenType   string `json:"token_type"`
+		ExpiresIn   int64  `json:"expires_in"` // relative seconds from now
+	}
+	if err := json.Unmarshal(body, &tokenRes); err != nil {
+		return nil, fmt.Errorf("credentials: cannot fetch token: %w", err)
+	}
+	token := &auth.Token{
+		Value: tokenRes.AccessToken,
+		Type:  tokenRes.TokenType,
+	}
+	raw := make(map[string]interface{})
+	json.Unmarshal(body, &raw) // no error checks for optional fields
+	token.Metadata = raw
+
+	if secs := tokenRes.ExpiresIn; secs > 0 {
+		token.Expiry = time.Now().Add(time.Duration(secs) * time.Second)
+	}
+	return token, nil
+}
+
+// addCertToTransport makes a best effort attempt at adding in the cert info to
+// the client. It tries to keep all configured transport settings if the
+// underlying transport is an http.Transport. Or else it overwrites the
+// transport with defaults adding in the certs.
+func addCertToTransport(hc *http.Client, certPool *x509.CertPool) {
+	trans, ok := hc.Transport.(*http.Transport)
+	if !ok {
+		trans = http.DefaultTransport.(*http.Transport).Clone()
+	}
+	trans.TLSClientConfig = &tls.Config{
+		RootCAs: certPool,
+	}
+}

vendor/cloud.google.com/go/auth/credentials/internal/impersonate/impersonate.go

@@ -0,0 +1,151 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package impersonate
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/internal"
+)
+
+const (
+	defaultTokenLifetime = "3600s"
+	authHeaderKey        = "Authorization"
+)
+
+// generateAccesstokenReq is used for service account impersonation
+type generateAccessTokenReq struct {
+	Delegates []string `json:"delegates,omitempty"`
+	Lifetime  string   `json:"lifetime,omitempty"`
+	Scope     []string `json:"scope,omitempty"`
+}
+
+type impersonateTokenResponse struct {
+	AccessToken string `json:"accessToken"`
+	ExpireTime  string `json:"expireTime"`
+}
+
+// NewTokenProvider uses a source credential, stored in Ts, to request an access token to the provided URL.
+// Scopes can be defined when the access token is requested.
+func NewTokenProvider(opts *Options) (auth.TokenProvider, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+	return opts, nil
+}
+
+// Options for [NewTokenProvider].
+type Options struct {
+	// Tp is the source credential used to generate a token on the
+	// impersonated service account. Required.
+	Tp auth.TokenProvider
+
+	// URL is the endpoint to call to generate a token
+	// on behalf of the service account. Required.
+	URL string
+	// Scopes that the impersonated credential should have. Required.
+	Scopes []string
+	// Delegates are the service account email addresses in a delegation chain.
+	// Each service account must be granted roles/iam.serviceAccountTokenCreator
+	// on the next service account in the chain. Optional.
+	Delegates []string
+	// TokenLifetimeSeconds is the number of seconds the impersonation token will
+	// be valid for. Defaults to 1 hour if unset. Optional.
+	TokenLifetimeSeconds int
+	// Client configures the underlying client used to make network requests
+	// when fetching tokens. Required.
+	Client *http.Client
+}
+
+func (o *Options) validate() error {
+	if o.Tp == nil {
+		return errors.New("credentials: missing required 'source_credentials' field in impersonated credentials")
+	}
+	if o.URL == "" {
+		return errors.New("credentials: missing required 'service_account_impersonation_url' field in impersonated credentials")
+	}
+	return nil
+}
+
+// Token performs the exchange to get a temporary service account token to allow access to GCP.
+func (o *Options) Token(ctx context.Context) (*auth.Token, error) {
+	lifetime := defaultTokenLifetime
+	if o.TokenLifetimeSeconds != 0 {
+		lifetime = fmt.Sprintf("%ds", o.TokenLifetimeSeconds)
+	}
+	reqBody := generateAccessTokenReq{
+		Lifetime:  lifetime,
+		Scope:     o.Scopes,
+		Delegates: o.Delegates,
+	}
+	b, err := json.Marshal(reqBody)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: unable to marshal request: %w", err)
+	}
+	req, err := http.NewRequestWithContext(ctx, "POST", o.URL, bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("credentials: unable to create impersonation request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	if err := setAuthHeader(ctx, o.Tp, req); err != nil {
+		return nil, err
+	}
+	resp, err := o.Client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: unable to generate access token: %w", err)
+	}
+	defer resp.Body.Close()
+	body, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: unable to read body: %w", err)
+	}
+	if c := resp.StatusCode; c < http.StatusOK || c >= http.StatusMultipleChoices {
+		return nil, fmt.Errorf("credentials: status code %d: %s", c, body)
+	}
+
+	var accessTokenResp impersonateTokenResponse
+	if err := json.Unmarshal(body, &accessTokenResp); err != nil {
+		return nil, fmt.Errorf("credentials: unable to parse response: %w", err)
+	}
+	expiry, err := time.Parse(time.RFC3339, accessTokenResp.ExpireTime)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: unable to parse expiry: %w", err)
+	}
+	return &auth.Token{
+		Value:  accessTokenResp.AccessToken,
+		Expiry: expiry,
+		Type:   internal.TokenTypeBearer,
+	}, nil
+}
+
+func setAuthHeader(ctx context.Context, tp auth.TokenProvider, r *http.Request) error {
+	t, err := tp.Token(ctx)
+	if err != nil {
+		return err
+	}
+	typ := t.Type
+	if typ == "" {
+		typ = internal.TokenTypeBearer
+	}
+	r.Header.Set(authHeaderKey, typ+" "+t.Value)
+	return nil
+}

vendor/cloud.google.com/go/auth/credentials/internal/stsexchange/sts_exchange.go

@@ -0,0 +1,167 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package stsexchange
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/internal"
+)
+
+const (
+	// GrantType for a sts exchange.
+	GrantType = "urn:ietf:params:oauth:grant-type:token-exchange"
+	// TokenType for a sts exchange.
+	TokenType = "urn:ietf:params:oauth:token-type:access_token"
+
+	jwtTokenType = "urn:ietf:params:oauth:token-type:jwt"
+)
+
+// Options stores the configuration for making an sts exchange request.
+type Options struct {
+	Client         *http.Client
+	Endpoint       string
+	Request        *TokenRequest
+	Authentication ClientAuthentication
+	Headers        http.Header
+	// ExtraOpts are optional fields marshalled into the `options` field of the
+	// request body.
+	ExtraOpts    map[string]interface{}
+	RefreshToken string
+}
+
+// RefreshAccessToken performs the token exchange using a refresh token flow.
+func RefreshAccessToken(ctx context.Context, opts *Options) (*TokenResponse, error) {
+	data := url.Values{}
+	data.Set("grant_type", "refresh_token")
+	data.Set("refresh_token", opts.RefreshToken)
+	return doRequest(ctx, opts, data)
+}
+
+// ExchangeToken performs an oauth2 token exchange with the provided endpoint.
+func ExchangeToken(ctx context.Context, opts *Options) (*TokenResponse, error) {
+	data := url.Values{}
+	data.Set("audience", opts.Request.Audience)
+	data.Set("grant_type", GrantType)
+	data.Set("requested_token_type", TokenType)
+	data.Set("subject_token_type", opts.Request.SubjectTokenType)
+	data.Set("subject_token", opts.Request.SubjectToken)
+	data.Set("scope", strings.Join(opts.Request.Scope, " "))
+	if opts.ExtraOpts != nil {
+		opts, err := json.Marshal(opts.ExtraOpts)
+		if err != nil {
+			return nil, fmt.Errorf("credentials: failed to marshal additional options: %w", err)
+		}
+		data.Set("options", string(opts))
+	}
+	return doRequest(ctx, opts, data)
+}
+
+func doRequest(ctx context.Context, opts *Options, data url.Values) (*TokenResponse, error) {
+	opts.Authentication.InjectAuthentication(data, opts.Headers)
+	encodedData := data.Encode()
+
+	req, err := http.NewRequestWithContext(ctx, "POST", opts.Endpoint, strings.NewReader(encodedData))
+	if err != nil {
+		return nil, fmt.Errorf("credentials: failed to properly build http request: %w", err)
+
+	}
+	for key, list := range opts.Headers {
+		for _, val := range list {
+			req.Header.Add(key, val)
+		}
+	}
+	req.Header.Set("Content-Length", strconv.Itoa(len(encodedData)))
+
+	resp, err := opts.Client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: invalid response from Secure Token Server: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := internal.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if c := resp.StatusCode; c < http.StatusOK || c > http.StatusMultipleChoices {
+		return nil, fmt.Errorf("credentials: status code %d: %s", c, body)
+	}
+	var stsResp TokenResponse
+	if err := json.Unmarshal(body, &stsResp); err != nil {
+		return nil, fmt.Errorf("credentials: failed to unmarshal response body from Secure Token Server: %w", err)
+	}
+
+	return &stsResp, nil
+}
+
+// TokenRequest contains fields necessary to make an oauth2 token
+// exchange.
+type TokenRequest struct {
+	ActingParty struct {
+		ActorToken     string
+		ActorTokenType string
+	}
+	GrantType          string
+	Resource           string
+	Audience           string
+	Scope              []string
+	RequestedTokenType string
+	SubjectToken       string
+	SubjectTokenType   string
+}
+
+// TokenResponse is used to decode the remote server response during
+// an oauth2 token exchange.
+type TokenResponse struct {
+	AccessToken     string `json:"access_token"`
+	IssuedTokenType string `json:"issued_token_type"`
+	TokenType       string `json:"token_type"`
+	ExpiresIn       int    `json:"expires_in"`
+	Scope           string `json:"scope"`
+	RefreshToken    string `json:"refresh_token"`
+}
+
+// ClientAuthentication represents an OAuth client ID and secret and the
+// mechanism for passing these credentials as stated in rfc6749#2.3.1.
+type ClientAuthentication struct {
+	AuthStyle    auth.Style
+	ClientID     string
+	ClientSecret string
+}
+
+// InjectAuthentication is used to add authentication to a Secure Token Service
+// exchange request.  It modifies either the passed url.Values or http.Header
+// depending on the desired authentication format.
+func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
+	if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
+		return
+	}
+	switch c.AuthStyle {
+	case auth.StyleInHeader:
+		plainHeader := c.ClientID + ":" + c.ClientSecret
+		headers.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader)))
+	default:
+		values.Set("client_id", c.ClientID)
+		values.Set("client_secret", c.ClientSecret)
+	}
+}

vendor/cloud.google.com/go/auth/credentials/selfsignedjwt.go

@@ -0,0 +1,81 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credentials
+
+import (
+	"context"
+	"crypto/rsa"
+	"fmt"
+	"strings"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/credsfile"
+	"cloud.google.com/go/auth/internal/jwt"
+)
+
+var (
+	// for testing
+	now func() time.Time = time.Now
+)
+
+// configureSelfSignedJWT uses the private key in the service account to create
+// a JWT without making a network call.
+func configureSelfSignedJWT(f *credsfile.ServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+	pk, err := internal.ParseKey([]byte(f.PrivateKey))
+	if err != nil {
+		return nil, fmt.Errorf("credentials: could not parse key: %w", err)
+	}
+	return &selfSignedTokenProvider{
+		email:    f.ClientEmail,
+		audience: opts.Audience,
+		scopes:   opts.scopes(),
+		pk:       pk,
+		pkID:     f.PrivateKeyID,
+	}, nil
+}
+
+type selfSignedTokenProvider struct {
+	email    string
+	audience string
+	scopes   []string
+	pk       *rsa.PrivateKey
+	pkID     string
+}
+
+func (tp *selfSignedTokenProvider) Token(context.Context) (*auth.Token, error) {
+	iat := now()
+	exp := iat.Add(time.Hour)
+	scope := strings.Join(tp.scopes, " ")
+	c := &jwt.Claims{
+		Iss:   tp.email,
+		Sub:   tp.email,
+		Aud:   tp.audience,
+		Scope: scope,
+		Iat:   iat.Unix(),
+		Exp:   exp.Unix(),
+	}
+	h := &jwt.Header{
+		Algorithm: jwt.HeaderAlgRSA256,
+		Type:      jwt.HeaderType,
+		KeyID:     string(tp.pkID),
+	}
+	msg, err := jwt.EncodeJWS(h, c, tp.pk)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: could not encode JWT: %w", err)
+	}
+	return &auth.Token{Value: msg, Type: internal.TokenTypeBearer, Expiry: exp}, nil
+}

vendor/cloud.google.com/go/auth/grpctransport/dial_socketopt.go

@@ -0,0 +1,62 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build linux
+// +build linux
+
+package grpctransport
+
+import (
+	"context"
+	"net"
+	"syscall"
+
+	"google.golang.org/grpc"
+)
+
+const (
+	// defaultTCPUserTimeout is the default TCP_USER_TIMEOUT socket option. By
+	// default is 20 seconds.
+	tcpUserTimeoutMilliseconds = 20000
+
+	// Copied from golang.org/x/sys/unix.TCP_USER_TIMEOUT.
+	tcpUserTimeoutOp = 0x12
+)
+
+func init() {
+	// timeoutDialerOption is a grpc.DialOption that contains dialer with
+	// socket option TCP_USER_TIMEOUT. This dialer requires go versions 1.11+.
+	timeoutDialerOption = grpc.WithContextDialer(dialTCPUserTimeout)
+}
+
+func dialTCPUserTimeout(ctx context.Context, addr string) (net.Conn, error) {
+	control := func(network, address string, c syscall.RawConn) error {
+		var syscallErr error
+		controlErr := c.Control(func(fd uintptr) {
+			syscallErr = syscall.SetsockoptInt(
+				int(fd), syscall.IPPROTO_TCP, tcpUserTimeoutOp, tcpUserTimeoutMilliseconds)
+		})
+		if syscallErr != nil {
+			return syscallErr
+		}
+		if controlErr != nil {
+			return controlErr
+		}
+		return nil
+	}
+	d := &net.Dialer{
+		Control: control,
+	}
+	return d.DialContext(ctx, "tcp", addr)
+}

vendor/cloud.google.com/go/auth/grpctransport/directpath.go

@@ -0,0 +1,123 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package grpctransport
+
+import (
+	"context"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/compute/metadata"
+	"google.golang.org/grpc"
+	grpcgoogle "google.golang.org/grpc/credentials/google"
+)
+
+func isDirectPathEnabled(endpoint string, opts *Options) bool {
+	if opts.InternalOptions != nil && !opts.InternalOptions.EnableDirectPath {
+		return false
+	}
+	if !checkDirectPathEndPoint(endpoint) {
+		return false
+	}
+	if b, _ := strconv.ParseBool(os.Getenv(disableDirectPathEnvVar)); b {
+		return false
+	}
+	return true
+}
+
+func checkDirectPathEndPoint(endpoint string) bool {
+	// Only [dns:///]host[:port] is supported, not other schemes (e.g., "tcp://" or "unix://").
+	// Also don't try direct path if the user has chosen an alternate name resolver
+	// (i.e., via ":///" prefix).
+	if strings.Contains(endpoint, "://") && !strings.HasPrefix(endpoint, "dns:///") {
+		return false
+	}
+
+	if endpoint == "" {
+		return false
+	}
+
+	return true
+}
+
+func isTokenProviderDirectPathCompatible(tp auth.TokenProvider, _ *Options) bool {
+	if tp == nil {
+		return false
+	}
+	tok, err := tp.Token(context.Background())
+	if err != nil {
+		return false
+	}
+	if tok == nil {
+		return false
+	}
+	if source, _ := tok.Metadata["auth.google.tokenSource"].(string); source != "compute-metadata" {
+		return false
+	}
+	if acct, _ := tok.Metadata["auth.google.serviceAccount"].(string); acct != "default" {
+		return false
+	}
+	return true
+}
+
+func isDirectPathXdsUsed(o *Options) bool {
+	// Method 1: Enable DirectPath xDS by env;
+	if b, _ := strconv.ParseBool(os.Getenv(enableDirectPathXdsEnvVar)); b {
+		return true
+	}
+	// Method 2: Enable DirectPath xDS by option;
+	if o.InternalOptions != nil && o.InternalOptions.EnableDirectPathXds {
+		return true
+	}
+	return false
+}
+
+// configureDirectPath returns some dial options and an endpoint to use if the
+// configuration allows the use of direct path. If it does not the provided
+// grpcOpts and endpoint are returned.
+func configureDirectPath(grpcOpts []grpc.DialOption, opts *Options, endpoint string, creds *auth.Credentials) ([]grpc.DialOption, string) {
+	if isDirectPathEnabled(endpoint, opts) && metadata.OnGCE() && isTokenProviderDirectPathCompatible(creds, opts) {
+		// Overwrite all of the previously specific DialOptions, DirectPath uses its own set of credentials and certificates.
+		grpcOpts = []grpc.DialOption{
+			grpc.WithCredentialsBundle(grpcgoogle.NewDefaultCredentialsWithOptions(grpcgoogle.DefaultCredentialsOptions{PerRPCCreds: &grpcCredentialsProvider{creds: creds}}))}
+		if timeoutDialerOption != nil {
+			grpcOpts = append(grpcOpts, timeoutDialerOption)
+		}
+		// Check if google-c2p resolver is enabled for DirectPath
+		if isDirectPathXdsUsed(opts) {
+			// google-c2p resolver target must not have a port number
+			if addr, _, err := net.SplitHostPort(endpoint); err == nil {
+				endpoint = "google-c2p:///" + addr
+			} else {
+				endpoint = "google-c2p:///" + endpoint
+			}
+		} else {
+			if !strings.HasPrefix(endpoint, "dns:///") {
+				endpoint = "dns:///" + endpoint
+			}
+			grpcOpts = append(grpcOpts,
+				// For now all DirectPath go clients will be using the following lb config, but in future
+				// when different services need different configs, then we should change this to a
+				// per-service config.
+				grpc.WithDisableServiceConfig(),
+				grpc.WithDefaultServiceConfig(`{"loadBalancingConfig":[{"grpclb":{"childPolicy":[{"pick_first":{}}]}}]}`))
+		}
+		// TODO: add support for system parameters (quota project, request reason) via chained interceptor.
+	}
+	return grpcOpts, endpoint
+}

vendor/cloud.google.com/go/auth/grpctransport/grpctransport.go

@@ -0,0 +1,329 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package grpctransport
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/credentials"
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/transport"
+	"go.opencensus.io/plugin/ocgrpc"
+	"google.golang.org/grpc"
+	grpccreds "google.golang.org/grpc/credentials"
+	grpcinsecure "google.golang.org/grpc/credentials/insecure"
+)
+
+const (
+	// Check env to disable DirectPath traffic.
+	disableDirectPathEnvVar = "GOOGLE_CLOUD_DISABLE_DIRECT_PATH"
+
+	// Check env to decide if using google-c2p resolver for DirectPath traffic.
+	enableDirectPathXdsEnvVar = "GOOGLE_CLOUD_ENABLE_DIRECT_PATH_XDS"
+
+	quotaProjectHeaderKey = "X-Goog-User-Project"
+)
+
+var (
+	// Set at init time by dial_socketopt.go. If nil, socketopt is not supported.
+	timeoutDialerOption grpc.DialOption
+)
+
+// Options used to configure a [GRPCClientConnPool] from [Dial].
+type Options struct {
+	// DisableTelemetry disables default telemetry (OpenTelemetry). An example
+	// reason to do so would be to bind custom telemetry that overrides the
+	// defaults.
+	DisableTelemetry bool
+	// DisableAuthentication specifies that no authentication should be used. It
+	// is suitable only for testing and for accessing public resources, like
+	// public Google Cloud Storage buckets.
+	DisableAuthentication bool
+	// Endpoint overrides the default endpoint to be used for a service.
+	Endpoint string
+	// Metadata is extra gRPC metadata that will be appended to every outgoing
+	// request.
+	Metadata map[string]string
+	// GRPCDialOpts are dial options that will be passed to `grpc.Dial` when
+	// establishing a`grpc.Conn``
+	GRPCDialOpts []grpc.DialOption
+	// PoolSize is specifies how many connections to balance between when making
+	// requests. If unset or less than 1, the value defaults to 1.
+	PoolSize int
+	// Credentials used to add Authorization metadata to all requests. If set
+	// DetectOpts are ignored.
+	Credentials *auth.Credentials
+	// DetectOpts configures settings for detect Application Default
+	// Credentials.
+	DetectOpts *credentials.DetectOptions
+	// UniverseDomain is the default service domain for a given Cloud universe.
+	// The default value is "googleapis.com". This is the universe domain
+	// configured for the client, which will be compared to the universe domain
+	// that is separately configured for the credentials.
+	UniverseDomain string
+
+	// InternalOptions are NOT meant to be set directly by consumers of this
+	// package, they should only be set by generated client code.
+	InternalOptions *InternalOptions
+}
+
+// client returns the client a user set for the detect options or nil if one was
+// not set.
+func (o *Options) client() *http.Client {
+	if o.DetectOpts != nil && o.DetectOpts.Client != nil {
+		return o.DetectOpts.Client
+	}
+	return nil
+}
+
+func (o *Options) validate() error {
+	if o == nil {
+		return errors.New("grpctransport: opts required to be non-nil")
+	}
+	if o.InternalOptions != nil && o.InternalOptions.SkipValidation {
+		return nil
+	}
+	hasCreds := o.Credentials != nil ||
+		(o.DetectOpts != nil && len(o.DetectOpts.CredentialsJSON) > 0) ||
+		(o.DetectOpts != nil && o.DetectOpts.CredentialsFile != "")
+	if o.DisableAuthentication && hasCreds {
+		return errors.New("grpctransport: DisableAuthentication is incompatible with options that set or detect credentials")
+	}
+	return nil
+}
+
+func (o *Options) resolveDetectOptions() *credentials.DetectOptions {
+	io := o.InternalOptions
+	// soft-clone these so we are not updating a ref the user holds and may reuse
+	do := transport.CloneDetectOptions(o.DetectOpts)
+
+	// If scoped JWTs are enabled user provided an aud, allow self-signed JWT.
+	if (io != nil && io.EnableJWTWithScope) || do.Audience != "" {
+		do.UseSelfSignedJWT = true
+	}
+	// Only default scopes if user did not also set an audience.
+	if len(do.Scopes) == 0 && do.Audience == "" && io != nil && len(io.DefaultScopes) > 0 {
+		do.Scopes = make([]string, len(io.DefaultScopes))
+		copy(do.Scopes, io.DefaultScopes)
+	}
+	if len(do.Scopes) == 0 && do.Audience == "" && io != nil {
+		do.Audience = o.InternalOptions.DefaultAudience
+	}
+	return do
+}
+
+// InternalOptions are only meant to be set by generated client code. These are
+// not meant to be set directly by consumers of this package. Configuration in
+// this type is considered EXPERIMENTAL and may be removed at any time in the
+// future without warning.
+type InternalOptions struct {
+	// EnableNonDefaultSAForDirectPath overrides the default requirement for
+	// using the default service account for DirectPath.
+	EnableNonDefaultSAForDirectPath bool
+	// EnableDirectPath overrides the default attempt to use DirectPath.
+	EnableDirectPath bool
+	// EnableDirectPathXds overrides the default DirectPath type. It is only
+	// valid when DirectPath is enabled.
+	EnableDirectPathXds bool
+	// EnableJWTWithScope specifies if scope can be used with self-signed JWT.
+	EnableJWTWithScope bool
+	// DefaultAudience specifies a default audience to be used as the audience
+	// field ("aud") for the JWT token authentication.
+	DefaultAudience string
+	// DefaultEndpointTemplate combined with UniverseDomain specifies
+	// the default endpoint.
+	DefaultEndpointTemplate string
+	// DefaultMTLSEndpoint specifies the default mTLS endpoint.
+	DefaultMTLSEndpoint string
+	// DefaultScopes specifies the default OAuth2 scopes to be used for a
+	// service.
+	DefaultScopes []string
+	// SkipValidation bypasses validation on Options. It should only be used
+	// internally for clients that needs more control over their transport.
+	SkipValidation bool
+}
+
+// Dial returns a GRPCClientConnPool that can be used to communicate with a
+// Google cloud service, configured with the provided [Options]. It
+// automatically appends Authorization metadata to all outgoing requests.
+func Dial(ctx context.Context, secure bool, opts *Options) (GRPCClientConnPool, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+	if opts.PoolSize <= 1 {
+		conn, err := dial(ctx, secure, opts)
+		if err != nil {
+			return nil, err
+		}
+		return &singleConnPool{conn}, nil
+	}
+	pool := &roundRobinConnPool{}
+	for i := 0; i < opts.PoolSize; i++ {
+		conn, err := dial(ctx, secure, opts)
+		if err != nil {
+			// ignore close error, if any
+			defer pool.Close()
+			return nil, err
+		}
+		pool.conns = append(pool.conns, conn)
+	}
+	return pool, nil
+}
+
+// return a GRPCClientConnPool if pool == 1 or else a pool of of them if >1
+func dial(ctx context.Context, secure bool, opts *Options) (*grpc.ClientConn, error) {
+	tOpts := &transport.Options{
+		Endpoint:       opts.Endpoint,
+		Client:         opts.client(),
+		UniverseDomain: opts.UniverseDomain,
+	}
+	if io := opts.InternalOptions; io != nil {
+		tOpts.DefaultEndpointTemplate = io.DefaultEndpointTemplate
+		tOpts.DefaultMTLSEndpoint = io.DefaultMTLSEndpoint
+		tOpts.EnableDirectPath = io.EnableDirectPath
+		tOpts.EnableDirectPathXds = io.EnableDirectPathXds
+	}
+	transportCreds, endpoint, err := transport.GetGRPCTransportCredsAndEndpoint(tOpts)
+	if err != nil {
+		return nil, err
+	}
+
+	if !secure {
+		transportCreds = grpcinsecure.NewCredentials()
+	}
+
+	// Initialize gRPC dial options with transport-level security options.
+	grpcOpts := []grpc.DialOption{
+		grpc.WithTransportCredentials(transportCreds),
+	}
+
+	// Authentication can only be sent when communicating over a secure connection.
+	if !opts.DisableAuthentication {
+		metadata := opts.Metadata
+
+		var creds *auth.Credentials
+		if opts.Credentials != nil {
+			creds = opts.Credentials
+		} else {
+			var err error
+			creds, err = credentials.DetectDefault(opts.resolveDetectOptions())
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		qp, err := creds.QuotaProjectID(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if qp != "" {
+			if metadata == nil {
+				metadata = make(map[string]string, 1)
+			}
+			metadata[quotaProjectHeaderKey] = qp
+		}
+		grpcOpts = append(grpcOpts,
+			grpc.WithPerRPCCredentials(&grpcCredentialsProvider{
+				creds:                creds,
+				metadata:             metadata,
+				clientUniverseDomain: opts.UniverseDomain,
+			}),
+		)
+
+		// Attempt Direct Path
+		grpcOpts, endpoint = configureDirectPath(grpcOpts, opts, endpoint, creds)
+	}
+
+	// Add tracing, but before the other options, so that clients can override the
+	// gRPC stats handler.
+	// This assumes that gRPC options are processed in order, left to right.
+	grpcOpts = addOCStatsHandler(grpcOpts, opts)
+	grpcOpts = append(grpcOpts, opts.GRPCDialOpts...)
+
+	return grpc.DialContext(ctx, endpoint, grpcOpts...)
+}
+
+// grpcCredentialsProvider satisfies https://pkg.go.dev/google.golang.org/grpc/credentials#PerRPCCredentials.
+type grpcCredentialsProvider struct {
+	creds *auth.Credentials
+
+	secure bool
+
+	// Additional metadata attached as headers.
+	metadata             map[string]string
+	clientUniverseDomain string
+}
+
+// getClientUniverseDomain returns the default service domain for a given Cloud universe.
+// The default value is "googleapis.com". This is the universe domain
+// configured for the client, which will be compared to the universe domain
+// that is separately configured for the credentials.
+func (c *grpcCredentialsProvider) getClientUniverseDomain() string {
+	if c.clientUniverseDomain == "" {
+		return internal.DefaultUniverseDomain
+	}
+	return c.clientUniverseDomain
+}
+
+func (c *grpcCredentialsProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+	credentialsUniverseDomain, err := c.creds.UniverseDomain(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if err := transport.ValidateUniverseDomain(c.getClientUniverseDomain(), credentialsUniverseDomain); err != nil {
+		return nil, err
+	}
+	token, err := c.creds.Token(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if c.secure {
+		ri, _ := grpccreds.RequestInfoFromContext(ctx)
+		if err = grpccreds.CheckSecurityLevel(ri.AuthInfo, grpccreds.PrivacyAndIntegrity); err != nil {
+			return nil, fmt.Errorf("unable to transfer credentials PerRPCCredentials: %v", err)
+		}
+	}
+	metadata := make(map[string]string, len(c.metadata)+1)
+	setAuthMetadata(token, metadata)
+	for k, v := range c.metadata {
+		metadata[k] = v
+	}
+	return metadata, nil
+}
+
+// setAuthMetadata uses the provided token to set the Authorization metadata.
+// If the token.Type is empty, the type is assumed to be Bearer.
+func setAuthMetadata(token *auth.Token, m map[string]string) {
+	typ := token.Type
+	if typ == "" {
+		typ = internal.TokenTypeBearer
+	}
+	m["authorization"] = typ + " " + token.Value
+}
+
+func (c *grpcCredentialsProvider) RequireTransportSecurity() bool {
+	return c.secure
+}
+
+func addOCStatsHandler(dialOpts []grpc.DialOption, opts *Options) []grpc.DialOption {
+	if opts.DisableTelemetry {
+		return dialOpts
+	}
+	return append(dialOpts, grpc.WithStatsHandler(&ocgrpc.ClientHandler{}))
+}

vendor/cloud.google.com/go/auth/grpctransport/pool.go

@@ -0,0 +1,119 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package grpctransport
+
+import (
+	"context"
+	"fmt"
+	"sync/atomic"
+
+	"google.golang.org/grpc"
+)
+
+// GRPCClientConnPool is an interface that satisfies
+// [google.golang.org/grpc.ClientConnInterface] and has some utility functions
+// that are needed for connection lifecycle when using in a client library. It
+// may be a pool or a single connection. This interface is not intended to, and
+// can't be, implemented by others.
+type GRPCClientConnPool interface {
+	// Connection returns a [google.golang.org/grpc.ClientConn] from the pool.
+	//
+	// ClientConn aren't returned to the pool and should not be closed directly.
+	Connection() *grpc.ClientConn
+
+	// Len returns the number of connections in the pool. It will always return
+	// the same value.
+	Len() int
+
+	// Close closes every ClientConn in the pool. The error returned by Close
+	// may be a single error or multiple errors.
+	Close() error
+
+	grpc.ClientConnInterface
+
+	// private ensure others outside this package can't implement this type
+	private()
+}
+
+// singleConnPool is a special case for a single connection.
+type singleConnPool struct {
+	*grpc.ClientConn
+}
+
+func (p *singleConnPool) Connection() *grpc.ClientConn { return p.ClientConn }
+func (p *singleConnPool) Len() int                     { return 1 }
+func (p *singleConnPool) private()                     {}
+
+type roundRobinConnPool struct {
+	conns []*grpc.ClientConn
+
+	idx uint32 // access via sync/atomic
+}
+
+func (p *roundRobinConnPool) Len() int {
+	return len(p.conns)
+}
+
+func (p *roundRobinConnPool) Connection() *grpc.ClientConn {
+	i := atomic.AddUint32(&p.idx, 1)
+	return p.conns[i%uint32(len(p.conns))]
+}
+
+func (p *roundRobinConnPool) Close() error {
+	var errs multiError
+	for _, conn := range p.conns {
+		if err := conn.Close(); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) == 0 {
+		return nil
+	}
+	return errs
+}
+
+func (p *roundRobinConnPool) Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...grpc.CallOption) error {
+	return p.Connection().Invoke(ctx, method, args, reply, opts...)
+}
+
+func (p *roundRobinConnPool) NewStream(ctx context.Context, desc *grpc.StreamDesc, method string, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+	return p.Connection().NewStream(ctx, desc, method, opts...)
+}
+
+func (p *roundRobinConnPool) private() {}
+
+// multiError represents errors from multiple conns in the group.
+type multiError []error
+
+func (m multiError) Error() string {
+	s, n := "", 0
+	for _, e := range m {
+		if e != nil {
+			if n == 0 {
+				s = e.Error()
+			}
+			n++
+		}
+	}
+	switch n {
+	case 0:
+		return "(0 errors)"
+	case 1:
+		return s
+	case 2:
+		return s + " (and 1 other error)"
+	}
+	return fmt.Sprintf("%s (and %d other errors)", s, n-1)
+}

vendor/cloud.google.com/go/auth/httptransport/httptransport.go

@@ -0,0 +1,215 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package httptransport
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"cloud.google.com/go/auth"
+	detect "cloud.google.com/go/auth/credentials"
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/transport"
+)
+
+// ClientCertProvider is a function that returns a TLS client certificate to be
+// used when opening TLS connections. It follows the same semantics as
+// [crypto/tls.Config.GetClientCertificate].
+type ClientCertProvider = func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
+
+// Options used to configure a [net/http.Client] from [NewClient].
+type Options struct {
+	// DisableTelemetry disables default telemetry (OpenTelemetry). An example
+	// reason to do so would be to bind custom telemetry that overrides the
+	// defaults.
+	DisableTelemetry bool
+	// DisableAuthentication specifies that no authentication should be used. It
+	// is suitable only for testing and for accessing public resources, like
+	// public Google Cloud Storage buckets.
+	DisableAuthentication bool
+	// Headers are extra HTTP headers that will be appended to every outgoing
+	// request.
+	Headers http.Header
+	// BaseRoundTripper overrides the base transport used for serving requests.
+	// If specified ClientCertProvider is ignored.
+	BaseRoundTripper http.RoundTripper
+	// Endpoint overrides the default endpoint to be used for a service.
+	Endpoint string
+	// APIKey specifies an API key to be used as the basis for authentication.
+	// If set DetectOpts are ignored.
+	APIKey string
+	// Credentials used to add Authorization header to all requests. If set
+	// DetectOpts are ignored.
+	Credentials *auth.Credentials
+	// ClientCertProvider is a function that returns a TLS client certificate to
+	// be used when opening TLS connections. It follows the same semantics as
+	// crypto/tls.Config.GetClientCertificate.
+	ClientCertProvider ClientCertProvider
+	// DetectOpts configures settings for detect Application Default
+	// Credentials.
+	DetectOpts *detect.DetectOptions
+	// UniverseDomain is the default service domain for a given Cloud universe.
+	// The default value is "googleapis.com". This is the universe domain
+	// configured for the client, which will be compared to the universe domain
+	// that is separately configured for the credentials.
+	UniverseDomain string
+
+	// InternalOptions are NOT meant to be set directly by consumers of this
+	// package, they should only be set by generated client code.
+	InternalOptions *InternalOptions
+}
+
+func (o *Options) validate() error {
+	if o == nil {
+		return errors.New("httptransport: opts required to be non-nil")
+	}
+	if o.InternalOptions != nil && o.InternalOptions.SkipValidation {
+		return nil
+	}
+	hasCreds := o.APIKey != "" ||
+		o.Credentials != nil ||
+		(o.DetectOpts != nil && len(o.DetectOpts.CredentialsJSON) > 0) ||
+		(o.DetectOpts != nil && o.DetectOpts.CredentialsFile != "")
+	if o.DisableAuthentication && hasCreds {
+		return errors.New("httptransport: DisableAuthentication is incompatible with options that set or detect credentials")
+	}
+	return nil
+}
+
+// client returns the client a user set for the detect options or nil if one was
+// not set.
+func (o *Options) client() *http.Client {
+	if o.DetectOpts != nil && o.DetectOpts.Client != nil {
+		return o.DetectOpts.Client
+	}
+	return nil
+}
+
+func (o *Options) resolveDetectOptions() *detect.DetectOptions {
+	io := o.InternalOptions
+	// soft-clone these so we are not updating a ref the user holds and may reuse
+	do := transport.CloneDetectOptions(o.DetectOpts)
+
+	// If scoped JWTs are enabled user provided an aud, allow self-signed JWT.
+	if (io != nil && io.EnableJWTWithScope) || do.Audience != "" {
+		do.UseSelfSignedJWT = true
+	}
+	// Only default scopes if user did not also set an audience.
+	if len(do.Scopes) == 0 && do.Audience == "" && io != nil && len(io.DefaultScopes) > 0 {
+		do.Scopes = make([]string, len(io.DefaultScopes))
+		copy(do.Scopes, io.DefaultScopes)
+	}
+	if len(do.Scopes) == 0 && do.Audience == "" && io != nil {
+		do.Audience = o.InternalOptions.DefaultAudience
+	}
+	return do
+}
+
+// InternalOptions are only meant to be set by generated client code. These are
+// not meant to be set directly by consumers of this package. Configuration in
+// this type is considered EXPERIMENTAL and may be removed at any time in the
+// future without warning.
+type InternalOptions struct {
+	// EnableJWTWithScope specifies if scope can be used with self-signed JWT.
+	EnableJWTWithScope bool
+	// DefaultAudience specifies a default audience to be used as the audience
+	// field ("aud") for the JWT token authentication.
+	DefaultAudience string
+	// DefaultEndpointTemplate combined with UniverseDomain specifies the
+	// default endpoint.
+	DefaultEndpointTemplate string
+	// DefaultMTLSEndpoint specifies the default mTLS endpoint.
+	DefaultMTLSEndpoint string
+	// DefaultScopes specifies the default OAuth2 scopes to be used for a
+	// service.
+	DefaultScopes []string
+	// SkipValidation bypasses validation on Options. It should only be used
+	// internally for clients that needs more control over their transport.
+	SkipValidation bool
+}
+
+// AddAuthorizationMiddleware adds a middleware to the provided client's
+// transport that sets the Authorization header with the value produced by the
+// provided [cloud.google.com/go/auth.Credentials]. An error is returned only
+// if client or creds is nil.
+func AddAuthorizationMiddleware(client *http.Client, creds *auth.Credentials) error {
+	if client == nil || creds == nil {
+		return fmt.Errorf("httptransport: client and tp must not be nil")
+	}
+	base := client.Transport
+	if base == nil {
+		if dt, ok := http.DefaultTransport.(*http.Transport); ok {
+			base = dt.Clone()
+		} else {
+			// Directly reuse the DefaultTransport if the application has
+			// replaced it with an implementation of RoundTripper other than
+			// http.Transport.
+			base = http.DefaultTransport
+		}
+	}
+	client.Transport = &authTransport{
+		creds: creds,
+		base:  base,
+		// TODO(quartzmo): Somehow set clientUniverseDomain from impersonate calls.
+	}
+	return nil
+}
+
+// NewClient returns a [net/http.Client] that can be used to communicate with a
+// Google cloud service, configured with the provided [Options]. It
+// automatically appends Authorization headers to all outgoing requests.
+func NewClient(opts *Options) (*http.Client, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+
+	tOpts := &transport.Options{
+		Endpoint:           opts.Endpoint,
+		ClientCertProvider: opts.ClientCertProvider,
+		Client:             opts.client(),
+		UniverseDomain:     opts.UniverseDomain,
+	}
+	if io := opts.InternalOptions; io != nil {
+		tOpts.DefaultEndpointTemplate = io.DefaultEndpointTemplate
+		tOpts.DefaultMTLSEndpoint = io.DefaultMTLSEndpoint
+	}
+	clientCertProvider, dialTLSContext, err := transport.GetHTTPTransportConfig(tOpts)
+	if err != nil {
+		return nil, err
+	}
+	baseRoundTripper := opts.BaseRoundTripper
+	if baseRoundTripper == nil {
+		baseRoundTripper = defaultBaseTransport(clientCertProvider, dialTLSContext)
+	}
+	trans, err := newTransport(baseRoundTripper, opts)
+	if err != nil {
+		return nil, err
+	}
+	return &http.Client{
+		Transport: trans,
+	}, nil
+}
+
+// SetAuthHeader uses the provided token to set the Authorization header on a
+// request. If the token.Type is empty, the type is assumed to be Bearer.
+func SetAuthHeader(token *auth.Token, req *http.Request) {
+	typ := token.Type
+	if typ == "" {
+		typ = internal.TokenTypeBearer
+	}
+	req.Header.Set("Authorization", typ+" "+token.Value)
+}

vendor/cloud.google.com/go/auth/httptransport/trace.go

@@ -0,0 +1,93 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package httptransport
+
+import (
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"go.opencensus.io/trace"
+	"go.opencensus.io/trace/propagation"
+)
+
+const (
+	httpHeaderMaxSize = 200
+	cloudTraceHeader  = `X-Cloud-Trace-Context`
+)
+
+// asserts the httpFormat fulfills this foreign interface
+var _ propagation.HTTPFormat = (*httpFormat)(nil)
+
+// httpFormat implements propagation.httpFormat to propagate
+// traces in HTTP headers for Google Cloud Platform and Cloud Trace.
+type httpFormat struct{}
+
+// SpanContextFromRequest extracts a Cloud Trace span context from incoming requests.
+func (f *httpFormat) SpanContextFromRequest(req *http.Request) (sc trace.SpanContext, ok bool) {
+	h := req.Header.Get(cloudTraceHeader)
+	// See https://cloud.google.com/trace/docs/faq for the header HTTPFormat.
+	// Return if the header is empty or missing, or if the header is unreasonably
+	// large, to avoid making unnecessary copies of a large string.
+	if h == "" || len(h) > httpHeaderMaxSize {
+		return trace.SpanContext{}, false
+	}
+
+	// Parse the trace id field.
+	slash := strings.Index(h, `/`)
+	if slash == -1 {
+		return trace.SpanContext{}, false
+	}
+	tid, h := h[:slash], h[slash+1:]
+
+	buf, err := hex.DecodeString(tid)
+	if err != nil {
+		return trace.SpanContext{}, false
+	}
+	copy(sc.TraceID[:], buf)
+
+	// Parse the span id field.
+	spanstr := h
+	semicolon := strings.Index(h, `;`)
+	if semicolon != -1 {
+		spanstr, h = h[:semicolon], h[semicolon+1:]
+	}
+	sid, err := strconv.ParseUint(spanstr, 10, 64)
+	if err != nil {
+		return trace.SpanContext{}, false
+	}
+	binary.BigEndian.PutUint64(sc.SpanID[:], sid)
+
+	// Parse the options field, options field is optional.
+	if !strings.HasPrefix(h, "o=") {
+		return sc, true
+	}
+	o, err := strconv.ParseUint(h[2:], 10, 32)
+	if err != nil {
+		return trace.SpanContext{}, false
+	}
+	sc.TraceOptions = trace.TraceOptions(o)
+	return sc, true
+}
+
+// SpanContextToRequest modifies the given request to include a Cloud Trace header.
+func (f *httpFormat) SpanContextToRequest(sc trace.SpanContext, req *http.Request) {
+	sid := binary.BigEndian.Uint64(sc.SpanID[:])
+	header := fmt.Sprintf("%s/%d;o=%d", hex.EncodeToString(sc.TraceID[:]), sid, int64(sc.TraceOptions))
+	req.Header.Set(cloudTraceHeader, header)
+}

vendor/cloud.google.com/go/auth/httptransport/transport.go

@@ -0,0 +1,211 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package httptransport
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+	"net/http"
+	"time"
+
+	"cloud.google.com/go/auth"
+	"cloud.google.com/go/auth/credentials"
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/transport"
+	"cloud.google.com/go/auth/internal/transport/cert"
+	"go.opencensus.io/plugin/ochttp"
+	"golang.org/x/net/http2"
+)
+
+const (
+	quotaProjectHeaderKey = "X-Goog-User-Project"
+)
+
+func newTransport(base http.RoundTripper, opts *Options) (http.RoundTripper, error) {
+	var headers = opts.Headers
+	ht := &headerTransport{
+		base:    base,
+		headers: headers,
+	}
+	var trans http.RoundTripper = ht
+	trans = addOCTransport(trans, opts)
+	switch {
+	case opts.DisableAuthentication:
+		// Do nothing.
+	case opts.APIKey != "":
+		qp := internal.GetQuotaProject(nil, opts.Headers.Get(quotaProjectHeaderKey))
+		if qp != "" {
+			if headers == nil {
+				headers = make(map[string][]string, 1)
+			}
+			headers.Set(quotaProjectHeaderKey, qp)
+		}
+		trans = &apiKeyTransport{
+			Transport: trans,
+			Key:       opts.APIKey,
+		}
+	default:
+		var creds *auth.Credentials
+		if opts.Credentials != nil {
+			creds = opts.Credentials
+		} else {
+			var err error
+			creds, err = credentials.DetectDefault(opts.resolveDetectOptions())
+			if err != nil {
+				return nil, err
+			}
+		}
+		qp, err := creds.QuotaProjectID(context.Background())
+		if err != nil {
+			return nil, err
+		}
+		if qp != "" {
+			if headers == nil {
+				headers = make(map[string][]string, 1)
+			}
+			headers.Set(quotaProjectHeaderKey, qp)
+		}
+		creds.TokenProvider = auth.NewCachedTokenProvider(creds.TokenProvider, nil)
+		trans = &authTransport{
+			base:                 trans,
+			creds:                creds,
+			clientUniverseDomain: opts.UniverseDomain,
+		}
+	}
+	return trans, nil
+}
+
+// defaultBaseTransport returns the base HTTP transport.
+// On App Engine, this is urlfetch.Transport.
+// Otherwise, use a default transport, taking most defaults from
+// http.DefaultTransport.
+// If TLSCertificate is available, set TLSClientConfig as well.
+func defaultBaseTransport(clientCertSource cert.Provider, dialTLSContext func(context.Context, string, string) (net.Conn, error)) http.RoundTripper {
+	trans := http.DefaultTransport.(*http.Transport).Clone()
+	trans.MaxIdleConnsPerHost = 100
+
+	if clientCertSource != nil {
+		trans.TLSClientConfig = &tls.Config{
+			GetClientCertificate: clientCertSource,
+		}
+	}
+	if dialTLSContext != nil {
+		// If DialTLSContext is set, TLSClientConfig wil be ignored
+		trans.DialTLSContext = dialTLSContext
+	}
+
+	// Configures the ReadIdleTimeout HTTP/2 option for the
+	// transport. This allows broken idle connections to be pruned more quickly,
+	// preventing the client from attempting to re-use connections that will no
+	// longer work.
+	http2Trans, err := http2.ConfigureTransports(trans)
+	if err == nil {
+		http2Trans.ReadIdleTimeout = time.Second * 31
+	}
+
+	return trans
+}
+
+type apiKeyTransport struct {
+	// Key is the API Key to set on requests.
+	Key string
+	// Transport is the underlying HTTP transport.
+	// If nil, http.DefaultTransport is used.
+	Transport http.RoundTripper
+}
+
+func (t *apiKeyTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	newReq := *req
+	args := newReq.URL.Query()
+	args.Set("key", t.Key)
+	newReq.URL.RawQuery = args.Encode()
+	return t.Transport.RoundTrip(&newReq)
+}
+
+type headerTransport struct {
+	headers http.Header
+	base    http.RoundTripper
+}
+
+func (t *headerTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	rt := t.base
+	newReq := *req
+	newReq.Header = make(http.Header)
+	for k, vv := range req.Header {
+		newReq.Header[k] = vv
+	}
+
+	for k, v := range t.headers {
+		newReq.Header[k] = v
+	}
+
+	return rt.RoundTrip(&newReq)
+}
+
+func addOCTransport(trans http.RoundTripper, opts *Options) http.RoundTripper {
+	if opts.DisableTelemetry {
+		return trans
+	}
+	return &ochttp.Transport{
+		Base:        trans,
+		Propagation: &httpFormat{},
+	}
+}
+
+type authTransport struct {
+	creds                *auth.Credentials
+	base                 http.RoundTripper
+	clientUniverseDomain string
+}
+
+// getClientUniverseDomain returns the universe domain configured for the client.
+// The default value is "googleapis.com".
+func (t *authTransport) getClientUniverseDomain() string {
+	if t.clientUniverseDomain == "" {
+		return internal.DefaultUniverseDomain
+	}
+	return t.clientUniverseDomain
+}
+
+// RoundTrip authorizes and authenticates the request with an
+// access token from Transport's Source. Per the RoundTripper contract we must
+// not modify the initial request, so we clone it, and we must close the body
+// on any errors that happens during our token logic.
+func (t *authTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	reqBodyClosed := false
+	if req.Body != nil {
+		defer func() {
+			if !reqBodyClosed {
+				req.Body.Close()
+			}
+		}()
+	}
+	credentialsUniverseDomain, err := t.creds.UniverseDomain(req.Context())
+	if err != nil {
+		return nil, err
+	}
+	if err := transport.ValidateUniverseDomain(t.getClientUniverseDomain(), credentialsUniverseDomain); err != nil {
+		return nil, err
+	}
+	token, err := t.creds.Token(req.Context())
+	if err != nil {
+		return nil, err
+	}
+	req2 := req.Clone(req.Context())
+	SetAuthHeader(token, req2)
+	reqBodyClosed = true
+	return t.base.RoundTrip(req2)
+}

vendor/cloud.google.com/go/auth/internal/credsfile/credsfile.go

@@ -0,0 +1,107 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package credsfile is meant to hide implementation details from the pubic
+// surface of the detect package. It should not import any other packages in
+// this module. It is located under the main internal package so other
+// sub-packages can use these parsed types as well.
+package credsfile
+
+import (
+	"os"
+	"os/user"
+	"path/filepath"
+	"runtime"
+)
+
+const (
+	// GoogleAppCredsEnvVar is the environment variable for setting the
+	// application default credentials.
+	GoogleAppCredsEnvVar = "GOOGLE_APPLICATION_CREDENTIALS"
+	userCredsFilename    = "application_default_credentials.json"
+)
+
+// CredentialType represents different credential filetypes Google credentials
+// can be.
+type CredentialType int
+
+const (
+	// UnknownCredType is an unidentified file type.
+	UnknownCredType CredentialType = iota
+	// UserCredentialsKey represents a user creds file type.
+	UserCredentialsKey
+	// ServiceAccountKey represents a service account file type.
+	ServiceAccountKey
+	// ImpersonatedServiceAccountKey represents a impersonated service account
+	// file type.
+	ImpersonatedServiceAccountKey
+	// ExternalAccountKey represents a external account file type.
+	ExternalAccountKey
+	// GDCHServiceAccountKey represents a GDCH file type.
+	GDCHServiceAccountKey
+	// ExternalAccountAuthorizedUserKey represents a external account authorized
+	// user file type.
+	ExternalAccountAuthorizedUserKey
+)
+
+// parseCredentialType returns the associated filetype based on the parsed
+// typeString provided.
+func parseCredentialType(typeString string) CredentialType {
+	switch typeString {
+	case "service_account":
+		return ServiceAccountKey
+	case "authorized_user":
+		return UserCredentialsKey
+	case "impersonated_service_account":
+		return ImpersonatedServiceAccountKey
+	case "external_account":
+		return ExternalAccountKey
+	case "external_account_authorized_user":
+		return ExternalAccountAuthorizedUserKey
+	case "gdch_service_account":
+		return GDCHServiceAccountKey
+	default:
+		return UnknownCredType
+	}
+}
+
+// GetFileNameFromEnv returns the override if provided or detects a filename
+// from the environment.
+func GetFileNameFromEnv(override string) string {
+	if override != "" {
+		return override
+	}
+	return os.Getenv(GoogleAppCredsEnvVar)
+}
+
+// GetWellKnownFileName tries to locate the filepath for the user credential
+// file based on the environment.
+func GetWellKnownFileName() string {
+	if runtime.GOOS == "windows" {
+		return filepath.Join(os.Getenv("APPDATA"), "gcloud", userCredsFilename)
+	}
+	return filepath.Join(guessUnixHomeDir(), ".config", "gcloud", userCredsFilename)
+}
+
+// guessUnixHomeDir default to checking for HOME, but not all unix systems have
+// this set, do have a fallback.
+func guessUnixHomeDir() string {
+	if v := os.Getenv("HOME"); v != "" {
+		return v
+	}
+	if u, err := user.Current(); err == nil {
+		return u.HomeDir
+	}
+	return ""
+}

vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go

@@ -0,0 +1,149 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credsfile
+
+import (
+	"encoding/json"
+)
+
+// Config3LO is the internals of a client creds file.
+type Config3LO struct {
+	ClientID     string   `json:"client_id"`
+	ClientSecret string   `json:"client_secret"`
+	RedirectURIs []string `json:"redirect_uris"`
+	AuthURI      string   `json:"auth_uri"`
+	TokenURI     string   `json:"token_uri"`
+}
+
+// ClientCredentialsFile representation.
+type ClientCredentialsFile struct {
+	Web            *Config3LO `json:"web"`
+	Installed      *Config3LO `json:"installed"`
+	UniverseDomain string     `json:"universe_domain"`
+}
+
+// ServiceAccountFile representation.
+type ServiceAccountFile struct {
+	Type           string `json:"type"`
+	ProjectID      string `json:"project_id"`
+	PrivateKeyID   string `json:"private_key_id"`
+	PrivateKey     string `json:"private_key"`
+	ClientEmail    string `json:"client_email"`
+	ClientID       string `json:"client_id"`
+	AuthURL        string `json:"auth_uri"`
+	TokenURL       string `json:"token_uri"`
+	UniverseDomain string `json:"universe_domain"`
+}
+
+// UserCredentialsFile representation.
+type UserCredentialsFile struct {
+	Type           string `json:"type"`
+	ClientID       string `json:"client_id"`
+	ClientSecret   string `json:"client_secret"`
+	QuotaProjectID string `json:"quota_project_id"`
+	RefreshToken   string `json:"refresh_token"`
+	UniverseDomain string `json:"universe_domain"`
+}
+
+// ExternalAccountFile representation.
+type ExternalAccountFile struct {
+	Type                           string                           `json:"type"`
+	ClientID                       string                           `json:"client_id"`
+	ClientSecret                   string                           `json:"client_secret"`
+	Audience                       string                           `json:"audience"`
+	SubjectTokenType               string                           `json:"subject_token_type"`
+	ServiceAccountImpersonationURL string                           `json:"service_account_impersonation_url"`
+	TokenURL                       string                           `json:"token_url"`
+	CredentialSource               *CredentialSource                `json:"credential_source,omitempty"`
+	TokenInfoURL                   string                           `json:"token_info_url"`
+	ServiceAccountImpersonation    *ServiceAccountImpersonationInfo `json:"service_account_impersonation,omitempty"`
+	QuotaProjectID                 string                           `json:"quota_project_id"`
+	WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
+	UniverseDomain                 string                           `json:"universe_domain"`
+}
+
+// ExternalAccountAuthorizedUserFile representation.
+type ExternalAccountAuthorizedUserFile struct {
+	Type           string `json:"type"`
+	Audience       string `json:"audience"`
+	ClientID       string `json:"client_id"`
+	ClientSecret   string `json:"client_secret"`
+	RefreshToken   string `json:"refresh_token"`
+	TokenURL       string `json:"token_url"`
+	TokenInfoURL   string `json:"token_info_url"`
+	RevokeURL      string `json:"revoke_url"`
+	QuotaProjectID string `json:"quota_project_id"`
+	UniverseDomain string `json:"universe_domain"`
+}
+
+// CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.
+//
+// One field amongst File, URL, and Executable should be filled, depending on the kind of credential in question.
+// The EnvironmentID should start with AWS if being used for an AWS credential.
+type CredentialSource struct {
+	File                        string            `json:"file"`
+	URL                         string            `json:"url"`
+	Headers                     map[string]string `json:"headers"`
+	Executable                  *ExecutableConfig `json:"executable,omitempty"`
+	EnvironmentID               string            `json:"environment_id"`
+	RegionURL                   string            `json:"region_url"`
+	RegionalCredVerificationURL string            `json:"regional_cred_verification_url"`
+	CredVerificationURL         string            `json:"cred_verification_url"`
+	IMDSv2SessionTokenURL       string            `json:"imdsv2_session_token_url"`
+	Format                      *Format           `json:"format,omitempty"`
+}
+
+// Format describes the format of a [CredentialSource].
+type Format struct {
+	// Type is either "text" or "json". When not provided "text" type is assumed.
+	Type string `json:"type"`
+	// SubjectTokenFieldName is only required for JSON format. This would be "access_token" for azure.
+	SubjectTokenFieldName string `json:"subject_token_field_name"`
+}
+
+// ExecutableConfig represents the command to run for an executable
+// [CredentialSource].
+type ExecutableConfig struct {
+	Command       string `json:"command"`
+	TimeoutMillis int    `json:"timeout_millis"`
+	OutputFile    string `json:"output_file"`
+}
+
+// ServiceAccountImpersonationInfo has impersonation configuration.
+type ServiceAccountImpersonationInfo struct {
+	TokenLifetimeSeconds int `json:"token_lifetime_seconds"`
+}
+
+// ImpersonatedServiceAccountFile representation.
+type ImpersonatedServiceAccountFile struct {
+	Type                           string          `json:"type"`
+	ServiceAccountImpersonationURL string          `json:"service_account_impersonation_url"`
+	Delegates                      []string        `json:"delegates"`
+	CredSource                     json.RawMessage `json:"source_credentials"`
+	UniverseDomain                 string          `json:"universe_domain"`
+}
+
+// GDCHServiceAccountFile represents the Google Distributed Cloud Hosted (GDCH) service identity file.
+type GDCHServiceAccountFile struct {
+	Type           string `json:"type"`
+	FormatVersion  string `json:"format_version"`
+	Project        string `json:"project"`
+	Name           string `json:"name"`
+	CertPath       string `json:"ca_cert_path"`
+	PrivateKeyID   string `json:"private_key_id"`
+	PrivateKey     string `json:"private_key"`
+	TokenURL       string `json:"token_uri"`
+	UniverseDomain string `json:"universe_domain"`
+}

vendor/cloud.google.com/go/auth/internal/credsfile/parse.go

@@ -0,0 +1,98 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credsfile
+
+import (
+	"encoding/json"
+)
+
+// ParseServiceAccount parses bytes into a [ServiceAccountFile].
+func ParseServiceAccount(b []byte) (*ServiceAccountFile, error) {
+	var f *ServiceAccountFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+// ParseClientCredentials parses bytes into a
+// [credsfile.ClientCredentialsFile].
+func ParseClientCredentials(b []byte) (*ClientCredentialsFile, error) {
+	var f *ClientCredentialsFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+// ParseUserCredentials parses bytes into a [UserCredentialsFile].
+func ParseUserCredentials(b []byte) (*UserCredentialsFile, error) {
+	var f *UserCredentialsFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+// ParseExternalAccount parses bytes into a [ExternalAccountFile].
+func ParseExternalAccount(b []byte) (*ExternalAccountFile, error) {
+	var f *ExternalAccountFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+// ParseExternalAccountAuthorizedUser parses bytes into a
+// [ExternalAccountAuthorizedUserFile].
+func ParseExternalAccountAuthorizedUser(b []byte) (*ExternalAccountAuthorizedUserFile, error) {
+	var f *ExternalAccountAuthorizedUserFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+// ParseImpersonatedServiceAccount parses bytes into a
+// [ImpersonatedServiceAccountFile].
+func ParseImpersonatedServiceAccount(b []byte) (*ImpersonatedServiceAccountFile, error) {
+	var f *ImpersonatedServiceAccountFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+// ParseGDCHServiceAccount parses bytes into a [GDCHServiceAccountFile].
+func ParseGDCHServiceAccount(b []byte) (*GDCHServiceAccountFile, error) {
+	var f *GDCHServiceAccountFile
+	if err := json.Unmarshal(b, &f); err != nil {
+		return nil, err
+	}
+	return f, nil
+}
+
+type fileTypeChecker struct {
+	Type string `json:"type"`
+}
+
+// ParseFileType determines the [CredentialType] based on bytes provided.
+func ParseFileType(b []byte) (CredentialType, error) {
+	var f fileTypeChecker
+	if err := json.Unmarshal(b, &f); err != nil {
+		return 0, err
+	}
+	return parseCredentialType(f.Type), nil
+}

vendor/cloud.google.com/go/auth/internal/internal.go

@@ -0,0 +1,184 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal
+
+import (
+	"context"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"sync"
+	"time"
+
+	"cloud.google.com/go/compute/metadata"
+)
+
+const (
+	// TokenTypeBearer is the auth header prefix for bearer tokens.
+	TokenTypeBearer = "Bearer"
+
+	// QuotaProjectEnvVar is the environment variable for setting the quota
+	// project.
+	QuotaProjectEnvVar = "GOOGLE_CLOUD_QUOTA_PROJECT"
+	projectEnvVar      = "GOOGLE_CLOUD_PROJECT"
+	maxBodySize        = 1 << 20
+
+	// DefaultUniverseDomain is the default value for universe domain.
+	// Universe domain is the default service domain for a given Cloud universe.
+	DefaultUniverseDomain = "googleapis.com"
+)
+
+// CloneDefaultClient returns a [http.Client] with some good defaults.
+func CloneDefaultClient() *http.Client {
+	return &http.Client{
+		Transport: http.DefaultTransport.(*http.Transport).Clone(),
+		Timeout:   30 * time.Second,
+	}
+}
+
+// ParseKey converts the binary contents of a private key file
+// to an *rsa.PrivateKey. It detects whether the private key is in a
+// PEM container or not. If so, it extracts the the private key
+// from PEM container before conversion. It only supports PEM
+// containers with no passphrase.
+func ParseKey(key []byte) (*rsa.PrivateKey, error) {
+	block, _ := pem.Decode(key)
+	if block != nil {
+		key = block.Bytes
+	}
+	parsedKey, err := x509.ParsePKCS8PrivateKey(key)
+	if err != nil {
+		parsedKey, err = x509.ParsePKCS1PrivateKey(key)
+		if err != nil {
+			return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8: %w", err)
+		}
+	}
+	parsed, ok := parsedKey.(*rsa.PrivateKey)
+	if !ok {
+		return nil, errors.New("private key is invalid")
+	}
+	return parsed, nil
+}
+
+// GetQuotaProject retrieves quota project with precedence being: override,
+// environment variable, creds json file.
+func GetQuotaProject(b []byte, override string) string {
+	if override != "" {
+		return override
+	}
+	if env := os.Getenv(QuotaProjectEnvVar); env != "" {
+		return env
+	}
+	if b == nil {
+		return ""
+	}
+	var v struct {
+		QuotaProject string `json:"quota_project_id"`
+	}
+	if err := json.Unmarshal(b, &v); err != nil {
+		return ""
+	}
+	return v.QuotaProject
+}
+
+// GetProjectID retrieves project with precedence being: override,
+// environment variable, creds json file.
+func GetProjectID(b []byte, override string) string {
+	if override != "" {
+		return override
+	}
+	if env := os.Getenv(projectEnvVar); env != "" {
+		return env
+	}
+	if b == nil {
+		return ""
+	}
+	var v struct {
+		ProjectID string `json:"project_id"` // standard service account key
+		Project   string `json:"project"`    // gdch key
+	}
+	if err := json.Unmarshal(b, &v); err != nil {
+		return ""
+	}
+	if v.ProjectID != "" {
+		return v.ProjectID
+	}
+	return v.Project
+}
+
+// ReadAll consumes the whole reader and safely reads the content of its body
+// with some overflow protection.
+func ReadAll(r io.Reader) ([]byte, error) {
+	return io.ReadAll(io.LimitReader(r, maxBodySize))
+}
+
+// StaticCredentialsProperty is a helper for creating static credentials
+// properties.
+func StaticCredentialsProperty(s string) StaticProperty {
+	return StaticProperty(s)
+}
+
+// StaticProperty always returns that value of the underlying string.
+type StaticProperty string
+
+// GetProperty loads the properly value provided the given context.
+func (p StaticProperty) GetProperty(context.Context) (string, error) {
+	return string(p), nil
+}
+
+// ComputeUniverseDomainProvider fetches the credentials universe domain from
+// the google cloud metadata service.
+type ComputeUniverseDomainProvider struct {
+	universeDomainOnce sync.Once
+	universeDomain     string
+	universeDomainErr  error
+}
+
+// GetProperty fetches the credentials universe domain from the google cloud
+// metadata service.
+func (c *ComputeUniverseDomainProvider) GetProperty(ctx context.Context) (string, error) {
+	c.universeDomainOnce.Do(func() {
+		c.universeDomain, c.universeDomainErr = getMetadataUniverseDomain(ctx)
+	})
+	if c.universeDomainErr != nil {
+		return "", c.universeDomainErr
+	}
+	return c.universeDomain, nil
+}
+
+// httpGetMetadataUniverseDomain is a package var for unit test substitution.
+var httpGetMetadataUniverseDomain = func(ctx context.Context) (string, error) {
+	client := metadata.NewClient(&http.Client{Timeout: time.Second})
+	// TODO(quartzmo): set ctx on request
+	return client.Get("universe/universe_domain")
+}
+
+func getMetadataUniverseDomain(ctx context.Context) (string, error) {
+	universeDomain, err := httpGetMetadataUniverseDomain(ctx)
+	if err == nil {
+		return universeDomain, nil
+	}
+	if _, ok := err.(metadata.NotDefinedError); ok {
+		// http.StatusNotFound (404)
+		return DefaultUniverseDomain, nil
+	}
+	return "", err
+}

vendor/cloud.google.com/go/auth/internal/jwt/jwt.go

@@ -0,0 +1,171 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package jwt
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+)
+
+const (
+	// HeaderAlgRSA256 is the RS256 [Header.Algorithm].
+	HeaderAlgRSA256 = "RS256"
+	// HeaderAlgES256 is the ES256 [Header.Algorithm].
+	HeaderAlgES256 = "ES256"
+	// HeaderType is the standard [Header.Type].
+	HeaderType = "JWT"
+)
+
+// Header represents a JWT header.
+type Header struct {
+	Algorithm string `json:"alg"`
+	Type      string `json:"typ"`
+	KeyID     string `json:"kid"`
+}
+
+func (h *Header) encode() (string, error) {
+	b, err := json.Marshal(h)
+	if err != nil {
+		return "", err
+	}
+	return base64.RawURLEncoding.EncodeToString(b), nil
+}
+
+// Claims represents the claims set of a JWT.
+type Claims struct {
+	// Iss is the issuer JWT claim.
+	Iss string `json:"iss"`
+	// Scope is the scope JWT claim.
+	Scope string `json:"scope,omitempty"`
+	// Exp is the expiry JWT claim. If unset, default is in one hour from now.
+	Exp int64 `json:"exp"`
+	// Iat is the subject issued at claim. If unset, default is now.
+	Iat int64 `json:"iat"`
+	// Aud is the audience JWT claim. Optional.
+	Aud string `json:"aud"`
+	// Sub is the subject JWT claim. Optional.
+	Sub string `json:"sub,omitempty"`
+	// AdditionalClaims contains any additional non-standard JWT claims. Optional.
+	AdditionalClaims map[string]interface{} `json:"-"`
+}
+
+func (c *Claims) encode() (string, error) {
+	// Compensate for skew
+	now := time.Now().Add(-10 * time.Second)
+	if c.Iat == 0 {
+		c.Iat = now.Unix()
+	}
+	if c.Exp == 0 {
+		c.Exp = now.Add(time.Hour).Unix()
+	}
+	if c.Exp < c.Iat {
+		return "", fmt.Errorf("jwt: invalid Exp = %d; must be later than Iat = %d", c.Exp, c.Iat)
+	}
+
+	b, err := json.Marshal(c)
+	if err != nil {
+		return "", err
+	}
+
+	if len(c.AdditionalClaims) == 0 {
+		return base64.RawURLEncoding.EncodeToString(b), nil
+	}
+
+	// Marshal private claim set and then append it to b.
+	prv, err := json.Marshal(c.AdditionalClaims)
+	if err != nil {
+		return "", fmt.Errorf("invalid map of additional claims %v: %w", c.AdditionalClaims, err)
+	}
+
+	// Concatenate public and private claim JSON objects.
+	if !bytes.HasSuffix(b, []byte{'}'}) {
+		return "", fmt.Errorf("invalid JSON %s", b)
+	}
+	if !bytes.HasPrefix(prv, []byte{'{'}) {
+		return "", fmt.Errorf("invalid JSON %s", prv)
+	}
+	b[len(b)-1] = ','         // Replace closing curly brace with a comma.
+	b = append(b, prv[1:]...) // Append private claims.
+	return base64.RawURLEncoding.EncodeToString(b), nil
+}
+
+// EncodeJWS encodes the data using the provided key as a JSON web signature.
+func EncodeJWS(header *Header, c *Claims, key *rsa.PrivateKey) (string, error) {
+	head, err := header.encode()
+	if err != nil {
+		return "", err
+	}
+	claims, err := c.encode()
+	if err != nil {
+		return "", err
+	}
+	ss := fmt.Sprintf("%s.%s", head, claims)
+	h := sha256.New()
+	h.Write([]byte(ss))
+	sig, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, h.Sum(nil))
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%s.%s", ss, base64.RawURLEncoding.EncodeToString(sig)), nil
+}
+
+// DecodeJWS decodes a claim set from a JWS payload.
+func DecodeJWS(payload string) (*Claims, error) {
+	// decode returned id token to get expiry
+	s := strings.Split(payload, ".")
+	if len(s) < 2 {
+		return nil, errors.New("invalid token received")
+	}
+	decoded, err := base64.RawURLEncoding.DecodeString(s[1])
+	if err != nil {
+		return nil, err
+	}
+	c := &Claims{}
+	if err := json.NewDecoder(bytes.NewBuffer(decoded)).Decode(c); err != nil {
+		return nil, err
+	}
+	if err := json.NewDecoder(bytes.NewBuffer(decoded)).Decode(&c.AdditionalClaims); err != nil {
+		return nil, err
+	}
+	return c, err
+}
+
+// VerifyJWS tests whether the provided JWT token's signature was produced by
+// the private key associated with the provided public key.
+func VerifyJWS(token string, key *rsa.PublicKey) error {
+	parts := strings.Split(token, ".")
+	if len(parts) != 3 {
+		return errors.New("jwt: invalid token received, token must have 3 parts")
+	}
+
+	signedContent := parts[0] + "." + parts[1]
+	signatureString, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return err
+	}
+
+	h := sha256.New()
+	h.Write([]byte(signedContent))
+	return rsa.VerifyPKCS1v15(key, crypto.SHA256, h.Sum(nil), signatureString)
+}

vendor/cloud.google.com/go/auth/internal/transport/cba.go

@@ -0,0 +1,298 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+
+	"cloud.google.com/go/auth/internal"
+	"cloud.google.com/go/auth/internal/transport/cert"
+	"github.com/google/s2a-go"
+	"github.com/google/s2a-go/fallback"
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	mTLSModeAlways = "always"
+	mTLSModeNever  = "never"
+	mTLSModeAuto   = "auto"
+
+	// Experimental: if true, the code will try MTLS with S2A as the default for transport security. Default value is false.
+	googleAPIUseS2AEnv     = "EXPERIMENTAL_GOOGLE_API_USE_S2A"
+	googleAPIUseCertSource = "GOOGLE_API_USE_CLIENT_CERTIFICATE"
+	googleAPIUseMTLS       = "GOOGLE_API_USE_MTLS_ENDPOINT"
+	googleAPIUseMTLSOld    = "GOOGLE_API_USE_MTLS"
+
+	universeDomainPlaceholder = "UNIVERSE_DOMAIN"
+)
+
+var (
+	mdsMTLSAutoConfigSource     mtlsConfigSource
+	errUniverseNotSupportedMTLS = errors.New("mTLS is not supported in any universe other than googleapis.com")
+)
+
+// Options is a struct that is duplicated information from the individual
+// transport packages in order to avoid cyclic deps. It correlates 1:1 with
+// fields on httptransport.Options and grpctransport.Options.
+type Options struct {
+	Endpoint                string
+	DefaultMTLSEndpoint     string
+	DefaultEndpointTemplate string
+	ClientCertProvider      cert.Provider
+	Client                  *http.Client
+	UniverseDomain          string
+	EnableDirectPath        bool
+	EnableDirectPathXds     bool
+}
+
+// getUniverseDomain returns the default service domain for a given Cloud
+// universe.
+func (o *Options) getUniverseDomain() string {
+	if o.UniverseDomain == "" {
+		return internal.DefaultUniverseDomain
+	}
+	return o.UniverseDomain
+}
+
+// isUniverseDomainGDU returns true if the universe domain is the default Google
+// universe.
+func (o *Options) isUniverseDomainGDU() bool {
+	return o.getUniverseDomain() == internal.DefaultUniverseDomain
+}
+
+// defaultEndpoint returns the DefaultEndpointTemplate merged with the
+// universe domain if the DefaultEndpointTemplate is set, otherwise returns an
+// empty string.
+func (o *Options) defaultEndpoint() string {
+	if o.DefaultEndpointTemplate == "" {
+		return ""
+	}
+	return strings.Replace(o.DefaultEndpointTemplate, universeDomainPlaceholder, o.getUniverseDomain(), 1)
+}
+
+// mergedEndpoint merges a user-provided Endpoint of format host[:port] with the
+// default endpoint.
+func (o *Options) mergedEndpoint() (string, error) {
+	defaultEndpoint := o.defaultEndpoint()
+	u, err := url.Parse(fixScheme(defaultEndpoint))
+	if err != nil {
+		return "", err
+	}
+	return strings.Replace(defaultEndpoint, u.Host, o.Endpoint, 1), nil
+}
+
+func fixScheme(baseURL string) string {
+	if !strings.Contains(baseURL, "://") {
+		baseURL = "https://" + baseURL
+	}
+	return baseURL
+}
+
+// GetGRPCTransportCredsAndEndpoint returns an instance of
+// [google.golang.org/grpc/credentials.TransportCredentials], and the
+// corresponding endpoint to use for GRPC client.
+func GetGRPCTransportCredsAndEndpoint(opts *Options) (credentials.TransportCredentials, string, error) {
+	config, err := getTransportConfig(opts)
+	if err != nil {
+		return nil, "", err
+	}
+
+	defaultTransportCreds := credentials.NewTLS(&tls.Config{
+		GetClientCertificate: config.clientCertSource,
+	})
+	if config.s2aAddress == "" {
+		return defaultTransportCreds, config.endpoint, nil
+	}
+
+	var fallbackOpts *s2a.FallbackOptions
+	// In case of S2A failure, fall back to the endpoint that would've been used without S2A.
+	if fallbackHandshake, err := fallback.DefaultFallbackClientHandshakeFunc(config.endpoint); err == nil {
+		fallbackOpts = &s2a.FallbackOptions{
+			FallbackClientHandshakeFunc: fallbackHandshake,
+		}
+	}
+
+	s2aTransportCreds, err := s2a.NewClientCreds(&s2a.ClientOptions{
+		S2AAddress:   config.s2aAddress,
+		FallbackOpts: fallbackOpts,
+	})
+	if err != nil {
+		// Use default if we cannot initialize S2A client transport credentials.
+		return defaultTransportCreds, config.endpoint, nil
+	}
+	return s2aTransportCreds, config.s2aMTLSEndpoint, nil
+}
+
+// GetHTTPTransportConfig returns a client certificate source and a function for
+// dialing MTLS with S2A.
+func GetHTTPTransportConfig(opts *Options) (cert.Provider, func(context.Context, string, string) (net.Conn, error), error) {
+	config, err := getTransportConfig(opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if config.s2aAddress == "" {
+		return config.clientCertSource, nil, nil
+	}
+
+	var fallbackOpts *s2a.FallbackOptions
+	// In case of S2A failure, fall back to the endpoint that would've been used without S2A.
+	if fallbackURL, err := url.Parse(config.endpoint); err == nil {
+		if fallbackDialer, fallbackServerAddr, err := fallback.DefaultFallbackDialerAndAddress(fallbackURL.Hostname()); err == nil {
+			fallbackOpts = &s2a.FallbackOptions{
+				FallbackDialer: &s2a.FallbackDialer{
+					Dialer:     fallbackDialer,
+					ServerAddr: fallbackServerAddr,
+				},
+			}
+		}
+	}
+
+	dialTLSContextFunc := s2a.NewS2ADialTLSContextFunc(&s2a.ClientOptions{
+		S2AAddress:   config.s2aAddress,
+		FallbackOpts: fallbackOpts,
+	})
+	return nil, dialTLSContextFunc, nil
+}
+
+func getTransportConfig(opts *Options) (*transportConfig, error) {
+	clientCertSource, err := getClientCertificateSource(opts)
+	if err != nil {
+		return nil, err
+	}
+	endpoint, err := getEndpoint(opts, clientCertSource)
+	if err != nil {
+		return nil, err
+	}
+	defaultTransportConfig := transportConfig{
+		clientCertSource: clientCertSource,
+		endpoint:         endpoint,
+	}
+
+	if !shouldUseS2A(clientCertSource, opts) {
+		return &defaultTransportConfig, nil
+	}
+	if !opts.isUniverseDomainGDU() {
+		return nil, errUniverseNotSupportedMTLS
+	}
+
+	s2aMTLSEndpoint := opts.DefaultMTLSEndpoint
+
+	s2aAddress := GetS2AAddress()
+	if s2aAddress == "" {
+		return &defaultTransportConfig, nil
+	}
+	return &transportConfig{
+		clientCertSource: clientCertSource,
+		endpoint:         endpoint,
+		s2aAddress:       s2aAddress,
+		s2aMTLSEndpoint:  s2aMTLSEndpoint,
+	}, nil
+}
+
+// getClientCertificateSource returns a default client certificate source, if
+// not provided by the user.
+//
+// A nil default source can be returned if the source does not exist. Any exceptions
+// encountered while initializing the default source will be reported as client
+// error (ex. corrupt metadata file).
+func getClientCertificateSource(opts *Options) (cert.Provider, error) {
+	if !isClientCertificateEnabled(opts) {
+		return nil, nil
+	} else if opts.ClientCertProvider != nil {
+		return opts.ClientCertProvider, nil
+	}
+	return cert.DefaultProvider()
+
+}
+
+// isClientCertificateEnabled returns true by default for all GDU universe domain, unless explicitly overridden by env var
+func isClientCertificateEnabled(opts *Options) bool {
+	if value, ok := os.LookupEnv(googleAPIUseCertSource); ok {
+		// error as false is OK
+		b, _ := strconv.ParseBool(value)
+		return b
+	}
+	return opts.isUniverseDomainGDU()
+}
+
+type transportConfig struct {
+	// The client certificate source.
+	clientCertSource cert.Provider
+	// The corresponding endpoint to use based on client certificate source.
+	endpoint string
+	// The S2A address if it can be used, otherwise an empty string.
+	s2aAddress string
+	// The MTLS endpoint to use with S2A.
+	s2aMTLSEndpoint string
+}
+
+// getEndpoint returns the endpoint for the service, taking into account the
+// user-provided endpoint override "settings.Endpoint".
+//
+// If no endpoint override is specified, we will either return the default endpoint or
+// the default mTLS endpoint if a client certificate is available.
+//
+// You can override the default endpoint choice (mtls vs. regular) by setting the
+// GOOGLE_API_USE_MTLS_ENDPOINT environment variable.
+//
+// If the endpoint override is an address (host:port) rather than full base
+// URL (ex. https://...), then the user-provided address will be merged into
+// the default endpoint. For example, WithEndpoint("myhost:8000") and
+// DefaultEndpointTemplate("https://UNIVERSE_DOMAIN/bar/baz") will return "https://myhost:8080/bar/baz"
+func getEndpoint(opts *Options, clientCertSource cert.Provider) (string, error) {
+	if opts.Endpoint == "" {
+		mtlsMode := getMTLSMode()
+		if mtlsMode == mTLSModeAlways || (clientCertSource != nil && mtlsMode == mTLSModeAuto) {
+			if !opts.isUniverseDomainGDU() {
+				return "", errUniverseNotSupportedMTLS
+			}
+			return opts.DefaultMTLSEndpoint, nil
+		}
+		return opts.defaultEndpoint(), nil
+	}
+	if strings.Contains(opts.Endpoint, "://") {
+		// User passed in a full URL path, use it verbatim.
+		return opts.Endpoint, nil
+	}
+	if opts.defaultEndpoint() == "" {
+		// If DefaultEndpointTemplate is not configured,
+		// use the user provided endpoint verbatim. This allows a naked
+		// "host[:port]" URL to be used with GRPC Direct Path.
+		return opts.Endpoint, nil
+	}
+
+	// Assume user-provided endpoint is host[:port], merge it with the default endpoint.
+	return opts.mergedEndpoint()
+}
+
+func getMTLSMode() string {
+	mode := os.Getenv(googleAPIUseMTLS)
+	if mode == "" {
+		mode = os.Getenv(googleAPIUseMTLSOld) // Deprecated.
+	}
+	if mode == "" {
+		return mTLSModeAuto
+	}
+	return strings.ToLower(mode)
+}

vendor/cloud.google.com/go/auth/internal/transport/cert/default_cert.go

@@ -0,0 +1,62 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cert
+
+import (
+	"crypto/tls"
+	"errors"
+	"sync"
+)
+
+// defaultCertData holds all the variables pertaining to
+// the default certificate provider created by [DefaultProvider].
+//
+// A singleton model is used to allow the provider to be reused
+// by the transport layer. As mentioned in [DefaultProvider] (provider nil, nil)
+// may be returned to indicate a default provider could not be found, which
+// will skip extra tls config in the transport layer .
+type defaultCertData struct {
+	once     sync.Once
+	provider Provider
+	err      error
+}
+
+var (
+	defaultCert defaultCertData
+)
+
+// Provider is a function that can be passed into crypto/tls.Config.GetClientCertificate.
+type Provider func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
+
+// errSourceUnavailable is a sentinel error to indicate certificate source is unavailable.
+var errSourceUnavailable = errors.New("certificate source is unavailable")
+
+// DefaultProvider returns a certificate source using the preferred EnterpriseCertificateProxySource.
+// If EnterpriseCertificateProxySource is not available, fall back to the legacy SecureConnectSource.
+//
+// If neither source is available (due to missing configurations), a nil Source and a nil Error are
+// returned to indicate that a default certificate source is unavailable.
+func DefaultProvider() (Provider, error) {
+	defaultCert.once.Do(func() {
+		defaultCert.provider, defaultCert.err = NewEnterpriseCertificateProxyProvider("")
+		if errors.Is(defaultCert.err, errSourceUnavailable) {
+			defaultCert.provider, defaultCert.err = NewSecureConnectProvider("")
+			if errors.Is(defaultCert.err, errSourceUnavailable) {
+				defaultCert.provider, defaultCert.err = nil, nil
+			}
+		}
+	})
+	return defaultCert.provider, defaultCert.err
+}

vendor/cloud.google.com/go/auth/internal/transport/cert/enterprise_cert.go

@@ -0,0 +1,56 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cert
+
+import (
+	"crypto/tls"
+	"errors"
+
+	"github.com/googleapis/enterprise-certificate-proxy/client"
+)
+
+type ecpSource struct {
+	key *client.Key
+}
+
+// NewEnterpriseCertificateProxyProvider creates a certificate source
+// using the Enterprise Certificate Proxy client, which delegates
+// certifcate related operations to an OS-specific "signer binary"
+// that communicates with the native keystore (ex. keychain on MacOS).
+//
+// The configFilePath points to a config file containing relevant parameters
+// such as the certificate issuer and the location of the signer binary.
+// If configFilePath is empty, the client will attempt to load the config from
+// a well-known gcloud location.
+func NewEnterpriseCertificateProxyProvider(configFilePath string) (Provider, error) {
+	key, err := client.Cred(configFilePath)
+	if err != nil {
+		if errors.Is(err, client.ErrCredUnavailable) {
+			return nil, errSourceUnavailable
+		}
+		return nil, err
+	}
+
+	return (&ecpSource{
+		key: key,
+	}).getClientCertificate, nil
+}
+
+func (s *ecpSource) getClientCertificate(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
+	var cert tls.Certificate
+	cert.PrivateKey = s.key
+	cert.Certificate = s.key.CertificateChain()
+	return &cert, nil
+}

vendor/cloud.google.com/go/auth/internal/transport/cert/secureconnect_cert.go

@@ -0,0 +1,124 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cert
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"os/user"
+	"path/filepath"
+	"sync"
+	"time"
+)
+
+const (
+	metadataPath = ".secureConnect"
+	metadataFile = "context_aware_metadata.json"
+)
+
+type secureConnectSource struct {
+	metadata secureConnectMetadata
+
+	// Cache the cert to avoid executing helper command repeatedly.
+	cachedCertMutex sync.Mutex
+	cachedCert      *tls.Certificate
+}
+
+type secureConnectMetadata struct {
+	Cmd []string `json:"cert_provider_command"`
+}
+
+// NewSecureConnectProvider creates a certificate source using
+// the Secure Connect Helper and its associated metadata file.
+//
+// The configFilePath points to the location of the context aware metadata file.
+// If configFilePath is empty, use the default context aware metadata location.
+func NewSecureConnectProvider(configFilePath string) (Provider, error) {
+	if configFilePath == "" {
+		user, err := user.Current()
+		if err != nil {
+			// Error locating the default config means Secure Connect is not supported.
+			return nil, errSourceUnavailable
+		}
+		configFilePath = filepath.Join(user.HomeDir, metadataPath, metadataFile)
+	}
+
+	file, err := os.ReadFile(configFilePath)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			// Config file missing means Secure Connect is not supported.
+			return nil, errSourceUnavailable
+		}
+		return nil, err
+	}
+
+	var metadata secureConnectMetadata
+	if err := json.Unmarshal(file, &metadata); err != nil {
+		return nil, fmt.Errorf("cert: could not parse JSON in %q: %w", configFilePath, err)
+	}
+	if err := validateMetadata(metadata); err != nil {
+		return nil, fmt.Errorf("cert: invalid config in %q: %w", configFilePath, err)
+	}
+	return (&secureConnectSource{
+		metadata: metadata,
+	}).getClientCertificate, nil
+}
+
+func validateMetadata(metadata secureConnectMetadata) error {
+	if len(metadata.Cmd) == 0 {
+		return errors.New("empty cert_provider_command")
+	}
+	return nil
+}
+
+func (s *secureConnectSource) getClientCertificate(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
+	s.cachedCertMutex.Lock()
+	defer s.cachedCertMutex.Unlock()
+	if s.cachedCert != nil && !isCertificateExpired(s.cachedCert) {
+		return s.cachedCert, nil
+	}
+	// Expand OS environment variables in the cert provider command such as "$HOME".
+	for i := 0; i < len(s.metadata.Cmd); i++ {
+		s.metadata.Cmd[i] = os.ExpandEnv(s.metadata.Cmd[i])
+	}
+	command := s.metadata.Cmd
+	data, err := exec.Command(command[0], command[1:]...).Output()
+	if err != nil {
+		return nil, err
+	}
+	cert, err := tls.X509KeyPair(data, data)
+	if err != nil {
+		return nil, err
+	}
+	s.cachedCert = &cert
+	return &cert, nil
+}
+
+// isCertificateExpired returns true if the given cert is expired or invalid.
+func isCertificateExpired(cert *tls.Certificate) bool {
+	if len(cert.Certificate) == 0 {
+		return true
+	}
+	parsed, err := x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		return true
+	}
+	return time.Now().After(parsed.NotAfter)
+}

vendor/cloud.google.com/go/auth/internal/transport/cert/workload_cert.go

@@ -0,0 +1,117 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cert
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	"io"
+	"os"
+
+	"github.com/googleapis/enterprise-certificate-proxy/client/util"
+)
+
+type certConfigs struct {
+	Workload *workloadSource `json:"workload"`
+}
+
+type workloadSource struct {
+	CertPath string `json:"cert_path"`
+	KeyPath  string `json:"key_path"`
+}
+
+type certificateConfig struct {
+	CertConfigs certConfigs `json:"cert_configs"`
+}
+
+// NewWorkloadX509CertProvider creates a certificate source
+// that reads a certificate and private key file from the local file system.
+// This is intended to be used for workload identity federation.
+//
+// The configFilePath points to a config file containing relevant parameters
+// such as the certificate and key file paths.
+// If configFilePath is empty, the client will attempt to load the config from
+// a well-known gcloud location.
+func NewWorkloadX509CertProvider(configFilePath string) (Provider, error) {
+	if configFilePath == "" {
+		envFilePath := util.GetConfigFilePathFromEnv()
+		if envFilePath != "" {
+			configFilePath = envFilePath
+		} else {
+			configFilePath = util.GetDefaultConfigFilePath()
+		}
+	}
+
+	certFile, keyFile, err := getCertAndKeyFiles(configFilePath)
+	if err != nil {
+		return nil, err
+	}
+
+	source := &workloadSource{
+		CertPath: certFile,
+		KeyPath:  keyFile,
+	}
+	return source.getClientCertificate, nil
+}
+
+// getClientCertificate attempts to load the certificate and key from the files specified in the
+// certificate config.
+func (s *workloadSource) getClientCertificate(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
+	cert, err := tls.LoadX509KeyPair(s.CertPath, s.KeyPath)
+	if err != nil {
+		return nil, err
+	}
+	return &cert, nil
+}
+
+// getCertAndKeyFiles attempts to read the provided config file and return the certificate and private
+// key file paths.
+func getCertAndKeyFiles(configFilePath string) (string, string, error) {
+	jsonFile, err := os.Open(configFilePath)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return "", "", errSourceUnavailable
+		}
+		return "", "", err
+	}
+
+	byteValue, err := io.ReadAll(jsonFile)
+	if err != nil {
+		return "", "", err
+	}
+
+	var config certificateConfig
+	if err := json.Unmarshal(byteValue, &config); err != nil {
+		return "", "", err
+	}
+
+	if config.CertConfigs.Workload == nil {
+		return "", "", errors.New("no Workload Identity Federation certificate information found in the certificate configuration file")
+	}
+
+	certFile := config.CertConfigs.Workload.CertPath
+	keyFile := config.CertConfigs.Workload.KeyPath
+
+	if certFile == "" {
+		return "", "", errors.New("certificate configuration is missing the certificate file location")
+	}
+
+	if keyFile == "" {
+		return "", "", errors.New("certificate configuration is missing the key file location")
+	}
+
+	return certFile, keyFile, nil
+}

vendor/cloud.google.com/go/auth/internal/transport/s2a.go

@@ -0,0 +1,180 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"encoding/json"
+	"log"
+	"os"
+	"strconv"
+	"sync"
+	"time"
+
+	"cloud.google.com/go/auth/internal/transport/cert"
+	"cloud.google.com/go/compute/metadata"
+)
+
+const (
+	configEndpointSuffix = "instance/platform-security/auto-mtls-configuration"
+)
+
+var (
+	// The period an MTLS config can be reused before needing refresh.
+	configExpiry = time.Hour
+
+	// mdsMTLSAutoConfigSource is an instance of reuseMTLSConfigSource, with metadataMTLSAutoConfig as its config source.
+	mtlsOnce sync.Once
+)
+
+// GetS2AAddress returns the S2A address to be reached via plaintext connection.
+// Returns empty string if not set or invalid.
+func GetS2AAddress() string {
+	c, err := getMetadataMTLSAutoConfig().Config()
+	if err != nil {
+		return ""
+	}
+	if !c.Valid() {
+		return ""
+	}
+	return c.S2A.PlaintextAddress
+}
+
+type mtlsConfigSource interface {
+	Config() (*mtlsConfig, error)
+}
+
+// mtlsConfig contains the configuration for establishing MTLS connections with Google APIs.
+type mtlsConfig struct {
+	S2A    *s2aAddresses `json:"s2a"`
+	Expiry time.Time
+}
+
+func (c *mtlsConfig) Valid() bool {
+	return c != nil && c.S2A != nil && !c.expired()
+}
+func (c *mtlsConfig) expired() bool {
+	return c.Expiry.Before(time.Now())
+}
+
+// s2aAddresses contains the plaintext and/or MTLS S2A addresses.
+type s2aAddresses struct {
+	// PlaintextAddress is the plaintext address to reach S2A
+	PlaintextAddress string `json:"plaintext_address"`
+	// MTLSAddress is the MTLS address to reach S2A
+	MTLSAddress string `json:"mtls_address"`
+}
+
+// getMetadataMTLSAutoConfig returns mdsMTLSAutoConfigSource, which is backed by config from MDS with auto-refresh.
+func getMetadataMTLSAutoConfig() mtlsConfigSource {
+	mtlsOnce.Do(func() {
+		mdsMTLSAutoConfigSource = &reuseMTLSConfigSource{
+			src: &metadataMTLSAutoConfig{},
+		}
+	})
+	return mdsMTLSAutoConfigSource
+}
+
+// reuseMTLSConfigSource caches a valid version of mtlsConfig, and uses `src` to refresh upon config expiry.
+// It implements the mtlsConfigSource interface, so calling Config() on it returns an mtlsConfig.
+type reuseMTLSConfigSource struct {
+	src    mtlsConfigSource // src.Config() is called when config is expired
+	mu     sync.Mutex       // mutex guards config
+	config *mtlsConfig      // cached config
+}
+
+func (cs *reuseMTLSConfigSource) Config() (*mtlsConfig, error) {
+	cs.mu.Lock()
+	defer cs.mu.Unlock()
+
+	if cs.config.Valid() {
+		return cs.config, nil
+	}
+	c, err := cs.src.Config()
+	if err != nil {
+		return nil, err
+	}
+	cs.config = c
+	return c, nil
+}
+
+// metadataMTLSAutoConfig is an implementation of the interface mtlsConfigSource
+// It has the logic to query MDS and return an mtlsConfig
+type metadataMTLSAutoConfig struct{}
+
+var httpGetMetadataMTLSConfig = func() (string, error) {
+	return metadata.Get(configEndpointSuffix)
+}
+
+func (cs *metadataMTLSAutoConfig) Config() (*mtlsConfig, error) {
+	resp, err := httpGetMetadataMTLSConfig()
+	if err != nil {
+		log.Printf("querying MTLS config from MDS endpoint failed: %v", err)
+		return defaultMTLSConfig(), nil
+	}
+	var config mtlsConfig
+	err = json.Unmarshal([]byte(resp), &config)
+	if err != nil {
+		log.Printf("unmarshalling MTLS config from MDS endpoint failed: %v", err)
+		return defaultMTLSConfig(), nil
+	}
+
+	if config.S2A == nil {
+		log.Printf("returned MTLS config from MDS endpoint is invalid: %v", config)
+		return defaultMTLSConfig(), nil
+	}
+
+	// set new expiry
+	config.Expiry = time.Now().Add(configExpiry)
+	return &config, nil
+}
+
+func defaultMTLSConfig() *mtlsConfig {
+	return &mtlsConfig{
+		S2A: &s2aAddresses{
+			PlaintextAddress: "",
+			MTLSAddress:      "",
+		},
+		Expiry: time.Now().Add(configExpiry),
+	}
+}
+
+func shouldUseS2A(clientCertSource cert.Provider, opts *Options) bool {
+	// If client cert is found, use that over S2A.
+	if clientCertSource != nil {
+		return false
+	}
+	// If EXPERIMENTAL_GOOGLE_API_USE_S2A is not set to true, skip S2A.
+	if !isGoogleS2AEnabled() {
+		return false
+	}
+	// If DefaultMTLSEndpoint is not set or has endpoint override, skip S2A.
+	if opts.DefaultMTLSEndpoint == "" || opts.Endpoint != "" {
+		return false
+	}
+	// If custom HTTP client is provided, skip S2A.
+	if opts.Client != nil {
+		return false
+	}
+	// If directPath is enabled, skip S2A.
+	return !opts.EnableDirectPath && !opts.EnableDirectPathXds
+}
+
+func isGoogleS2AEnabled() bool {
+	b, err := strconv.ParseBool(os.Getenv(googleAPIUseS2AEnv))
+	if err != nil {
+		return false
+	}
+	return b
+}

vendor/cloud.google.com/go/auth/internal/transport/transport.go

@@ -0,0 +1,76 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package transport provided internal helpers for the two transport packages
+// (grpctransport and httptransport).
+package transport
+
+import (
+	"fmt"
+
+	"cloud.google.com/go/auth/credentials"
+)
+
+// CloneDetectOptions clones a user set detect option into some new memory that
+// we can internally manipulate before sending onto the detect package.
+func CloneDetectOptions(oldDo *credentials.DetectOptions) *credentials.DetectOptions {
+	if oldDo == nil {
+		// it is valid for users not to set this, but we will need to to default
+		// some options for them in this case so return some initialized memory
+		// to work with.
+		return &credentials.DetectOptions{}
+	}
+	newDo := &credentials.DetectOptions{
+		// Simple types
+		Audience:          oldDo.Audience,
+		Subject:           oldDo.Subject,
+		EarlyTokenRefresh: oldDo.EarlyTokenRefresh,
+		TokenURL:          oldDo.TokenURL,
+		STSAudience:       oldDo.STSAudience,
+		CredentialsFile:   oldDo.CredentialsFile,
+		UseSelfSignedJWT:  oldDo.UseSelfSignedJWT,
+		UniverseDomain:    oldDo.UniverseDomain,
+
+		// These fields are are pointer types that we just want to use exactly
+		// as the user set, copy the ref
+		Client:             oldDo.Client,
+		AuthHandlerOptions: oldDo.AuthHandlerOptions,
+	}
+
+	// Smartly size this memory and copy below.
+	if oldDo.CredentialsJSON != nil {
+		newDo.CredentialsJSON = make([]byte, len(oldDo.CredentialsJSON))
+		copy(newDo.CredentialsJSON, oldDo.CredentialsJSON)
+	}
+	if oldDo.Scopes != nil {
+		newDo.Scopes = make([]string, len(oldDo.Scopes))
+		copy(newDo.Scopes, oldDo.Scopes)
+	}
+
+	return newDo
+}
+
+// ValidateUniverseDomain verifies that the universe domain configured for the
+// client matches the universe domain configured for the credentials.
+func ValidateUniverseDomain(clientUniverseDomain, credentialsUniverseDomain string) error {
+	if clientUniverseDomain != credentialsUniverseDomain {
+		return fmt.Errorf(
+			"the configured universe domain (%q) does not match the universe "+
+				"domain found in the credentials (%q). If you haven't configured "+
+				"the universe domain explicitly, \"googleapis.com\" is the default",
+			clientUniverseDomain,
+			credentialsUniverseDomain)
+	}
+	return nil
+}

vendor/cloud.google.com/go/auth/oauth2adapt/CHANGES.md

@@ -0,0 +1,40 @@
+# Changelog
+
+## [0.2.2](https://github.com/googleapis/google-cloud-go/compare/auth/oauth2adapt/v0.2.1...auth/oauth2adapt/v0.2.2) (2024-04-23)
+
+
+### Bug Fixes
+
+* **auth/oauth2adapt:** Bump x/net to v0.24.0 ([ba31ed5](https://github.com/googleapis/google-cloud-go/commit/ba31ed5fda2c9664f2e1cf972469295e63deb5b4))
+
+## [0.2.1](https://github.com/googleapis/google-cloud-go/compare/auth/oauth2adapt/v0.2.0...auth/oauth2adapt/v0.2.1) (2024-04-18)
+
+
+### Bug Fixes
+
+* **auth/oauth2adapt:** Adapt Token Types to be translated ([#9801](https://github.com/googleapis/google-cloud-go/issues/9801)) ([70f4115](https://github.com/googleapis/google-cloud-go/commit/70f411555ebbf2b71e6d425cc8d2030644c6b438)), refs [#9800](https://github.com/googleapis/google-cloud-go/issues/9800)
+
+## [0.2.0](https://github.com/googleapis/google-cloud-go/compare/auth/oauth2adapt/v0.1.0...auth/oauth2adapt/v0.2.0) (2024-04-16)
+
+
+### Features
+
+* **auth/oauth2adapt:** Add helpers for working with credentials types ([#9694](https://github.com/googleapis/google-cloud-go/issues/9694)) ([cf33b55](https://github.com/googleapis/google-cloud-go/commit/cf33b5514423a2ac5c2a323a1cd99aac34fd4233))
+
+
+### Bug Fixes
+
+* **auth/oauth2adapt:** Update protobuf dep to v1.33.0 ([30b038d](https://github.com/googleapis/google-cloud-go/commit/30b038d8cac0b8cd5dd4761c87f3f298760dd33a))
+
+## 0.1.0 (2023-10-19)
+
+
+### Features
+
+* **auth/oauth2adapt:** Adds a new module to translate types ([#8595](https://github.com/googleapis/google-cloud-go/issues/8595)) ([6933c5a](https://github.com/googleapis/google-cloud-go/commit/6933c5a0c1fc8e58cbfff8bbca439d671b94672f))
+* **auth/oauth2adapt:** Fixup deps for release ([#8747](https://github.com/googleapis/google-cloud-go/issues/8747)) ([749d243](https://github.com/googleapis/google-cloud-go/commit/749d243862b025a6487a4d2d339219889b4cfe70))
+
+
+### Bug Fixes
+
+* **auth/oauth2adapt:** Update golang.org/x/net to v0.17.0 ([174da47](https://github.com/googleapis/google-cloud-go/commit/174da47254fefb12921bbfc65b7829a453af6f5d))

vendor/cloud.google.com/go/auth/oauth2adapt/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

vendor/cloud.google.com/go/auth/oauth2adapt/oauth2adapt.go

@@ -0,0 +1,164 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package oauth2adapt helps converts types used in [cloud.google.com/go/auth]
+// and [golang.org/x/oauth2].
+package oauth2adapt
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+
+	"cloud.google.com/go/auth"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+)
+
+// TokenProviderFromTokenSource converts any [golang.org/x/oauth2.TokenSource]
+// into a [cloud.google.com/go/auth.TokenProvider].
+func TokenProviderFromTokenSource(ts oauth2.TokenSource) auth.TokenProvider {
+	return &tokenProviderAdapter{ts: ts}
+}
+
+type tokenProviderAdapter struct {
+	ts oauth2.TokenSource
+}
+
+// Token fulfills the [cloud.google.com/go/auth.TokenProvider] interface. It
+// is a light wrapper around the underlying TokenSource.
+func (tp *tokenProviderAdapter) Token(context.Context) (*auth.Token, error) {
+	tok, err := tp.ts.Token()
+	if err != nil {
+		var err2 *oauth2.RetrieveError
+		if ok := errors.As(err, &err2); ok {
+			return nil, AuthErrorFromRetrieveError(err2)
+		}
+		return nil, err
+	}
+	return &auth.Token{
+		Value:  tok.AccessToken,
+		Type:   tok.Type(),
+		Expiry: tok.Expiry,
+	}, nil
+}
+
+// TokenSourceFromTokenProvider converts any
+// [cloud.google.com/go/auth.TokenProvider] into a
+// [golang.org/x/oauth2.TokenSource].
+func TokenSourceFromTokenProvider(tp auth.TokenProvider) oauth2.TokenSource {
+	return &tokenSourceAdapter{tp: tp}
+}
+
+type tokenSourceAdapter struct {
+	tp auth.TokenProvider
+}
+
+// Token fulfills the [golang.org/x/oauth2.TokenSource] interface. It
+// is a light wrapper around the underlying TokenProvider.
+func (ts *tokenSourceAdapter) Token() (*oauth2.Token, error) {
+	tok, err := ts.tp.Token(context.Background())
+	if err != nil {
+		var err2 *auth.Error
+		if ok := errors.As(err, &err2); ok {
+			return nil, AddRetrieveErrorToAuthError(err2)
+		}
+		return nil, err
+	}
+	return &oauth2.Token{
+		AccessToken: tok.Value,
+		TokenType:   tok.Type,
+		Expiry:      tok.Expiry,
+	}, nil
+}
+
+// AuthCredentialsFromOauth2Credentials converts a [golang.org/x/oauth2/google.Credentials]
+// to a [cloud.google.com/go/auth.Credentials].
+func AuthCredentialsFromOauth2Credentials(creds *google.Credentials) *auth.Credentials {
+	if creds == nil {
+		return nil
+	}
+	return auth.NewCredentials(&auth.CredentialsOptions{
+		TokenProvider: TokenProviderFromTokenSource(creds.TokenSource),
+		JSON:          creds.JSON,
+		ProjectIDProvider: auth.CredentialsPropertyFunc(func(ctx context.Context) (string, error) {
+			return creds.ProjectID, nil
+		}),
+		UniverseDomainProvider: auth.CredentialsPropertyFunc(func(ctx context.Context) (string, error) {
+			return creds.GetUniverseDomain()
+		}),
+	})
+}
+
+// Oauth2CredentialsFromAuthCredentials converts a [cloud.google.com/go/auth.Credentials]
+// to a [golang.org/x/oauth2/google.Credentials].
+func Oauth2CredentialsFromAuthCredentials(creds *auth.Credentials) *google.Credentials {
+	if creds == nil {
+		return nil
+	}
+	// Throw away errors as old credentials are not request aware. Also, no
+	// network requests are currently happening for this use case.
+	projectID, _ := creds.ProjectID(context.Background())
+
+	return &google.Credentials{
+		TokenSource: TokenSourceFromTokenProvider(creds.TokenProvider),
+		ProjectID:   projectID,
+		JSON:        creds.JSON(),
+		UniverseDomainProvider: func() (string, error) {
+			return creds.UniverseDomain(context.Background())
+		},
+	}
+}
+
+type oauth2Error struct {
+	ErrorCode        string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+	ErrorURI         string `json:"error_uri"`
+}
+
+// AddRetrieveErrorToAuthError returns the same error provided and adds a
+// [golang.org/x/oauth2.RetrieveError] to the error chain by setting the `Err` field on the
+// [cloud.google.com/go/auth.Error].
+func AddRetrieveErrorToAuthError(err *auth.Error) *auth.Error {
+	if err == nil {
+		return nil
+	}
+	e := &oauth2.RetrieveError{
+		Response: err.Response,
+		Body:     err.Body,
+	}
+	err.Err = e
+	if len(err.Body) > 0 {
+		var oErr oauth2Error
+		// ignore the error as it only fills in extra details
+		json.Unmarshal(err.Body, &oErr)
+		e.ErrorCode = oErr.ErrorCode
+		e.ErrorDescription = oErr.ErrorDescription
+		e.ErrorURI = oErr.ErrorURI
+	}
+	return err
+}
+
+// AuthErrorFromRetrieveError returns an [cloud.google.com/go/auth.Error] that
+// wraps the provided [golang.org/x/oauth2.RetrieveError].
+func AuthErrorFromRetrieveError(err *oauth2.RetrieveError) *auth.Error {
+	if err == nil {
+		return nil
+	}
+	return &auth.Error{
+		Response: err.Response,
+		Body:     err.Body,
+		Err:      err,
+	}
+}

vendor/cloud.google.com/go/auth/threelegged.go

@@ -0,0 +1,374 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"mime"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"cloud.google.com/go/auth/internal"
+)
+
+// AuthorizationHandler is a 3-legged-OAuth helper that prompts the user for
+// OAuth consent at the specified auth code URL and returns an auth code and
+// state upon approval.
+type AuthorizationHandler func(authCodeURL string) (code string, state string, err error)
+
+// Options3LO are the options for doing a 3-legged OAuth2 flow.
+type Options3LO struct {
+	// ClientID is the application's ID.
+	ClientID string
+	// ClientSecret is the application's secret. Not required if AuthHandlerOpts
+	// is set.
+	ClientSecret string
+	// AuthURL is the URL for authenticating.
+	AuthURL string
+	// TokenURL is the URL for retrieving a token.
+	TokenURL string
+	// AuthStyle is used to describe how to client info in the token request.
+	AuthStyle Style
+	// RefreshToken is the token used to refresh the credential. Not required
+	// if AuthHandlerOpts is set.
+	RefreshToken string
+	// RedirectURL is the URL to redirect users to. Optional.
+	RedirectURL string
+	// Scopes specifies requested permissions for the Token. Optional.
+	Scopes []string
+
+	// URLParams are the set of values to apply to the token exchange. Optional.
+	URLParams url.Values
+	// Client is the client to be used to make the underlying token requests.
+	// Optional.
+	Client *http.Client
+	// EarlyTokenExpiry is the time before the token expires that it should be
+	// refreshed. If not set the default value is 3 minutes and 45 seconds.
+	// Optional.
+	EarlyTokenExpiry time.Duration
+
+	// AuthHandlerOpts provides a set of options for doing a
+	// 3-legged OAuth2 flow with a custom [AuthorizationHandler]. Optional.
+	AuthHandlerOpts *AuthorizationHandlerOptions
+}
+
+func (o *Options3LO) validate() error {
+	if o == nil {
+		return errors.New("auth: options must be provided")
+	}
+	if o.ClientID == "" {
+		return errors.New("auth: client ID must be provided")
+	}
+	if o.AuthHandlerOpts == nil && o.ClientSecret == "" {
+		return errors.New("auth: client secret must be provided")
+	}
+	if o.AuthURL == "" {
+		return errors.New("auth: auth URL must be provided")
+	}
+	if o.TokenURL == "" {
+		return errors.New("auth: token URL must be provided")
+	}
+	if o.AuthStyle == StyleUnknown {
+		return errors.New("auth: auth style must be provided")
+	}
+	if o.AuthHandlerOpts == nil && o.RefreshToken == "" {
+		return errors.New("auth: refresh token must be provided")
+	}
+	return nil
+}
+
+// PKCEOptions holds parameters to support PKCE.
+type PKCEOptions struct {
+	// Challenge is the un-padded, base64-url-encoded string of the encrypted code verifier.
+	Challenge string // The un-padded, base64-url-encoded string of the encrypted code verifier.
+	// ChallengeMethod is the encryption method (ex. S256).
+	ChallengeMethod string
+	// Verifier is the original, non-encrypted secret.
+	Verifier string // The original, non-encrypted secret.
+}
+
+type tokenJSON struct {
+	AccessToken  string `json:"access_token"`
+	TokenType    string `json:"token_type"`
+	RefreshToken string `json:"refresh_token"`
+	ExpiresIn    int    `json:"expires_in"`
+	// error fields
+	ErrorCode        string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+	ErrorURI         string `json:"error_uri"`
+}
+
+func (e *tokenJSON) expiry() (t time.Time) {
+	if v := e.ExpiresIn; v != 0 {
+		return time.Now().Add(time.Duration(v) * time.Second)
+	}
+	return
+}
+
+func (o *Options3LO) client() *http.Client {
+	if o.Client != nil {
+		return o.Client
+	}
+	return internal.CloneDefaultClient()
+}
+
+// authCodeURL returns a URL that points to a OAuth2 consent page.
+func (o *Options3LO) authCodeURL(state string, values url.Values) string {
+	var buf bytes.Buffer
+	buf.WriteString(o.AuthURL)
+	v := url.Values{
+		"response_type": {"code"},
+		"client_id":     {o.ClientID},
+	}
+	if o.RedirectURL != "" {
+		v.Set("redirect_uri", o.RedirectURL)
+	}
+	if len(o.Scopes) > 0 {
+		v.Set("scope", strings.Join(o.Scopes, " "))
+	}
+	if state != "" {
+		v.Set("state", state)
+	}
+	if o.AuthHandlerOpts != nil {
+		if o.AuthHandlerOpts.PKCEOpts != nil &&
+			o.AuthHandlerOpts.PKCEOpts.Challenge != "" {
+			v.Set(codeChallengeKey, o.AuthHandlerOpts.PKCEOpts.Challenge)
+		}
+		if o.AuthHandlerOpts.PKCEOpts != nil &&
+			o.AuthHandlerOpts.PKCEOpts.ChallengeMethod != "" {
+			v.Set(codeChallengeMethodKey, o.AuthHandlerOpts.PKCEOpts.ChallengeMethod)
+		}
+	}
+	for k := range values {
+		v.Set(k, v.Get(k))
+	}
+	if strings.Contains(o.AuthURL, "?") {
+		buf.WriteByte('&')
+	} else {
+		buf.WriteByte('?')
+	}
+	buf.WriteString(v.Encode())
+	return buf.String()
+}
+
+// New3LOTokenProvider returns a [TokenProvider] based on the 3-legged OAuth2
+// configuration. The TokenProvider is caches and auto-refreshes tokens by
+// default.
+func New3LOTokenProvider(opts *Options3LO) (TokenProvider, error) {
+	if err := opts.validate(); err != nil {
+		return nil, err
+	}
+	if opts.AuthHandlerOpts != nil {
+		return new3LOTokenProviderWithAuthHandler(opts), nil
+	}
+	return NewCachedTokenProvider(&tokenProvider3LO{opts: opts, refreshToken: opts.RefreshToken, client: opts.client()}, &CachedTokenProviderOptions{
+		ExpireEarly: opts.EarlyTokenExpiry,
+	}), nil
+}
+
+// AuthorizationHandlerOptions provides a set of options to specify for doing a
+// 3-legged OAuth2 flow with a custom [AuthorizationHandler].
+type AuthorizationHandlerOptions struct {
+	// AuthorizationHandler specifies the handler used to for the authorization
+	// part of the flow.
+	Handler AuthorizationHandler
+	// State is used verify that the "state" is identical in the request and
+	// response before exchanging the auth code for OAuth2 token.
+	State string
+	// PKCEOpts allows setting configurations for PKCE. Optional.
+	PKCEOpts *PKCEOptions
+}
+
+func new3LOTokenProviderWithAuthHandler(opts *Options3LO) TokenProvider {
+	return NewCachedTokenProvider(&tokenProviderWithHandler{opts: opts, state: opts.AuthHandlerOpts.State}, &CachedTokenProviderOptions{
+		ExpireEarly: opts.EarlyTokenExpiry,
+	})
+}
+
+// exchange handles the final exchange portion of the 3lo flow. Returns a Token,
+// refreshToken, and error.
+func (o *Options3LO) exchange(ctx context.Context, code string) (*Token, string, error) {
+	// Build request
+	v := url.Values{
+		"grant_type": {"authorization_code"},
+		"code":       {code},
+	}
+	if o.RedirectURL != "" {
+		v.Set("redirect_uri", o.RedirectURL)
+	}
+	if o.AuthHandlerOpts != nil &&
+		o.AuthHandlerOpts.PKCEOpts != nil &&
+		o.AuthHandlerOpts.PKCEOpts.Verifier != "" {
+		v.Set(codeVerifierKey, o.AuthHandlerOpts.PKCEOpts.Verifier)
+	}
+	for k := range o.URLParams {
+		v.Set(k, o.URLParams.Get(k))
+	}
+	return fetchToken(ctx, o, v)
+}
+
+// This struct is not safe for concurrent access alone, but the way it is used
+// in this package by wrapping it with a cachedTokenProvider makes it so.
+type tokenProvider3LO struct {
+	opts         *Options3LO
+	client       *http.Client
+	refreshToken string
+}
+
+func (tp *tokenProvider3LO) Token(ctx context.Context) (*Token, error) {
+	if tp.refreshToken == "" {
+		return nil, errors.New("auth: token expired and refresh token is not set")
+	}
+	v := url.Values{
+		"grant_type":    {"refresh_token"},
+		"refresh_token": {tp.refreshToken},
+	}
+	for k := range tp.opts.URLParams {
+		v.Set(k, tp.opts.URLParams.Get(k))
+	}
+
+	tk, rt, err := fetchToken(ctx, tp.opts, v)
+	if err != nil {
+		return nil, err
+	}
+	if tp.refreshToken != rt && rt != "" {
+		tp.refreshToken = rt
+	}
+	return tk, err
+}
+
+type tokenProviderWithHandler struct {
+	opts  *Options3LO
+	state string
+}
+
+func (tp tokenProviderWithHandler) Token(ctx context.Context) (*Token, error) {
+	url := tp.opts.authCodeURL(tp.state, nil)
+	code, state, err := tp.opts.AuthHandlerOpts.Handler(url)
+	if err != nil {
+		return nil, err
+	}
+	if state != tp.state {
+		return nil, errors.New("auth: state mismatch in 3-legged-OAuth flow")
+	}
+	tok, _, err := tp.opts.exchange(ctx, code)
+	return tok, err
+}
+
+// fetchToken returns a Token, refresh token, and/or an error.
+func fetchToken(ctx context.Context, o *Options3LO, v url.Values) (*Token, string, error) {
+	var refreshToken string
+	if o.AuthStyle == StyleInParams {
+		if o.ClientID != "" {
+			v.Set("client_id", o.ClientID)
+		}
+		if o.ClientSecret != "" {
+			v.Set("client_secret", o.ClientSecret)
+		}
+	}
+	req, err := http.NewRequest("POST", o.TokenURL, strings.NewReader(v.Encode()))
+	if err != nil {
+		return nil, refreshToken, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	if o.AuthStyle == StyleInHeader {
+		req.SetBasicAuth(url.QueryEscape(o.ClientID), url.QueryEscape(o.ClientSecret))
+	}
+
+	// Make request
+	r, err := o.client().Do(req.WithContext(ctx))
+	if err != nil {
+		return nil, refreshToken, err
+	}
+	body, err := internal.ReadAll(r.Body)
+	r.Body.Close()
+	if err != nil {
+		return nil, refreshToken, fmt.Errorf("auth: cannot fetch token: %w", err)
+	}
+
+	failureStatus := r.StatusCode < 200 || r.StatusCode > 299
+	tokError := &Error{
+		Response: r,
+		Body:     body,
+	}
+
+	var token *Token
+	// errors ignored because of default switch on content
+	content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	switch content {
+	case "application/x-www-form-urlencoded", "text/plain":
+		// some endpoints return a query string
+		vals, err := url.ParseQuery(string(body))
+		if err != nil {
+			if failureStatus {
+				return nil, refreshToken, tokError
+			}
+			return nil, refreshToken, fmt.Errorf("auth: cannot parse response: %w", err)
+		}
+		tokError.code = vals.Get("error")
+		tokError.description = vals.Get("error_description")
+		tokError.uri = vals.Get("error_uri")
+		token = &Token{
+			Value:    vals.Get("access_token"),
+			Type:     vals.Get("token_type"),
+			Metadata: make(map[string]interface{}, len(vals)),
+		}
+		for k, v := range vals {
+			token.Metadata[k] = v
+		}
+		refreshToken = vals.Get("refresh_token")
+		e := vals.Get("expires_in")
+		expires, _ := strconv.Atoi(e)
+		if expires != 0 {
+			token.Expiry = time.Now().Add(time.Duration(expires) * time.Second)
+		}
+	default:
+		var tj tokenJSON
+		if err = json.Unmarshal(body, &tj); err != nil {
+			if failureStatus {
+				return nil, refreshToken, tokError
+			}
+			return nil, refreshToken, fmt.Errorf("auth: cannot parse json: %w", err)
+		}
+		tokError.code = tj.ErrorCode
+		tokError.description = tj.ErrorDescription
+		tokError.uri = tj.ErrorURI
+		token = &Token{
+			Value:    tj.AccessToken,
+			Type:     tj.TokenType,
+			Expiry:   tj.expiry(),
+			Metadata: make(map[string]interface{}),
+		}
+		json.Unmarshal(body, &token.Metadata) // optional field, skip err check
+		refreshToken = tj.RefreshToken
+	}
+	// according to spec, servers should respond status 400 in error case
+	// https://www.rfc-editor.org/rfc/rfc6749#section-5.2
+	// but some unorthodox servers respond 200 in error case
+	if failureStatus || tokError.code != "" {
+		return nil, refreshToken, tokError
+	}
+	if token.Value == "" {
+		return nil, refreshToken, errors.New("auth: server response missing access_token")
+	}
+	return token, refreshToken, nil
+}

vendor/cloud.google.com/go/compute/metadata/CHANGES.md

@@ -0,0 +1,26 @@
+# Changes
+
+## [0.3.0](https://github.com/googleapis/google-cloud-go/compare/compute/metadata/v0.2.3...compute/metadata/v0.3.0) (2024-04-15)
+
+
+### Features
+
+* **compute/metadata:** Add context aware functions  ([#9733](https://github.com/googleapis/google-cloud-go/issues/9733)) ([e4eb5b4](https://github.com/googleapis/google-cloud-go/commit/e4eb5b46ee2aec9d2fc18300bfd66015e25a0510))
+
+## [0.2.3](https://github.com/googleapis/google-cloud-go/compare/compute/metadata/v0.2.2...compute/metadata/v0.2.3) (2022-12-15)
+
+
+### Bug Fixes
+
+* **compute/metadata:** Switch DNS lookup to an absolute lookup ([119b410](https://github.com/googleapis/google-cloud-go/commit/119b41060c7895e45e48aee5621ad35607c4d021)), refs [#7165](https://github.com/googleapis/google-cloud-go/issues/7165)
+
+## [0.2.2](https://github.com/googleapis/google-cloud-go/compare/compute/metadata/v0.2.1...compute/metadata/v0.2.2) (2022-12-01)
+
+
+### Bug Fixes
+
+* **compute/metadata:** Set IdleConnTimeout for http.Client ([#7084](https://github.com/googleapis/google-cloud-go/issues/7084)) ([766516a](https://github.com/googleapis/google-cloud-go/commit/766516aaf3816bfb3159efeea65aa3d1d205a3e2)), refs [#5430](https://github.com/googleapis/google-cloud-go/issues/5430)
+
+## [0.1.0] (2022-10-26)
+
+Initial release of metadata being it's own module.

vendor/cloud.google.com/go/compute/metadata/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.