feat!: integrates external_accounts with GoogleAuth and ADC

[bojeil-google]

Exports IdentityPoolClient, IdentityPoolClientOptions, AwsClient, AwsClientOptions, ExternalAccountClient and ExternalAccountClientOptions.

Defines CredentialsClient interface as the root interface for all clients that generate credentials. Updates AuthClient to implement that interface. All existing clients extend AuthClient and already conform to CredentialsClient.

Exposes eagerRefreshThresholdMillis and forceRefreshOnFailure on BaseExternalAccountClient as they are exposed on all clients which inherit from OAuth2Client and AuthClient.

Defines JSONClient in GoogleAuth for all credentials that can be initialized from JSON objects (as part of ADC): JWT | UserRefreshClient | BaseExternalAccountClient. This excludes Compute clients.

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (byoid@d759b09). Click here to learn what that means.
The diff coverage is n/a.

@@           Coverage Diff            @@
##             byoid    #1052   +/-   ##
========================================
  Coverage         ?   91.52%           
========================================
  Files            ?       21           
  Lines            ?     4093           
  Branches         ?      454           
========================================
  Hits             ?     3746           
  Misses           ?      347           
  Partials         ?        0           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d759b09...9ec8bea. Read the comment docs.

[google-cla]

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

[bcoe]

I believe this will break the upstream:

https://github.com/googleapis/nodejs-googleapis-common/blob/master/src/authplus.ts

Which wraps GoogleAuth, I suggest we release this work as a breaking change, just so we can make the update intentional for upstream consumers.

The upstream consumers need not take this as a breaking change.

[bcoe]

because of the suffix type I thought this would be an interface or type, I would add a comment:

// this string constant indicates that external account should  be instantiated ?

[bojeil-google]

Done. I added clarification here and in baseexternalclient.ts where it is declared.

[google-cla]

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

[bojeil-google]

Sounds good on the breaking change. I think we can help make the necessary changes in nodejs-googleapis-common. We want to make sure all clients are able benefit from this feature.