Daniel Sanche

This commit is a **maintenance chore** that **fixes failing system tests** within the **`google-auth` package**, specifically addressing issues related to empty tokens. It updates the credential application logic in the `dns_access_direct` test and adds a credential refresh call in `test_configurable_token_lifespan` within `test_external_accounts.py`. This **unblocks critical system tests** for **external accounts**, ensuring the stability and correctness of the **authentication library's credential handling**.

This commit **introduces a suite of new pipeline expressions** to the `google-cloud-firestore` Python client library, significantly enhancing its data processing capabilities. It adds `cmp`, `timestamp_trunc`, `timestamp_diff`, `timestamp_extract`, `if_null`, `type`, and `is_type` methods to the `Expression` class, along with supporting enums like `TimeUnit` and `TimePart`. This **new capability** allows users to perform advanced comparisons, manipulate timestamps, handle null values, and inspect data types directly within Firestore pipelines. Comprehensive **unit and system tests** have been added to validate the functionality of these new expressions, ensuring robust and reliable data transformations.

This commit performs **maintenance** by **updating and expanding dependency constraint management** within the `gapic-generator` project. It **raises the minimum supported versions** for `google-api-core`, `google-auth`, and `grpcio` across various Python 3.9 golden test environments and templates, including `setup.py.j2`. Additionally, the commit **introduces new constraint files specifically for async-rest clients** in golden tests and templates. The `noxfile.py` is updated to dynamically select these `async-rest` specific constraint files, **enabling more granular and accurate testing** for different client types. This ensures that generated clients are validated against current minimum supported dependencies and allows for specialized async-rest test configurations within the **integration test suite**.

This commit **improves type annotations** within the **`google.api_core.exceptions`** module, specifically for the `GoogleAPICallError` class. It **refactors** the `code` and `grpc_status_code` attributes to correctly use `Optional[int]` and `Optional[grpc.StatusCode]` respectively. This **maintenance** change ensures that static analysis tools like mypy accurately understand the potential types of these error attributes, preventing incorrect assumptions about `None` values. By clarifying these types, the commit enhances code clarity and robustness for developers using `google-api-core`.

This commit provides a **bug fix** for **asynchronous sample code** generated by the `gapic-generator`. It **corrects missing `await` keywords** in numerous generated Python samples across various Google Cloud services, including **Asset, Eventarc, Logging, and Cloud Redis**. This ensures that asynchronous operations, particularly Long Running Operations (LROs) and paged results, are properly handled in the example code, preventing runtime errors and providing accurate usage guidance for developers. Additionally, **unit tests for sample generation** were updated to validate the correct rendering of `await` for LROs and paged results.

chore: librarian onboard pull request: 20260312T145452Z (#16098)

This commit delivers a **bug fix** for the **`google-auth` library's Compute Engine metadata service (MDS)** client, specifically addressing an error when **mTLS** is enabled. Previously, the `_prepare_request_for_mds` function would attempt to access a `session` attribute on all `Request` objects, leading to exceptions for unsupported request types that lack this attribute. The fix modifies `packages/google-auth/google/auth/compute_engine/_metadata.py` to only attempt mTLS adapter mounting if the request object explicitly has a `session`, thereby gracefully ignoring incompatible request types. This ensures more robust **authentication** for applications on Compute Engine, preventing crashes when mTLS is active with diverse request implementations.

This commit implements a **documentation fix** within the **`gapic-generator`** by updating the Jinja2 template responsible for generating `transports/README.rst` files. It specifically corrects the formatting of code references, changing them from single backticks to double backticks to ensure proper rendering in reStructuredText. This **improves the readability and correctness** of generated documentation for all client libraries, providing users with accurately formatted code examples and identifiers. The integration test golden files have also been updated to reflect this improved output, ensuring consistency across generated `README.rst` files.

This commit performs **maintenance** by updating a comment within the `.generator/requirements.in` file. Specifically, it clarifies the rationale behind the version pin for the `gapic-generator` dependency. This change improves the **documentation within the build system**, providing better context for developers managing project dependencies and ensuring clarity on why a particular version of `gapic-generator` is required. The update has no functional impact on the generated code or runtime behavior, serving purely as an informational enhancement.

This commit performs a **maintenance update** by upgrading the `gapic-generator` dependency from version 1.30.9 to 1.30.10. This change specifically affects the **code generation process** for client libraries, as defined in `.generator/requirements.in`. The update ensures that all future client library builds will leverage the latest improvements and fixes provided by the newer `gapic-generator` version, enhancing the quality and reliability of generated code.

This commit performs a **maintenance update** by bumping the version of the **`gapic-generator`** tool. Specifically, it updates the `gapic-generator` version from `1.30.9` to `1.30.10` within the `.librarian/state.yaml` configuration file for the `packages/gapic-generator` module. This **version bump** ensures that subsequent code generation processes will utilize the latest patch release of the `gapic-generator`, potentially incorporating minor fixes or improvements from that tool.

This commit provides a **dependency management fix** for the **`google-auth` library**, making the `rsa` package an **optional dependency** rather than a required one. It **refactors** the `RSAVerifier` and `RSASigner` classes within `google/auth/crypt/rsa.py` to conditionally import `rsa` only when explicitly needed, as `cryptography` is now the preferred and primary implementation for RSA operations. This change reduces the core dependency footprint, improves maintainability by phasing out a deprecated library, and ensures backward compatibility for existing integrations. **Testing infrastructure** in `noxfile.py` and various `tests/crypt/` files have been updated to accommodate this conditional dependency.

fix: improve type checking (#2530)

This commit **improves the documentation** within the **`gapic-generator`** by adding comprehensive docstrings for the `api_audience` and `interceptor` parameters. Specifically, it updates the `__init__` methods of base, gRPC, and REST transport class templates to include these descriptions. This **enhances the clarity and usability** of generated client libraries, providing developers with better inline documentation for these critical constructor arguments. The changes are reflected across all transport types, ensuring **consistent and complete API documentation** for future client library releases, and are validated by updating the integration test golden files.

chore: librarian onboard pull request: 20260225T101121Z (#15612)

chore: librarian onboard pull request: 20260224T120346Z (#15607)

chore: librarian onboard pull request: 20260223T161841Z (#15602)

This commit provides a crucial **bug fix** for the `ReadRowsIterable.to_dataframe()` method within the **BigQuery Storage client library**, resolving an issue where the first page of data was inadvertently lost. Previously, an attempt to use `to_arrow()` would consume the initial page, leading to incomplete DataFrames if the format was unsupported. The `to_dataframe` method has been **refactored** to safely peek at the stream's format without consuming data, thereby preventing **data loss** and ensuring the entire dataset is available for conversion. This enhancement guarantees **data integrity** and robust DataFrame generation, including new handling for empty DataFrames and checks for unexpected mid-stream format changes.

This commit performs a **maintenance refactoring** across the **Bigtable client library's samples and tests** to address deprecation warnings. It updates all instances of the deprecated `datetime.datetime.utcnow()` function to use `datetime.datetime.now(timezone.utc)` instead, ensuring proper timezone-aware datetime object creation. This change affects various documentation snippets, sample applications like `hello/main.py` and `writes/*.py`, and numerous unit and system test files within the `packages/google-cloud-bigtable` directory. The update improves code hygiene and ensures the examples and internal tests remain compatible with future Python versions by removing reliance on a deprecated API.

This commit **introduces a new asynchronous sample** within the `google-cloud-bigtable` Python library, specifically demonstrating the `AddToCell` mutation for incrementing values in a Bigtable table using the `write_aggregate` method. To support this new example and ensure its reliability, a **corresponding test case** was added in `data_client_snippets_async_test.py`. Additionally, the `create_table` utility function in `packages/google-cloud-bigtable/samples/utils.py` was **refactored** to use the GAPIC client for table creation and properly handle protobuf-based column family definitions. This work provides a **new capability demonstration** and improves the **developer experience** by offering a clear, tested example for a key Bigtable operation, while also enhancing the robustness of sample setup.