Build(deps): Bump cloud.google.com/go/iam from 1.5.3 to 1.7.0

[dependabot]

Bumps cloud.google.com/go/iam from 1.5.3 to 1.7.0.

Release notes

Sourced from cloud.google.com/go/iam's releases.

gkemulticloud: v1.7.0

v1.7.0 (2026-04-02)

iam: v1.7.0

v1.7.0 (2026-04-02)

shopping: v1.7.0

v1.7.0 (2026-04-02)

ids: v1.6.0

v1.6.0 (2026-04-02)

support: v1.6.0

v1.6.0 (2026-04-02)

Changelog

Sourced from cloud.google.com/go/iam's changelog.

1.7.0 (2023-01-31)

Features

• documentai: Add REST client (06a54a1)
• documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Rewrite signatures in terms of new types for betas (9f303f9)
• documentai: Start generating proto message types (563f546)
• documentai: Start generating stubs dir (de2d180)

1.6.0 (2023-01-26)

Features

• documentai/apiv1beta3: Add REST transport (f7b0822)
• documentai: Add REST client (06a54a1)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Rewrite signatures in terms of new types for betas (9f303f9)
• documentai: Start generating proto message types (563f546)
• documentai: Start generating stubs dir (de2d180)

1.5.0 (2023-01-26)

⚠ BREAKING CHANGES

• documentai: Changed the name field for ProcessRequest and BatchProcessorRequest to accept * so the name field can accept Processor and ProcessorVersion.

Features

• documentai/apiv1beta3: Add REST transport (f7b0822)
• documentai: Add REST client (06a54a1)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added field_mask to ProcessRequest object in document_processor_service.proto feat: Added parent_ids to Revision object in document.proto feat: Added integer_values, float_values and non_present to Entity object in document.proto feat: Added corrected_key_text, correct_value_text to FormField object in document.proto feat: Added OperationMetadata resource feat!: Added Processor Management and Processor Version support to v1 library (370e23e)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)

... (truncated)

Commits

• c2bf628 chore: release main (#7506)
• 91a1f78 chore: update iam and longrunning (#7553)
• b219a38 chore: go mod tidy (#7552)
• 8775cae chore: update copyright year for generated protos (#7542)
• 9373073 chore(spanner): dummy commit to test spanner kokoro builds (#7549)
• 3868b6c chore(main): release pubsub 1.29.0 (#7312)
• ae38ff1 feat(security/privateca): remove apiv1beta1 (#7539)
• a7fc1d5 chore(talent): update copyright year in the generated protos (#7541)
• d4931e9 chore(talent): update copyright year in the generated protos (#7540)
• 0df63fc docs(dialogflow/cx): clarified wording around quota usage (#7538)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign miguelhbrito for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

Updated Go toolchain version from 1.24.13 to 1.25.0 in go.mod. Multiple direct and indirect dependencies were bumped to newer versions across Google Cloud, OpenTelemetry, and standard library packages.

Changes

Cohort / File(s)	Summary
Go Module Dependencies go.mod	Bumped Go toolchain from 1.24.13 to 1.25.0; updated direct dependencies including cloud.google.com/go/iam, github.com/googleapis/gax-go/v2, golang.org/x/term, golang.org/x/text, google.golang.org/api, and google.golang.org/grpc; updated indirect dependencies across Google Cloud auth, OpenTelemetry (otel, metric, sdk, trace), and genproto modules.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title specifically mentions the main dependency bump (cloud.google.com/go/iam from 1.5.3 to 1.7.0), which aligns with the primary change in the changeset.
Description check	✅ Passed	The description is related to the changeset; it contains release notes and changelog details for the cloud.google.com/go/iam dependency bump, despite being auto-generated by Dependabot.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/cloud.google.com/go/iam-1.7.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

go.mod (1)

12-12: Prefer errors.As for resilient GCP error matching after upgrading gax-go and google.golang.org/api.

The codebase uses direct type assertions to *googleapi.Error and *apierror.APIError in multiple places (e.g., cmd/ocm/gcp/gcp-client-shim.go, pkg/gcp/error_handlers.go). These can become brittle if errors are wrapped during the library upgrades. Use errors.As instead, as already demonstrated in the isNotFound function.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 12, Several places use direct type assertions to
*googleapi.Error and *apierror.APIError which breaks when errors are wrapped;
update those checks to use errors.As like the existing isNotFound function does.
For each occurrence (e.g., in cmd/ocm/gcp/gcp-client-shim.go and
pkg/gcp/error_handlers.go) import the standard "errors" package and replace
constructs like err.(*googleapi.Error) or err.(*apierror.APIError) with an
errors.As-based pattern that declares a target variable of the appropriate type
and calls errors.As(err, &target) before inspecting fields; ensure you handle
both underlying types where previously asserted and preserve existing logic
paths.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 3: go.mod declares Go 1.25.0 but CI workflows still pin older Go
versions; update every CI YAML's go-version entries to match or exceed "1.25" to
avoid build mismatches. Locate all occurrences of the YAML key go-version in
your workflow files (the entries currently set to 1.22 and 1.23) and change them
to 1.25 (or a newer compatible minor, e.g., 1.25.x), then re-run CI to verify
builds succeed against the go.mod requirement.

---

Nitpick comments:
In `@go.mod`:
- Line 12: Several places use direct type assertions to *googleapi.Error and
*apierror.APIError which breaks when errors are wrapped; update those checks to
use errors.As like the existing isNotFound function does. For each occurrence
(e.g., in cmd/ocm/gcp/gcp-client-shim.go and pkg/gcp/error_handlers.go) import
the standard "errors" package and replace constructs like err.(*googleapi.Error)
or err.(*apierror.APIError) with an errors.As-based pattern that declares a
target variable of the appropriate type and calls errors.As(err, &target) before
inspecting fields; ensure you handle both underlying types where previously
asserted and preserve existing logic paths.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c0a60cec-fdf4-4d4e-85ea-3152583d56dc

📥 Commits

Reviewing files that changed from the base of the PR and between e621c19 and e43abc9.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read-only check for Go version pins that may drift from go.mod
set -euo pipefail

echo "== go.mod =="
rg -n '^\s*go\s+[0-9]+\.[0-9]+(\.[0-9]+)?\s*$' go.mod

echo
echo "== Common CI / build pin locations =="
fd -HI '(^|/)(Dockerfile|Containerfile|Makefile|.*\.mk|.*\.yml|.*\.yaml)$' . \
  | xargs -r rg -n 'golang:|GO_VERSION|setup-go|actions/setup-go|go-version|FROM\s+golang|^\s*go\s+[0-9]+\.[0-9]+(\.[0-9]+)?'

Repository: openshift-online/ocm-cli

Length of output: 578

---

Update CI workflow Go versions to match go.mod 1.25.0.

CI workflows are pinned to Go 1.22 and 1.23, which are older than the minimum specified in go.mod (1.25.0). This mismatch will cause build inconsistencies:

• .github/workflows/publish-release.yaml:45 — go-version: 1.23
• .github/workflows/check-pull-request.yaml:51 — go-version: 1.22
• .github/workflows/check-pull-request.yaml:77 — go-version: 1.23

Update all workflow pinned versions to 1.25 or higher to match the module directive.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, go.mod declares Go 1.25.0 but CI workflows still pin older
Go versions; update every CI YAML's go-version entries to match or exceed "1.25"
to avoid build mismatches. Locate all occurrences of the YAML key go-version in
your workflow files (the entries currently set to 1.22 and 1.23) and change them
to 1.25 (or a newer compatible minor, e.g., 1.25.x), then re-run CI to verify
builds succeed against the go.mod requirement.

[dependabot]

Superseded by #1091.