Addressed comments.

Author: vverman

google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentials.java

@@ -237,7 +237,12 @@ public AccessToken refreshAccessToken() throws IOException {
   @InternalApi
   @Override
   public String getRegionalAccessBoundaryUrl() throws IOException {
-    Matcher matcher = WORKFORCE_AUDIENCE_PATTERN.matcher(getAudience());
+    String audience = getAudience();
+    if (audience == null) {
+      throw new IllegalStateException(
+          "The audience is null, which is not in the correct format for a workforce pool.");
+    }
+    Matcher matcher = WORKFORCE_AUDIENCE_PATTERN.matcher(audience);
     if (!matcher.matches()) {
       throw new IllegalStateException(
           "The provided audience is not in the correct format for a workforce pool. "

google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java

@@ -639,14 +639,20 @@ public String getRegionalAccessBoundaryUrl() throws IOException {
           getServiceAccountEmail());
     }
 
-    Matcher workforceMatcher = WORKFORCE_AUDIENCE_PATTERN.matcher(getAudience());
+    String audience = getAudience();
+    if (audience == null) {
+      throw new IllegalStateException(
+          "The audience is null, which is not in a valid format for either a workload identity pool or a workforce pool.");
+    }
+
+    Matcher workforceMatcher = WORKFORCE_AUDIENCE_PATTERN.matcher(audience);
     if (workforceMatcher.matches()) {
       String poolId = workforceMatcher.group("pool");
       return String.format(
           OAuth2Utils.IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_WORKFORCE_POOL, poolId);
     }
 
-    Matcher workloadMatcher = WORKLOAD_AUDIENCE_PATTERN.matcher(getAudience());
+    Matcher workloadMatcher = WORKLOAD_AUDIENCE_PATTERN.matcher(audience);
     if (workloadMatcher.matches()) {
       String projectNumber = workloadMatcher.group("project");
       String poolId = workloadMatcher.group("pool");

google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundary.java

@@ -102,7 +102,7 @@ final class RegionalAccessBoundary implements Serializable {
     this.locations =
         locations == null
             ? Collections.<String>emptyList()
-            : Collections.unmodifiableList(locations);
+            : Collections.unmodifiableList(new java.util.ArrayList<>(locations));
     this.refreshTime = refreshTime;
     this.clock = clock != null ? clock : Clock.SYSTEM;
   }

google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentialsTest.java

@@ -1270,6 +1270,69 @@ void testRefresh_regionalAccessBoundarySuccess() throws IOException, Interrupted
         Arrays.asList(TestUtils.REGIONAL_ACCESS_BOUNDARY_ENCODED_LOCATION));
   }
 
+  @Test
+  void getRegionalAccessBoundaryUrl_workforce() throws IOException {
+    ExternalAccountAuthorizedUserCredentials credentials =
+        ExternalAccountAuthorizedUserCredentials.newBuilder()
+            .setClientId(CLIENT_ID)
+            .setClientSecret(CLIENT_SECRET)
+            .setRefreshToken(REFRESH_TOKEN)
+            .setTokenUrl(TOKEN_URL)
+            .setAudience(
+                "//iam.googleapis.com/locations/global/workforcePools/my-pool/providers/my-provider")
+            .build();
+
+    String expectedUrl =
+        "https://iamcredentials.googleapis.com/v1/locations/global/workforcePools/my-pool/allowedLocations";
+    assertEquals(expectedUrl, credentials.getRegionalAccessBoundaryUrl());
+  }
+
+  @Test
+  void getRegionalAccessBoundaryUrl_invalidAudience_throws() {
+    ExternalAccountAuthorizedUserCredentials credentials =
+        ExternalAccountAuthorizedUserCredentials.newBuilder()
+            .setClientId(CLIENT_ID)
+            .setClientSecret(CLIENT_SECRET)
+            .setRefreshToken(REFRESH_TOKEN)
+            .setTokenUrl(TOKEN_URL)
+            .setAudience("invalid-audience")
+            .build();
+
+    IllegalStateException exception =
+        assertThrows(
+            IllegalStateException.class,
+            () -> {
+              credentials.getRegionalAccessBoundaryUrl();
+            });
+
+    assertEquals(
+        "The provided audience is not in the correct format for a workforce pool. "
+            + "Refer: https://docs.cloud.google.com/iam/docs/principal-identifiers",
+        exception.getMessage());
+  }
+
+  @Test
+  void getRegionalAccessBoundaryUrl_nullAudience_throws() {
+    ExternalAccountAuthorizedUserCredentials credentials =
+        ExternalAccountAuthorizedUserCredentials.newBuilder()
+            .setClientId(CLIENT_ID)
+            .setClientSecret(CLIENT_SECRET)
+            .setRefreshToken(REFRESH_TOKEN)
+            .setTokenUrl(TOKEN_URL)
+            .build();
+
+    IllegalStateException exception =
+        assertThrows(
+            IllegalStateException.class,
+            () -> {
+              credentials.getRegionalAccessBoundaryUrl();
+            });
+
+    assertEquals(
+        "The audience is null, which is not in the correct format for a workforce pool.",
+        exception.getMessage());
+  }
+
   private void waitForRegionalAccessBoundary(GoogleCredentials credentials)
       throws InterruptedException {
     long deadline = System.currentTimeMillis() + 5000;

google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java

@@ -1297,6 +1297,32 @@ public void getRegionalAccessBoundaryUrl_invalidAudience_throws() {
         exception.getMessage());
   }
 
+  @Test
+  public void getRegionalAccessBoundaryUrl_nullAudience_throws() {
+    ExternalAccountCredentials credentials =
+        new TestExternalAccountCredentials(
+            TestExternalAccountCredentials.newBuilder()
+                .setAudience("any-audience-to-pass-constructor-check")
+                .setSubjectTokenType("subject_token_type")
+                .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP))) {
+          @Override
+          public String getAudience() {
+            return null;
+          }
+        };
+
+    IllegalStateException exception =
+        assertThrows(
+            IllegalStateException.class,
+            () -> {
+              credentials.getRegionalAccessBoundaryUrl();
+            });
+
+    assertEquals(
+        "The audience is null, which is not in a valid format for either a workload identity pool or a workforce pool.",
+        exception.getMessage());
+  }
+
   @Test
   public void refresh_workload_regionalAccessBoundarySuccess()
       throws IOException, InterruptedException {

java-dataplex/grpc-google-cloud-dataplex-v1/src/main/java/com/google/cloud/dataplex/v1/ContentServiceGrpc.java

@@ -15,6 +15,7 @@
  */
 package com.google.cloud.dataplex.v1;
 
+
 /**
  *
  *