Skip to content

Commit 02e95eb

Browse files
docs: add warning against accepting untrusted credentials (#8038)
PiperOrigin-RevId: 719330114 Source-Link: googleapis/googleapis@9e0f143 Source-Link: googleapis/googleapis-gen@9612bdf Copy-Tag: eyJwIjoiQXNzZXQvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQXNzdXJlZFdvcmtsb2Fkcy8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQXV0b01sLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmFja3VwRHIvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmFyZU1ldGFsU29sdXRpb24vLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmF0Y2gvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmV5b25kQ29ycEFwcENvbm5lY3Rpb25zLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmV5b25kQ29ycEFwcENvbm5lY3RvcnMvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmV5b25kQ29ycEFwcEdhdGV3YXlzLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmV5b25kQ29ycENsaWVudENvbm5lY3RvclNlcnZpY2VzLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmV5b25kQ29ycENsaWVudEdhdGV3YXlzLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmlnUXVlcnlBbmFseXRpY3NIdWIvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmlnUXVlcnlDb25uZWN0aW9uLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmlnUXVlcnlEYXRhRXhjaGFuZ2UvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmlnUXVlcnlEYXRhUG9saWNpZXMvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmlnUXVlcnlEYXRhVHJhbnNmZXIvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmlnUXVlcnlNaWdyYXRpb24vLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQmlnUXVlcnlSZXNlcnZhdGlvbi8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQmlnUXVlcnlTdG9yYWdlLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQmlndGFibGUvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
1 parent 9dd6b57 commit 02e95eb

25 files changed

Lines changed: 150 additions & 0 deletions

File tree

Asset/src/V1/Client/AssetServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -435,6 +435,12 @@ public static function parseName(string $formattedName, ?string $template = null
435435
* {@see \Google\Auth\FetchAuthTokenInterface} object or
436436
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
437437
* objects are provided, any settings in $credentialsConfig will be ignored.
438+
* *Important*: If you accept a credential configuration (credential
439+
* JSON/File/Stream) from an external source for authentication to Google Cloud
440+
* Platform, you must validate it before providing it to any Google API or library.
441+
* Providing an unvalidated credential configuration to Google APIs can compromise
442+
* the security of your systems and data. For more information {@see
443+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
438444
* @type array $credentialsConfig
439445
* Options used to configure credentials, including auth token caching, for the
440446
* client. For a full list of supporting configuration options, see

AssuredWorkloads/src/V1/Client/AssuredWorkloadsServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -276,6 +276,12 @@ public static function parseName(string $formattedName, ?string $template = null
276276
* {@see \Google\Auth\FetchAuthTokenInterface} object or
277277
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
278278
* objects are provided, any settings in $credentialsConfig will be ignored.
279+
* *Important*: If you accept a credential configuration (credential
280+
* JSON/File/Stream) from an external source for authentication to Google Cloud
281+
* Platform, you must validate it before providing it to any Google API or library.
282+
* Providing an unvalidated credential configuration to Google APIs can compromise
283+
* the security of your systems and data. For more information {@see
284+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
279285
* @type array $credentialsConfig
280286
* Options used to configure credentials, including auth token caching, for the
281287
* client. For a full list of supporting configuration options, see

AssuredWorkloads/src/V1beta1/Client/AssuredWorkloadsServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -259,6 +259,12 @@ public static function parseName(string $formattedName, ?string $template = null
259259
* {@see \Google\Auth\FetchAuthTokenInterface} object or
260260
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
261261
* objects are provided, any settings in $credentialsConfig will be ignored.
262+
* *Important*: If you accept a credential configuration (credential
263+
* JSON/File/Stream) from an external source for authentication to Google Cloud
264+
* Platform, you must validate it before providing it to any Google API or library.
265+
* Providing an unvalidated credential configuration to Google APIs can compromise
266+
* the security of your systems and data. For more information {@see
267+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
262268
* @type array $credentialsConfig
263269
* Options used to configure credentials, including auth token caching, for the
264270
* client. For a full list of supporting configuration options, see

AutoMl/src/V1/Client/AutoMlClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -352,6 +352,12 @@ public static function parseName(string $formattedName, ?string $template = null
352352
* {@see \Google\Auth\FetchAuthTokenInterface} object or
353353
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
354354
* objects are provided, any settings in $credentialsConfig will be ignored.
355+
* *Important*: If you accept a credential configuration (credential
356+
* JSON/File/Stream) from an external source for authentication to Google Cloud
357+
* Platform, you must validate it before providing it to any Google API or library.
358+
* Providing an unvalidated credential configuration to Google APIs can compromise
359+
* the security of your systems and data. For more information {@see
360+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
355361
* @type array $credentialsConfig
356362
* Options used to configure credentials, including auth token caching, for the
357363
* client. For a full list of supporting configuration options, see

AutoMl/src/V1/Client/PredictionServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,12 @@ public static function parseName(string $formattedName, ?string $template = null
217217
* {@see \Google\Auth\FetchAuthTokenInterface} object or
218218
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
219219
* objects are provided, any settings in $credentialsConfig will be ignored.
220+
* *Important*: If you accept a credential configuration (credential
221+
* JSON/File/Stream) from an external source for authentication to Google Cloud
222+
* Platform, you must validate it before providing it to any Google API or library.
223+
* Providing an unvalidated credential configuration to Google APIs can compromise
224+
* the security of your systems and data. For more information {@see
225+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
220226
* @type array $credentialsConfig
221227
* Options used to configure credentials, including auth token caching, for the
222228
* client. For a full list of supporting configuration options, see

BackupDr/src/V1/Client/BackupDRClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -420,6 +420,12 @@ public static function parseName(string $formattedName, ?string $template = null
420420
* {@see \Google\Auth\FetchAuthTokenInterface} object or
421421
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
422422
* objects are provided, any settings in $credentialsConfig will be ignored.
423+
* *Important*: If you accept a credential configuration (credential
424+
* JSON/File/Stream) from an external source for authentication to Google Cloud
425+
* Platform, you must validate it before providing it to any Google API or library.
426+
* Providing an unvalidated credential configuration to Google APIs can compromise
427+
* the security of your systems and data. For more information {@see
428+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
423429
* @type array $credentialsConfig
424430
* Options used to configure credentials, including auth token caching, for the
425431
* client. For a full list of supporting configuration options, see

BareMetalSolution/src/V2/Client/BareMetalSolutionClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -591,6 +591,12 @@ public static function parseName(string $formattedName, ?string $template = null
591591
* {@see \Google\Auth\FetchAuthTokenInterface} object or
592592
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
593593
* objects are provided, any settings in $credentialsConfig will be ignored.
594+
* *Important*: If you accept a credential configuration (credential
595+
* JSON/File/Stream) from an external source for authentication to Google Cloud
596+
* Platform, you must validate it before providing it to any Google API or library.
597+
* Providing an unvalidated credential configuration to Google APIs can compromise
598+
* the security of your systems and data. For more information {@see
599+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
594600
* @type array $credentialsConfig
595601
* Options used to configure credentials, including auth token caching, for the
596602
* client. For a full list of supporting configuration options, see

Batch/src/V1/Client/BatchServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,12 @@ public static function parseName(string $formattedName, ?string $template = null
299299
* {@see \Google\Auth\FetchAuthTokenInterface} object or
300300
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
301301
* objects are provided, any settings in $credentialsConfig will be ignored.
302+
* *Important*: If you accept a credential configuration (credential
303+
* JSON/File/Stream) from an external source for authentication to Google Cloud
304+
* Platform, you must validate it before providing it to any Google API or library.
305+
* Providing an unvalidated credential configuration to Google APIs can compromise
306+
* the security of your systems and data. For more information {@see
307+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
302308
* @type array $credentialsConfig
303309
* Options used to configure credentials, including auth token caching, for the
304310
* client. For a full list of supporting configuration options, see

BeyondCorpAppConnections/src/V1/Client/AppConnectionsServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -306,6 +306,12 @@ public static function parseName(string $formattedName, ?string $template = null
306306
* {@see \Google\Auth\FetchAuthTokenInterface} object or
307307
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
308308
* objects are provided, any settings in $credentialsConfig will be ignored.
309+
* *Important*: If you accept a credential configuration (credential
310+
* JSON/File/Stream) from an external source for authentication to Google Cloud
311+
* Platform, you must validate it before providing it to any Google API or library.
312+
* Providing an unvalidated credential configuration to Google APIs can compromise
313+
* the security of your systems and data. For more information {@see
314+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
309315
* @type array $credentialsConfig
310316
* Options used to configure credentials, including auth token caching, for the
311317
* client. For a full list of supporting configuration options, see

BeyondCorpAppConnectors/src/V1/Client/AppConnectorsServiceClient.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -266,6 +266,12 @@ public static function parseName(string $formattedName, ?string $template = null
266266
* {@see \Google\Auth\FetchAuthTokenInterface} object or
267267
* {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
268268
* objects are provided, any settings in $credentialsConfig will be ignored.
269+
* *Important*: If you accept a credential configuration (credential
270+
* JSON/File/Stream) from an external source for authentication to Google Cloud
271+
* Platform, you must validate it before providing it to any Google API or library.
272+
* Providing an unvalidated credential configuration to Google APIs can compromise
273+
* the security of your systems and data. For more information {@see
274+
* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
269275
* @type array $credentialsConfig
270276
* Options used to configure credentials, including auth token caching, for the
271277
* client. For a full list of supporting configuration options, see

0 commit comments

Comments
 (0)