NotificationsYou must be signed in to change notification settings
Fork95
Star144

Commit0ec1825

authored

docs: Add warnings regarding consuming externally sourced credentials (#783)

1 parentd151313 commit0ec1825Copy full SHA for 0ec1825

File tree

5 files changed

+72

-0

lines changed

google/api_core
- client_options.py
- grpc_helpers.py
- grpc_helpers_async.py
- operations_v1/transports
  - base.py
  - rest.py

5 files changed

+72

-0

lines changed

`‎google/api_core/client_options.py‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,6 +69,18 @@ class ClientOptions(object):`
`69`	`69`	`quota belongs to.`
`70`	`70`	`credentials_file (Optional[str]): A path to a file storing credentials.`
`71`	`71`	``credentials_file` and ``api_key`` are mutually exclusive.
	`72`	`+`
	`73`	`+ .. warning::`
	`74`	`+ Important: If you accept a credential configuration (credential JSON/File/Stream)`
	`75`	`+ from an external source for authentication to Google Cloud Platform, you must`
	`76`	`+ validate it before providing it to any Google API or client library. Providing an`
	`77`	`+ unvalidated credential configuration to Google APIs or libraries can compromise`
	`78`	`+ the security of your systems and data. For more information, refer to`
	`79`	+ `Validate credential configurations from external sources`_.
	`80`	`+`
	`81`	`+ .. _Validate credential configurations from external sources:`
	`82`	`+`
	`83`	`+ https://cloud.google.com/docs/authentication/external/externally-sourced-credentials`
`72`	`84`	`scopes (Optional[Sequence[str]]): OAuth access token override scopes.`
`73`	`85`	api_key (Optional[str]): Google API key. ``credentials_file`` and
`74`	`86`	``api_key`` are mutually exclusive.

`‎google/api_core/grpc_helpers.py‎`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -216,6 +216,18 @@ def _create_composite_credentials(`
`216`	`216`	`credentials_file (str): A file with credentials that can be loaded with`
`217`	`217`	:func:`google.auth.load_credentials_from_file`. This argument is
`218`	`218`	`mutually exclusive with credentials.`
	`219`	`+`
	`220`	`+ .. warning::`
	`221`	`+ Important: If you accept a credential configuration (credential JSON/File/Stream)`
	`222`	`+ from an external source for authentication to Google Cloud Platform, you must`
	`223`	`+ validate it before providing it to any Google API or client library. Providing an`
	`224`	`+ unvalidated credential configuration to Google APIs or libraries can compromise`
	`225`	`+ the security of your systems and data. For more information, refer to`
	`226`	+ `Validate credential configurations from external sources`_.
	`227`	`+`
	`228`	`+ .. _Validate credential configurations from external sources:`
	`229`	`+`
	`230`	`+ https://cloud.google.com/docs/authentication/external/externally-sourced-credentials`
`219`	`231`	`default_scopes (Sequence[str]): A optional list of scopes needed for this`
`220`	`232`	`service. These are only used when credentials are not specified and`
`221`	`233`	are passed to :func:`google.auth.default`.
`@@ -316,6 +328,18 @@ def create_channel(`
`316`	`328`	`credentials_file (str): A file with credentials that can be loaded with`
`317`	`329`	:func:`google.auth.load_credentials_from_file`. This argument is
`318`	`330`	`mutually exclusive with credentials.`
	`331`	`+`
	`332`	`+ .. warning::`
	`333`	`+ Important: If you accept a credential configuration (credential JSON/File/Stream)`
	`334`	`+ from an external source for authentication to Google Cloud Platform, you must`
	`335`	`+ validate it before providing it to any Google API or client library. Providing an`
	`336`	`+ unvalidated credential configuration to Google APIs or libraries can compromise`
	`337`	`+ the security of your systems and data. For more information, refer to`
	`338`	+ `Validate credential configurations from external sources`_.
	`339`	`+`
	`340`	`+ .. _Validate credential configurations from external sources:`
	`341`	`+`
	`342`	`+ https://cloud.google.com/docs/authentication/external/externally-sourced-credentials`
`319`	`343`	`quota_project_id (str): An optional project to use for billing and quota.`
`320`	`344`	`default_scopes (Sequence[str]): Default scopes passed by a Google client`
`321`	`345`	`library. Use 'scopes' for user-defined scopes.`

`‎google/api_core/grpc_helpers_async.py‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -236,6 +236,18 @@ def create_channel(`
`236`	`236`	`credentials_file (str): A file with credentials that can be loaded with`
`237`	`237`	:func:`google.auth.load_credentials_from_file`. This argument is
`238`	`238`	`mutually exclusive with credentials.`
	`239`	`+`
	`240`	`+ .. warning::`
	`241`	`+ Important: If you accept a credential configuration (credential JSON/File/Stream)`
	`242`	`+ from an external source for authentication to Google Cloud Platform, you must`
	`243`	`+ validate it before providing it to any Google API or client library. Providing an`
	`244`	`+ unvalidated credential configuration to Google APIs or libraries can compromise`
	`245`	`+ the security of your systems and data. For more information, refer to`
	`246`	+ `Validate credential configurations from external sources`_.
	`247`	`+`
	`248`	`+ .. _Validate credential configurations from external sources:`
	`249`	`+`
	`250`	`+ https://cloud.google.com/docs/authentication/external/externally-sourced-credentials`
`239`	`251`	`quota_project_id (str): An optional project to use for billing and quota.`
`240`	`252`	`default_scopes (Sequence[str]): Default scopes passed by a Google client`
`241`	`253`	`library. Use 'scopes' for user-defined scopes.`

`‎google/api_core/operations_v1/transports/base.py‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,18 @@ def __init__(`
`72`	`72`	`credentials_file (Optional[str]): A file with credentials that can`
`73`	`73`	be loaded with :func:`google.auth.load_credentials_from_file`.
`74`	`74`	`This argument is mutually exclusive with credentials.`
	`75`	`+`
	`76`	`+ .. warning::`
	`77`	`+ Important: If you accept a credential configuration (credential JSON/File/Stream)`
	`78`	`+ from an external source for authentication to Google Cloud Platform, you must`
	`79`	`+ validate it before providing it to any Google API or client library. Providing an`
	`80`	`+ unvalidated credential configuration to Google APIs or libraries can compromise`
	`81`	`+ the security of your systems and data. For more information, refer to`
	`82`	+ `Validate credential configurations from external sources`_.
	`83`	`+`
	`84`	`+ .. _Validate credential configurations from external sources:`
	`85`	`+`
	`86`	`+ https://cloud.google.com/docs/authentication/external/externally-sourced-credentials`
`75`	`87`	`scopes (Optional[Sequence[str]]): A list of scopes.`
`76`	`88`	`quota_project_id (Optional[str]): An optional project to use for billing`
`77`	`89`	`and quota.`

`‎google/api_core/operations_v1/transports/rest.py‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,18 @@ def __init__(`
`94`	`94`	`credentials_file (Optional[str]): A file with credentials that can`
`95`	`95`	be loaded with :func:`google.auth.load_credentials_from_file`.
`96`	`96`	This argument is ignored if ``channel`` is provided.
	`97`	`+`
	`98`	`+ .. warning::`
	`99`	`+ Important: If you accept a credential configuration (credential JSON/File/Stream)`
	`100`	`+ from an external source for authentication to Google Cloud Platform, you must`
	`101`	`+ validate it before providing it to any Google API or client library. Providing an`
	`102`	`+ unvalidated credential configuration to Google APIs or libraries can compromise`
	`103`	`+ the security of your systems and data. For more information, refer to`
	`104`	+ `Validate credential configurations from external sources`_.
	`105`	`+`
	`106`	`+ .. _Validate credential configurations from external sources:`
	`107`	`+`
	`108`	`+ https://cloud.google.com/docs/authentication/external/externally-sourced-credentials`
`97`	`109`	`scopes (Optional(Sequence[str])): A list of scopes. This argument is`
`98`	`110`	ignored if ``channel`` is provided.
`99`	`111`	`client_cert_source_for_mtls (Callable[[], Tuple[bytes, bytes]]): Client`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0ec1825

File tree

5 files changed

5 files changed

`‎google/api_core/client_options.py‎`

`‎google/api_core/grpc_helpers.py‎`

`‎google/api_core/grpc_helpers_async.py‎`

`‎google/api_core/operations_v1/transports/base.py‎`

`‎google/api_core/operations_v1/transports/rest.py‎`

0 commit comments