Skip to content

Commit 45c3513

Browse files
quartzmoquartzmo
authored
docs(option): add warning about externally-provided credentials (#2978)
1 parent 76ccae7 commit 45c3513

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

option/option.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,13 +44,29 @@ func (w withCredFile) Apply(o *internal.DialSettings) {
4444
// WithCredentialsFile returns a ClientOption that authenticates
4545
// API calls with the given service account or refresh token JSON
4646
// credentials file.
47+
//
48+
// Important: If you accept a credential configuration (credential
49+
// JSON/File/Stream) from an external source for authentication to Google
50+
// Cloud Platform, you must validate it before providing it to any Google
51+
// API or library. Providing an unvalidated credential configuration to
52+
// Google APIs can compromise the security of your systems and data. For
53+
// more information, refer to [Validate credential configurations from
54+
// external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
4755
func WithCredentialsFile(filename string) ClientOption {
4856
return withCredFile(filename)
4957
}
5058

5159
// WithServiceAccountFile returns a ClientOption that uses a Google service
5260
// account credentials file to authenticate.
5361
//
62+
// Important: If you accept a credential configuration (credential
63+
// JSON/File/Stream) from an external source for authentication to Google
64+
// Cloud Platform, you must validate it before providing it to any Google
65+
// API or library. Providing an unvalidated credential configuration to
66+
// Google APIs can compromise the security of your systems and data. For
67+
// more information, refer to [Validate credential configurations from
68+
// external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
69+
//
5470
// Deprecated: Use WithCredentialsFile instead.
5571
func WithServiceAccountFile(filename string) ClientOption {
5672
return WithCredentialsFile(filename)
@@ -59,6 +75,14 @@ func WithServiceAccountFile(filename string) ClientOption {
5975
// WithCredentialsJSON returns a ClientOption that authenticates
6076
// API calls with the given service account or refresh token JSON
6177
// credentials.
78+
//
79+
// Important: If you accept a credential configuration (credential
80+
// JSON/File/Stream) from an external source for authentication to Google
81+
// Cloud Platform, you must validate it before providing it to any Google
82+
// API or library. Providing an unvalidated credential configuration to
83+
// Google APIs can compromise the security of your systems and data. For
84+
// more information, refer to [Validate credential configurations from
85+
// external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
6286
func WithCredentialsJSON(p []byte) ClientOption {
6387
return withCredentialsJSON(p)
6488
}

0 commit comments

Comments
 (0)