docs: add warning against accepting untrusted credentials (#8037)

PiperOrigin-RevId: 719330114 Source-Link: googleapis/googleapis@9e0f143 Source-Link: googleapis/googleapis-gen@9612bdf Copy-Tag: eyJwIjoiQWNjZXNzQXBwcm92YWwvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQWNjZXNzQ29udGV4dE1hbmFnZXIvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQWRzQWRNYW5hZ2VyLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQWRzTWFya2V0aW5nUGxhdGZvcm1BZG1pbi8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQWR2aXNvcnlOb3RpZmljYXRpb25zLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQWlQbGF0Zm9ybS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQWxsb3lEYi8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQW5hbHl0aWNzQWRtaW4vLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQW5hbHl0aWNzRGF0YS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQXBpR2F0ZXdheS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQXBpSHViLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQXBpS2V5cy8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQXBpZ2VlQ29ubmVjdC8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9 Copy-Tag: eyJwIjoiQXBpZ2VlUmVnaXN0cnkvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQXBwRW5naW5lQWRtaW4vLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQXBwSHViLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0= Copy-Tag: eyJwIjoiQXBwc0NoYXQvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQXBwc0V2ZW50c1N1YnNjcmlwdGlvbnMvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQXBwc01lZXQvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ== Copy-Tag: eyJwIjoiQXJ0aWZhY3RSZWdpc3RyeS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9

Author: gcf-owl-bot[bot]

AccessApproval/src/V1/Client/AccessApprovalClient.php

@@ -371,6 +371,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AccessContextManager/src/V1/Client/AccessContextManagerClient.php

@@ -345,6 +345,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/AdUnitServiceClient.php

@@ -187,6 +187,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CompanyServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CustomFieldServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CustomTargetingKeyServiceClient.php

@@ -186,6 +186,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CustomTargetingValueServiceClient.php

@@ -193,6 +193,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/EntitySignalsMappingServiceClient.php

@@ -196,6 +196,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/NetworkServiceClient.php

@@ -167,6 +167,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/OrderServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
  * {@see \Google\Auth\FetchAuthTokenInterface} object or
  * {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
  * objects are provided, any settings in $credentialsConfig will be ignored.
+ * *Important*: If you accept a credential configuration (credential
+ * JSON/File/Stream) from an external source for authentication to Google Cloud
+ * Platform, you must validate it before providing it to any Google API or library.
+ * Providing an unvalidated credential configuration to Google APIs can compromise
+ * the security of your systems and data. For more information {@see
+ * https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
  * @type array $credentialsConfig
  * Options used to configure credentials, including auth token caching, for the
  * client. For a full list of supporting configuration options, see