docs: Add warning note about user provided credential configurations. #2916
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amanda-tarafa
added
the
do not merge
|
FYI @sai-sunder-s @jskeet Not to be merged until confirmation |
| /// Providing an unvalidated credential configuration to Google APIs can compromise the security of your | ||
| /// systems and data. For more information, refer to | ||
| /// <see href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">Validate credential configurations from external sources</see>. | ||
| /// </remarks> |
There was a problem hiding this comment.
Do we need to update here? Only SA json can be accepted here right?
There was a problem hiding this comment.
Started an internal thread.
There was a problem hiding this comment.
We discussed internally, removing from here as it's not necessary.
jskeet
approved these changes
Jan 17, 2025
Towards b/389125232
amanda-tarafa
force-pushed
the
warning
branch
from
b565bad to
c7c4e27
Compare
sai-sunder-s
approved these changes
Jan 17, 2025
amanda-tarafa
removed
the
do not merge
amanda-tarafa
added a commit
to amanda-tarafa/google-api-dotnet-client
that referenced
this pull request
Jan 23, 2025
Fixes: - googleapis#2869 Use universe-domain instead of universe_domain as the MDS endpoint - googleapis#2870 BaseClientService.UniverDomain setter is obsolete - googleapis#2871 Pause automatic requests to MDS Universe Domain endpoint Features: - googleapis#2746 Simplify setting the HttpClient timeout - googleapis#2809 Improve error handling when signing with the IAM service BREAKING CHANGE: The ComputeCredential and ImpersonatedCredential SignBlobAsync methods will throw a GoogleApiException instead of a HttpRequestExtension. The GoogleApiException makes the HttpResponseMessage content available, which usually includes details about the error. We consider the risk of this change breaking users lower than the risk of disrupting all users with a new major version so we've decided to release this breaking change on a minor version of the library. Please create an issue on this repo if you are affected and we will e happy to help. - googleapis#2879 Use recommended retries for token and IAM sign blob endpoints - googleapis#2913 Support GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variable Dependencies: - googleapis#2730 Remove unused dependency Microsoft.AspNetCore.Authorization from Google.Apis.Auth.AspNetCore3 BREAKING CHANGE: Projects using Google.Apis.Auth.AspNetCore3 that transitively depend on Microsoft.AspNetCore.Authorization may be broken. They only need to add an implicit dependency themselves. We consider the risk of this change breaking users lower than the risk of disrupting all users with a new major version so we've decided to release this breaking change on a minor version of the library. Please create an issue on this repo if you are affected and we will e happy to help. Documentation: - googleapis#2916 Add warning note about user provided credential configurations
amanda-tarafa
added a commit
that referenced
this pull request
Jan 23, 2025
Fixes: - #2869 Use universe-domain instead of universe_domain as the MDS endpoint - #2870 BaseClientService.UniverDomain setter is obsolete - #2871 Pause automatic requests to MDS Universe Domain endpoint Features: - #2746 Simplify setting the HttpClient timeout - #2809 Improve error handling when signing with the IAM service BREAKING CHANGE: The ComputeCredential and ImpersonatedCredential SignBlobAsync methods will throw a GoogleApiException instead of a HttpRequestExtension. The GoogleApiException makes the HttpResponseMessage content available, which usually includes details about the error. We consider the risk of this change breaking users lower than the risk of disrupting all users with a new major version so we've decided to release this breaking change on a minor version of the library. Please create an issue on this repo if you are affected and we will e happy to help. - #2879 Use recommended retries for token and IAM sign blob endpoints - #2913 Support GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variable Dependencies: - #2730 Remove unused dependency Microsoft.AspNetCore.Authorization from Google.Apis.Auth.AspNetCore3 BREAKING CHANGE: Projects using Google.Apis.Auth.AspNetCore3 that transitively depend on Microsoft.AspNetCore.Authorization may be broken. They only need to add an implicit dependency themselves. We consider the risk of this change breaking users lower than the risk of disrupting all users with a new major version so we've decided to release this breaking change on a minor version of the library. Please create an issue on this repo if you are affected and we will e happy to help. Documentation: - #2916 Add warning note about user provided credential configurations
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Towards b/389125232