From 43b15570f8cd4d6e157c68294fa988c0be47f3d0 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Tue, 28 Oct 2025 12:44:40 -0700 Subject: [PATCH 1/3] docs: add warning about loading unvalidated credentials --- google-cloud-bigquery/AUTHENTICATION.md | 15 +++++-- .../lib/google-cloud-bigquery.rb | 22 +++++++-- .../lib/google/cloud/bigquery.rb | 34 ++++++++++---- google-cloud-bigtable/AUTHENTICATION.md | 15 +++++-- .../lib/google-cloud-bigtable.rb | 45 ++++++++++++------- .../lib/google/cloud/bigtable.rb | 7 ++- google-cloud-datastore/AUTHENTICATION.md | 15 +++++-- google-cloud-datastore/OVERVIEW.md | 7 ++- google-cloud-datastore/README.md | 7 ++- .../lib/google-cloud-datastore.rb | 22 +++++++-- .../lib/google/cloud/datastore.rb | 24 ++++++++-- google-cloud-dns/AUTHENTICATION.md | 15 +++++-- google-cloud-dns/lib/google-cloud-dns.rb | 22 +++++++-- google-cloud-dns/lib/google/cloud/dns.rb | 24 ++++++++-- google-cloud-firestore/AUTHENTICATION.md | 15 +++++-- google-cloud-firestore/README.md | 7 ++- .../lib/google-cloud-firestore.rb | 22 +++++++-- .../lib/google/cloud/firestore.rb | 24 ++++++++-- google-cloud-logging/AUTHENTICATION.md | 15 +++++-- .../lib/google-cloud-logging.rb | 22 +++++++-- .../lib/google/cloud/logging.rb | 24 ++++++++-- google-cloud-pubsub/AUTHENTICATION.md | 15 +++++-- google-cloud-pubsub/README.md | 7 ++- .../lib/google-cloud-pubsub.rb | 22 +++++++-- .../lib/google/cloud/pubsub.rb | 21 +++++++-- .../AUTHENTICATION.md | 14 +++++- google-cloud-translate/AUTHENTICATION.md | 14 +++++- google-cloud-translate/MIGRATING.md | 44 ++++++++++++++---- .../lib/google/cloud/translate/helpers.rb | 14 ++++-- 29 files changed, 444 insertions(+), 110 deletions(-) diff --git a/google-cloud-bigquery/AUTHENTICATION.md b/google-cloud-bigquery/AUTHENTICATION.md index bd8ddeba1cdf..686a410e6a40 100644 --- a/google-cloud-bigquery/AUTHENTICATION.md +++ b/google-cloud-bigquery/AUTHENTICATION.md @@ -67,12 +67,14 @@ The environment variables that BigQuery checks for credentials are configured on 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/bigquery" -ENV["BIGQUERY_PROJECT"] = "my-project-id" -ENV["BIGQUERY_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -bigquery = Google::Cloud::Bigquery.new +bigquery = Google::Cloud::Bigquery.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -81,11 +83,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/bigquery" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Bigquery.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end bigquery = Google::Cloud::Bigquery.new diff --git a/google-cloud-bigquery/lib/google-cloud-bigquery.rb b/google-cloud-bigquery/lib/google-cloud-bigquery.rb index a4cce81a5d43..726677e49ee2 100644 --- a/google-cloud-bigquery/lib/google-cloud-bigquery.rb +++ b/google-cloud-bigquery/lib/google-cloud-bigquery.rb @@ -87,9 +87,25 @@ def bigquery scope: nil, retries: nil, timeout: nil # # @param [String] project_id Identifier for a BigQuery project. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Bigquery::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Bigquery::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # client = ::Google::Cloud::Bigquery.new credentials: credentials + # # @param [String, Array] scope The OAuth 2.0 scopes controlling the # set of resources and operations that the connection can access. See # [Using OAuth 2.0 to Access Google diff --git a/google-cloud-bigquery/lib/google/cloud/bigquery.rb b/google-cloud-bigquery/lib/google/cloud/bigquery.rb index 48d213dd40a1..17abf2176309 100644 --- a/google-cloud-bigquery/lib/google/cloud/bigquery.rb +++ b/google-cloud-bigquery/lib/google/cloud/bigquery.rb @@ -37,9 +37,26 @@ module Bigquery # # @param [String] project_id Identifier for a BigQuery project. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Bigquery::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Bigquery::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # client = ::Google::Cloud::Bigquery.new do |config| + # config.credentials = credentials + # end # @param [String, Array] scope The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # See # [Using OAuth 2.0 to Access Google # @@ -98,12 +115,11 @@ def self.new project_id: nil, credentials: nil, scope: nil, retries: nil, timeou # # * `project_id` - (String) Identifier for a BigQuery project. (The # parameter `project` is considered deprecated, but may also be used.) - # * `credentials` - (String, Hash, Google::Auth::Credentials) The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Bigquery::Credentials}) (The - # parameter `keyfile` is considered deprecated, but may also be used.) - # * `endpoint` - (String) Override of the endpoint host name, or `nil` - # to use the default endpoint. + # * `credentials` - (Google::Auth::Credentials) A Google::Auth::Credentials + # object. (See {Bigquery::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. # * `scope` - (String, Array) The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # * `retries` - (Integer) Number of times to retry requests on server diff --git a/google-cloud-bigtable/AUTHENTICATION.md b/google-cloud-bigtable/AUTHENTICATION.md index 43bc5f628bc1..7a62d1881730 100644 --- a/google-cloud-bigtable/AUTHENTICATION.md +++ b/google-cloud-bigtable/AUTHENTICATION.md @@ -85,12 +85,14 @@ The environment variables that google-cloud-bigtable checks for credentials are 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/bigtable" -ENV["BIGTABLE_PROJECT"] = "my-project-id" -ENV["BIGTABLE_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -client = Google::Cloud::Bigtable.new +client = Google::Cloud::Bigtable.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -99,11 +101,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/bigtable" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Bigtable.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end client = Google::Cloud::Bigtable.new diff --git a/google-cloud-bigtable/lib/google-cloud-bigtable.rb b/google-cloud-bigtable/lib/google-cloud-bigtable.rb index a63842321cfa..e71186e2cf27 100644 --- a/google-cloud-bigtable/lib/google-cloud-bigtable.rb +++ b/google-cloud-bigtable/lib/google-cloud-bigtable.rb @@ -40,29 +40,31 @@ module Cloud # updater_proc is supplied. # @param timeout [Integer] # The default timeout, in seconds, for calls made through this client. - # @param credentials [Google::Auth::Credentials, String, Hash, GRPC::Core::Channel, + # @param credentials [Google::Auth::Credentials, GRPC::Core::Channel, # GRPC::Core::ChannelCredentials, Proc] - # Provides the means for authenticating requests made by the client. This parameter can + # The means for authenticating requests made by the client. This parameter can # be one of the following types. # `Google::Auth::Credentials` uses the properties of its represented keyfile for # authenticating requests made by this client. - # `String` will be treated as the path to the keyfile to use to construct - # credentials for this client. - # `Hash` will be treated as the contents of a keyfile to use to construct - # credentials for this client. # `GRPC::Core::Channel` will be used to make calls through. # `GRPC::Core::ChannelCredentials` will be used to set up the gRPC client. The channel credentials # should already be composed with a `GRPC::Core::CallCredentials` object. # `Proc` will be used as an updater_proc for the gRPC channel. The proc transforms the # metadata for requests, generally, to give OAuth credentials. - # @return [Google::Cloud::Bigtable::Project] + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. # - # @example - # require "google/cloud/bigtable" + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. # - # gcloud = Google::Cloud.new + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) # - # bigtable = gcloud.bigtable + # client = Google::Cloud.bigtable credentials: credentials # def bigtable scope: nil, timeout: nil, credentials: nil credentials ||= @keyfile @@ -83,21 +85,32 @@ def bigtable scope: nil, timeout: nil, credentials: nil # Project identifier for the Bigtable service you # are connecting to. If not present, the default project for the # credentials is used. - # @param credentials [Google::Auth::Credentials, String, Hash, GRPC::Core::Channel, + # @param credentials [Google::Auth::Credentials, GRPC::Core::Channel, # GRPC::Core::ChannelCredentials, Proc] # The means for authenticating requests made by the client. This parameter can # be one of the following types. # `Google::Auth::Credentials` uses the properties of its represented keyfile for # authenticating requests made by this client. - # `String` will be treated as the path to the keyfile to use to construct - # credentials for this client. - # `Hash` will be treated as the contents of a keyfile to use to construct - # credentials for this client. # `GRPC::Core::Channel` will be used to make calls through. # `GRPC::Core::ChannelCredentials` will be used to set up the gRPC client. The channel credentials # should already be composed with a `GRPC::Core::CallCredentials` object. # `Proc` will be used as an updater_proc for the gRPC channel. The proc transforms the # metadata for requests, generally, to give OAuth credentials. + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # client = Google::Cloud.bigtable credentials: credentials + # # @param scope [Array] # The OAuth 2.0 scopes controlling the set of resources and operations # that the connection can access. See [Using OAuth 2.0 to Access Google diff --git a/google-cloud-bigtable/lib/google/cloud/bigtable.rb b/google-cloud-bigtable/lib/google/cloud/bigtable.rb index 2687997de433..97cf204ce875 100644 --- a/google-cloud-bigtable/lib/google/cloud/bigtable.rb +++ b/google-cloud-bigtable/lib/google/cloud/bigtable.rb @@ -43,15 +43,14 @@ module Bigtable # be one of the following types: # `Google::Auth::Credentials` uses the properties of its represented keyfile for # authenticating requests made by this client. - # `String` will be treated as the path to the keyfile to use to construct - # credentials for this client. - # `Hash` will be treated as the contents of a keyfile to use to construct - # credentials for this client. # `GRPC::Core::Channel` will be used to make calls through. # `GRPC::Core::ChannelCredentials` for the setting up the gRPC client. The channel credentials # should already be composed with a `GRPC::Core::CallCredentials` object. # `Proc` will be used as an updater_proc for the gRPC channel. The proc transforms the # metadata for requests, generally, to give OAuth credentials. + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. # @param universe_domain [String] Override of the universe domain. Optional. # @param endpoint [String] Override of the endpoint host name. Optional. # If the param is nil, uses the default endpoint. diff --git a/google-cloud-datastore/AUTHENTICATION.md b/google-cloud-datastore/AUTHENTICATION.md index c3980282643e..4e901976bb01 100644 --- a/google-cloud-datastore/AUTHENTICATION.md +++ b/google-cloud-datastore/AUTHENTICATION.md @@ -86,12 +86,14 @@ The environment variables that google-cloud-datastore checks for credentials are 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/datastore" -ENV["DATASTORE_PROJECT"] = "my-project-id" -ENV["DATASTORE_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -client = Google::Cloud::Datastore.new +client = Google::Cloud::Datastore.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -100,11 +102,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/datastore" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Datastore.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end client = Google::Cloud::Datastore.new diff --git a/google-cloud-datastore/OVERVIEW.md b/google-cloud-datastore/OVERVIEW.md index cba24c93a88e..75d960b5ac14 100644 --- a/google-cloud-datastore/OVERVIEW.md +++ b/google-cloud-datastore/OVERVIEW.md @@ -14,11 +14,16 @@ your code or via environment variables. Read more about the options for connecting in the [Authentication Guide](AUTHENTICATION.md). ```ruby +require "googleauth" require "google/cloud/datastore" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + datastore = Google::Cloud::Datastore.new( project_id: "my-todo-project", - credentials: "/path/to/keyfile.json" + credentials: credentials ) task = datastore.find "Task", "sampleTask" diff --git a/google-cloud-datastore/README.md b/google-cloud-datastore/README.md index 2f6ebd65fc9c..fec6d89e88b7 100644 --- a/google-cloud-datastore/README.md +++ b/google-cloud-datastore/README.md @@ -23,11 +23,16 @@ Instructions and configuration options are covered in the [Authentication Guide] ## Example ```ruby +require "googleauth" require "google/cloud/datastore" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + datastore = Google::Cloud::Datastore.new( project_id: "my-todo-project", - credentials: "/path/to/keyfile.json" + credentials: credentials ) # Create a new task to demo datastore diff --git a/google-cloud-datastore/lib/google-cloud-datastore.rb b/google-cloud-datastore/lib/google-cloud-datastore.rb index f83fdbcf3176..d338b16ed931 100644 --- a/google-cloud-datastore/lib/google-cloud-datastore.rb +++ b/google-cloud-datastore/lib/google-cloud-datastore.rb @@ -84,9 +84,25 @@ def datastore scope: nil, timeout: nil, database_id: nil # # @param [String] project_id Identifier for a Datastore project. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Datastore::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Datastore::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # datastore = Google::Cloud::Datastore.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling the # set of resources and operations that the connection can access. See # [Using OAuth 2.0 to Access Google diff --git a/google-cloud-datastore/lib/google/cloud/datastore.rb b/google-cloud-datastore/lib/google/cloud/datastore.rb index c69d4b9424df..912b580cb4cd 100644 --- a/google-cloud-datastore/lib/google/cloud/datastore.rb +++ b/google-cloud-datastore/lib/google/cloud/datastore.rb @@ -58,9 +58,27 @@ module Datastore # # @param [String] project_id Identifier for a Datastore project. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Datastore::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Datastore::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # datastore = Google::Cloud::Datastore.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # See [Using OAuth 2.0 to Access Google diff --git a/google-cloud-dns/AUTHENTICATION.md b/google-cloud-dns/AUTHENTICATION.md index 275932f582d7..e1242c31c09e 100644 --- a/google-cloud-dns/AUTHENTICATION.md +++ b/google-cloud-dns/AUTHENTICATION.md @@ -68,12 +68,14 @@ The environment variables that DNS checks for credentials are configured on 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/dns" -ENV["DNS_PROJECT"] = "my-project-id" -ENV["DNS_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -dns = Google::Cloud::Dns.new +dns = Google::Cloud::Dns.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -82,11 +84,16 @@ The **Project ID** and **Credentials JSON** can be configured instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/dns" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Dns.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end dns = Google::Cloud::Dns.new diff --git a/google-cloud-dns/lib/google-cloud-dns.rb b/google-cloud-dns/lib/google-cloud-dns.rb index 5a9d694cebb4..2887ef322d96 100644 --- a/google-cloud-dns/lib/google-cloud-dns.rb +++ b/google-cloud-dns/lib/google-cloud-dns.rb @@ -80,9 +80,25 @@ def dns scope: nil, retries: nil, timeout: nil # # @param [String] project_id Identifier for a DNS project. If not present, # the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Dns::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Dns::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # dns = Google::Cloud::Dns.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling the # set of resources and operations that the connection can access. See # [Using OAuth 2.0 to Access Google diff --git a/google-cloud-dns/lib/google/cloud/dns.rb b/google-cloud-dns/lib/google/cloud/dns.rb index 53d63db314e1..09c09ba12db6 100644 --- a/google-cloud-dns/lib/google/cloud/dns.rb +++ b/google-cloud-dns/lib/google/cloud/dns.rb @@ -42,9 +42,27 @@ module Dns # # @param [String] project_id Identifier for a DNS project. If not present, # the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Dns::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Dns::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # dns = Google::Cloud::Dns.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # See [Using OAuth 2.0 to Access Google diff --git a/google-cloud-firestore/AUTHENTICATION.md b/google-cloud-firestore/AUTHENTICATION.md index dd768e31606f..db316b4e90ce 100644 --- a/google-cloud-firestore/AUTHENTICATION.md +++ b/google-cloud-firestore/AUTHENTICATION.md @@ -85,12 +85,14 @@ The environment variables that google-cloud-firestore checks for credentials are 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/firestore" -ENV["FIRESTORE_PROJECT"] = "my-project-id" -ENV["FIRESTORE_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -client = Google::Cloud::Firestore.new +client = Google::Cloud::Firestore.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -99,11 +101,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/firestore" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Firestore.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end client = Google::Cloud::Firestore.new diff --git a/google-cloud-firestore/README.md b/google-cloud-firestore/README.md index eb606f0ae8c0..b899f8449540 100644 --- a/google-cloud-firestore/README.md +++ b/google-cloud-firestore/README.md @@ -29,11 +29,16 @@ $ gem install google-cloud-firestore ## Example ```ruby +require "googleauth" require "google/cloud/firestore" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + firestore = Google::Cloud::Firestore.new( project_id: "my-project", - credentials: "/path/to/keyfile.json" + credentials: credentials ) city = firestore.col("cities").doc("SF") diff --git a/google-cloud-firestore/lib/google-cloud-firestore.rb b/google-cloud-firestore/lib/google-cloud-firestore.rb index 1be849045d25..6c4fc2377e2a 100644 --- a/google-cloud-firestore/lib/google-cloud-firestore.rb +++ b/google-cloud-firestore/lib/google-cloud-firestore.rb @@ -91,9 +91,25 @@ def firestore scope: nil, # # @param [String] project_id Identifier for a Firestore project. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Firestore::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Firestore::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # firestore = Google::Cloud::Firestore.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling the # set of resources and operations that the connection can access. See # [Using OAuth 2.0 to Access Google diff --git a/google-cloud-firestore/lib/google/cloud/firestore.rb b/google-cloud-firestore/lib/google/cloud/firestore.rb index a02678721dde..b3d3ecbf70b4 100644 --- a/google-cloud-firestore/lib/google/cloud/firestore.rb +++ b/google-cloud-firestore/lib/google/cloud/firestore.rb @@ -43,9 +43,27 @@ module Firestore # # @param [String] project_id Identifier for a Firestore project. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Firestore::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Firestore::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # firestore = Google::Cloud::Firestore.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # See [Using OAuth 2.0 to Access Google diff --git a/google-cloud-logging/AUTHENTICATION.md b/google-cloud-logging/AUTHENTICATION.md index 17d49708da33..383ae31f19c0 100644 --- a/google-cloud-logging/AUTHENTICATION.md +++ b/google-cloud-logging/AUTHENTICATION.md @@ -86,12 +86,14 @@ configured on `Google::Cloud::Logging::V2::LoggingService::Credentials`: 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/logging" -ENV["LOGGING_PROJECT"] = "my-project-id" -ENV["LOGGING_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -client = Google::Cloud::Logging.new +client = Google::Cloud::Logging.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -100,11 +102,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/logging" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Logging.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end client = Google::Cloud::Logging.new diff --git a/google-cloud-logging/lib/google-cloud-logging.rb b/google-cloud-logging/lib/google-cloud-logging.rb index 2eff7fee5f14..3d5a7b42a021 100644 --- a/google-cloud-logging/lib/google-cloud-logging.rb +++ b/google-cloud-logging/lib/google-cloud-logging.rb @@ -80,9 +80,25 @@ def logging scope: nil, timeout: nil # @param [String] project_id Project identifier for the Stackdriver Logging # service you are connecting to. If not present, the default project for # the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Logging::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Logging::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # logging = Google::Cloud::Logging.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling the # set of resources and operations that the connection can access. See # [Using OAuth 2.0 to Access Google diff --git a/google-cloud-logging/lib/google/cloud/logging.rb b/google-cloud-logging/lib/google/cloud/logging.rb index 774bda594d5d..5dd79c1f2a4e 100644 --- a/google-cloud-logging/lib/google/cloud/logging.rb +++ b/google-cloud-logging/lib/google/cloud/logging.rb @@ -50,9 +50,27 @@ module Logging # @param [String] project_id Project identifier for the Stackdriver # Logging service you are connecting to. If not present, the default # project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {Logging::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Logging::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # logging = Google::Cloud::Logging.new( + # project_id: "my-project-id", + # credentials: credentials + # ) # @param [String, Array] scope The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # See [Using OAuth 2.0 to Access Google diff --git a/google-cloud-pubsub/AUTHENTICATION.md b/google-cloud-pubsub/AUTHENTICATION.md index 3f17b5e10331..b76ae5717f50 100644 --- a/google-cloud-pubsub/AUTHENTICATION.md +++ b/google-cloud-pubsub/AUTHENTICATION.md @@ -86,12 +86,14 @@ are configured on {Google::Cloud::PubSub::Credentials}: 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby +require "googleauth" require "google/cloud/pubsub" -ENV["PUBSUB_PROJECT"] = "my-project-id" -ENV["PUBSUB_CREDENTIALS"] = "path/to/keyfile.json" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) -client = Google::Cloud::PubSub.new +client = Google::Cloud::PubSub.new project_id: "my-project-id", credentials: credentials ``` ### Configuration @@ -100,11 +102,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur instead of placing them in environment variables or providing them as arguments. ```ruby +require "googleauth" require "google/cloud/pubsub" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::PubSub.configure do |config| config.project_id = "my-project-id" - config.credentials = "path/to/keyfile.json" + config.credentials = credentials end client = Google::Cloud::PubSub.new diff --git a/google-cloud-pubsub/README.md b/google-cloud-pubsub/README.md index ee92f6b7b19c..080d33a1cf61 100644 --- a/google-cloud-pubsub/README.md +++ b/google-cloud-pubsub/README.md @@ -21,11 +21,16 @@ Instructions and configuration options are covered in the [Authentication Guide] ## Example ```ruby +require "googleauth" require "google/cloud/pubsub" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + pubsub = Google::Cloud::PubSub.new( project_id: "my-project", - credentials: "/path/to/keyfile.json" + credentials: credentials ) # Get a publisher for a topic diff --git a/google-cloud-pubsub/lib/google-cloud-pubsub.rb b/google-cloud-pubsub/lib/google-cloud-pubsub.rb index a6412dcb711e..da6899323b9a 100644 --- a/google-cloud-pubsub/lib/google-cloud-pubsub.rb +++ b/google-cloud-pubsub/lib/google-cloud-pubsub.rb @@ -76,10 +76,24 @@ def pubsub scope: nil, timeout: nil # @param [String] project_id Project identifier for the Pub/Sub service you # are connecting to. If not present, the default project for the # credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. - # (See {Google::Cloud::PubSub::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {Google::Cloud::PubSub::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # pubsub = Google::Cloud::Pubsub.new project_id: "my-project", credentials: credentials # @param [String, Array] scope The OAuth 2.0 scopes controlling the # set of resources and operations that the connection can access. See # [Using OAuth 2.0 to Access Google diff --git a/google-cloud-pubsub/lib/google/cloud/pubsub.rb b/google-cloud-pubsub/lib/google/cloud/pubsub.rb index f4f4319757c3..0963999262a7 100644 --- a/google-cloud-pubsub/lib/google/cloud/pubsub.rb +++ b/google-cloud-pubsub/lib/google/cloud/pubsub.rb @@ -43,9 +43,24 @@ module PubSub # @param [String] project_id Project identifier for the Pub/Sub service # you are connecting to. If not present, the default project for the # credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to - # the keyfile as a String, the contents of the keyfile as a Hash, or a - # Google::Auth::Credentials object. (See {PubSub::Credentials}) + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. (See {PubSub::Credentials}) + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. + # + # @example + # + # # The recommended way to provide credentials is to use the `make_creds` method + # # on the appropriate credentials class for your environment. + # + # require "googleauth" + # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # + # pubsub = Google::Cloud::Pubsub.new project_id: "my-project", credentials: credentials # @param [String, Array] scope The OAuth 2.0 scopes controlling # the set of resources and operations that the connection can access. # See [Using OAuth 2.0 to Access Google diff --git a/google-cloud-resource_manager/AUTHENTICATION.md b/google-cloud-resource_manager/AUTHENTICATION.md index a0127ab5179c..c8e9afa43d64 100644 --- a/google-cloud-resource_manager/AUTHENTICATION.md +++ b/google-cloud-resource_manager/AUTHENTICATION.md @@ -54,20 +54,30 @@ whenever possible. To configure a credentials file for an individual client initialization: ```ruby +require "googleauth" require "google/cloud/resource_manager" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + client = Google::Cloud::ResourceManager.folders do |config| - config.credentials = "path/to/credentialfile.json" + config.credentials = credentials end ``` To configure a credentials file globally for all clients: ```ruby +require "googleauth" require "google/cloud/resource_manager" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::ResourceManager.configure do |config| - config.credentials = "path/to/credentialfile.json" + config.credentials = credentials end client = Google::Cloud::ResourceManager.folders diff --git a/google-cloud-translate/AUTHENTICATION.md b/google-cloud-translate/AUTHENTICATION.md index caba11945d31..206e5c8a7f4b 100644 --- a/google-cloud-translate/AUTHENTICATION.md +++ b/google-cloud-translate/AUTHENTICATION.md @@ -54,20 +54,30 @@ whenever possible. To configure a credentials file for an individual client initialization: ```ruby +require "googleauth" require "google/cloud/translate" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + client = Google::Cloud::Translate.translation_service do |config| - config.credentials = "path/to/credentialfile.json" + config.credentials = credentials end ``` To configure a credentials file globally for all clients: ```ruby +require "googleauth" require "google/cloud/translate" +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + Google::Cloud::Translate.configure do |config| - config.credentials = "path/to/credentialfile.json" + config.credentials = credentials end client = Google::Cloud::Translate.translation_service diff --git a/google-cloud-translate/MIGRATING.md b/google-cloud-translate/MIGRATING.md index aa4648face99..7c04d67c2c60 100644 --- a/google-cloud-translate/MIGRATING.md +++ b/google-cloud-translate/MIGRATING.md @@ -77,22 +77,43 @@ you would have used previously. To create a V3 (or later) client, use the `translation_service` class method and set options in a configuration block. Old (V3): -``` -client = Google::Cloud::Translate.new credentials: "/path/to/credentials.json" +```ruby +require "googleauth" +require "google/cloud/translate" + +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + +client = Google::Cloud::Translate.new credentials: credentials ``` Old (V2): -``` +```ruby +require "googleauth" +require "google/cloud/translate" + +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + client = Google::Cloud::Translate.new version: :v2, - credentials: "/path/to/credentials.json" + credentials: credentials ``` New (V3): -``` +```ruby +require "googleauth" +require "google/cloud/translate" + +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + # Call the translation_service method to create a V3 client, # and pass a block to configure the client. client = Google::Cloud::Translate.translation_service do |config| - config.credentials = "/path/to/credentials.json" + config.credentials = credentials end # You can omit the block if you're keeping the default configuration @@ -100,11 +121,18 @@ default_client = Google::Cloud::Translate.translation_service ``` New (V2): -``` +```ruby +require "googleauth" +require "google/cloud/translate" + +credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + json_key_io: ::File.open("/path/to/keyfile.json") +) + # Call the separate translation_v2_service method to create a legacy V2 client, # and pass configuration as keyword arguments. client = Google::Cloud::Translate.translation_v2_service( - credentials: "/path/to/credentials.json") + credentials: credentials) ``` ### Passing Arguments diff --git a/google-cloud-translate/lib/google/cloud/translate/helpers.rb b/google-cloud-translate/lib/google/cloud/translate/helpers.rb index 7b2ac4fe2901..643958d2d611 100644 --- a/google-cloud-translate/lib/google/cloud/translate/helpers.rb +++ b/google-cloud-translate/lib/google/cloud/translate/helpers.rb @@ -29,8 +29,11 @@ module Translate # # @param [String] project_id Project identifier for the Cloud Translation service you are connecting to. If not # present, the default project for the credentials is used. - # @param [String, Hash, Google::Auth::Credentials] credentials The path to the keyfile as a String, the contents - # of the keyfile as a Hash, or a Google::Auth::Credentials object. + # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials + # object. + # @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials + # is deprecated. Providing an unvalidated credential configuration to + # Google APIs can compromise the security of your systems and data. # @param [String] key a public API access key (not an OAuth 2.0 token) # @param [String, Array] scope The OAuth 2.0 scopes controlling the set of resources and operations that # the connection can access. See [Using OAuth 2.0 to Access Google @@ -48,12 +51,17 @@ module Translate # @return [Google::Cloud::Translate::V2::Api] # # @example + # require "googleauth" # require "google/cloud/translate/v2" # + # credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( + # json_key_io: ::File.open("/path/to/keyfile.json") + # ) + # # translate = Google::Cloud::Translate::V2.new( # version: :v2, # project_id: "my-todo-project", - # credentials: "/path/to/keyfile.json" + # credentials: credentials # ) # # translation = translate.translate "Hello world!", to: "la" From 34fed49bc7baae41eaf1d771d2e4b9dd8e43167b Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Tue, 28 Oct 2025 16:28:53 -0700 Subject: [PATCH 2/3] chore: Update broken links in Cloud DNS --- google-cloud-dns/OVERVIEW.md | 4 ++-- google-cloud-dns/README.md | 3 ++- google-cloud-dns/lib/google/cloud/dns.rb | 4 ++-- google-cloud-dns/lib/google/cloud/dns/record.rb | 4 ++-- google-cloud-dns/lib/google/cloud/dns/zone.rb | 10 +++++----- .../lib/google/cloud/dns/zone/transaction.rb | 8 ++++---- 6 files changed, 17 insertions(+), 16 deletions(-) diff --git a/google-cloud-dns/OVERVIEW.md b/google-cloud-dns/OVERVIEW.md index ebc12174a933..0149ec19455a 100644 --- a/google-cloud-dns/OVERVIEW.md +++ b/google-cloud-dns/OVERVIEW.md @@ -4,8 +4,8 @@ Google Cloud DNS is a high-performance, resilient, global DNS service that provides a cost-effective way to make your applications and services available to your users. This programmable, authoritative DNS service can be used to easily publish and manage DNS records using the same -infrastructure relied upon by Google. To learn more, read [What is Google -Cloud DNS?](https://cloud.google.com/dns/what-is-cloud-dns). +infrastructure relied upon by Google. To learn more, read [Cloud DNS +Overview](https://cloud.google.com/dns/docs/overview). The goal of google-cloud is to provide an API that is comfortable to Rubyists. Your authentication credentials are detected automatically in Google Cloud diff --git a/google-cloud-dns/README.md b/google-cloud-dns/README.md index 03cff7788cf6..6293cd180d50 100644 --- a/google-cloud-dns/README.md +++ b/google-cloud-dns/README.md @@ -1,6 +1,7 @@ # google-cloud-dns -[Google Cloud DNS](https://cloud.google.com/dns/) ([docs](https://cloud.google.com/dns/docs)) is a high-performance, resilient, global DNS service that provides a cost-effective way to make your applications and services available to your users. This programmable, authoritative DNS service can be used to easily publish and manage DNS records using the same infrastructure relied upon by Google. To learn more, read [What is Google Cloud DNS?](https://cloud.google.com/dns/what-is-cloud-dns). +[Google Cloud DNS](https://cloud.google.com/dns/) ([docs](https://cloud.google.com/dns/docs)) is a high-performance, resilient, global DNS service that provides a cost-effective way to make your applications and services available to your users. +This programmable, authoritative DNS service can be used to easily publish and manage DNS records using the same infrastructure relied upon by Google. - [google-cloud-dns API documentation](https://googleapis.dev/ruby/google-cloud-dns/latest) - [google-cloud-dns on RubyGems](https://rubygems.org/gems/google-cloud-dns) diff --git a/google-cloud-dns/lib/google/cloud/dns.rb b/google-cloud-dns/lib/google/cloud/dns.rb index 09c09ba12db6..dff9db8b32ba 100644 --- a/google-cloud-dns/lib/google/cloud/dns.rb +++ b/google-cloud-dns/lib/google/cloud/dns.rb @@ -27,8 +27,8 @@ module Cloud # provides a cost-effective way to make your applications and services # available to your users. This programmable, authoritative DNS service can # be used to easily publish and manage DNS records using the same - # infrastructure relied upon by Google. To learn more, read [What is Google - # Cloud DNS?](https://cloud.google.com/dns/what-is-cloud-dns). + # infrastructure relied upon by Google. To learn more, read [Cloud + # DNS Overview](https://cloud.google.com/dns/docs/overview). # # See {file:OVERVIEW.md Google Cloud DNS Overview}. # diff --git a/google-cloud-dns/lib/google/cloud/dns/record.rb b/google-cloud-dns/lib/google/cloud/dns/record.rb index 027c9a80801c..76df99afc459 100644 --- a/google-cloud-dns/lib/google/cloud/dns/record.rb +++ b/google-cloud-dns/lib/google/cloud/dns/record.rb @@ -52,7 +52,7 @@ class Record ## # The identifier of a [supported record type - # ](https://cloud.google.com/dns/what-is-cloud-dns#supported_record_types). + # ](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # # @return [String] @@ -83,7 +83,7 @@ class Record # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Integer] ttl The number of seconds that the record can be # cached by resolvers. diff --git a/google-cloud-dns/lib/google/cloud/dns/zone.rb b/google-cloud-dns/lib/google/cloud/dns/zone.rb index 819a1d88571a..045a9591d937 100644 --- a/google-cloud-dns/lib/google/cloud/dns/zone.rb +++ b/google-cloud-dns/lib/google/cloud/dns/zone.rb @@ -256,7 +256,7 @@ def changes token: nil, max: nil, order: nil # @param [String] name Return only records with this domain or subdomain # name. # @param [String] type Return only records with this [record - # type](https://cloud.google.com/dns/what-is-cloud-dns). If present, + # type](https://cloud.google.com/dns/docs/records-overview). If present, # the `name` parameter must also be present. # @param [String] token A previously-returned page token representing # part of the larger set of results to view. @@ -505,7 +505,7 @@ def update additions = [], deletions = [], skip_soa: nil, soa_serial: nil # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Integer] ttl The number of seconds that the record can be # cached by resolvers. @@ -547,7 +547,7 @@ def add name, type, ttl, data, skip_soa: nil, soa_serial: nil # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Boolean] skip_soa Do not automatically update the SOA record # serial number. See {#update} for details. @@ -581,7 +581,7 @@ def remove name, type, skip_soa: nil, soa_serial: nil # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Integer] ttl The number of seconds that the record can be # cached by resolvers. @@ -627,7 +627,7 @@ def to_zonefile # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Boolean] skip_soa Do not automatically update the SOA record # serial number. See {#update} for details. diff --git a/google-cloud-dns/lib/google/cloud/dns/zone/transaction.rb b/google-cloud-dns/lib/google/cloud/dns/zone/transaction.rb index 8c1e829853ee..b97b16eb50bf 100644 --- a/google-cloud-dns/lib/google/cloud/dns/zone/transaction.rb +++ b/google-cloud-dns/lib/google/cloud/dns/zone/transaction.rb @@ -57,7 +57,7 @@ def initialize zone # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Integer] ttl The number of seconds that the record can be # cached by resolvers. @@ -88,7 +88,7 @@ def add name, type, ttl, data # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # # @example @@ -111,7 +111,7 @@ def remove name, type # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @param [Integer] ttl The number of seconds that the record can be # cached by resolvers. @@ -146,7 +146,7 @@ def replace name, type, ttl, data # @param [String] name The owner of the record. For example: # `example.com.`. # @param [String] type The identifier of a [supported record - # type](https://cloud.google.com/dns/what-is-cloud-dns). + # type](https://cloud.google.com/dns/docs/records-overview). # For example: `A`, `AAAA`, `CNAME`, `MX`, or `TXT`. # @yield [record] a block yielding each matching record # @yieldparam [Record] record the record to be modified From a0ef858c64c57e715d5722834acbe39f4ae4880d Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Thu, 30 Oct 2025 11:23:26 -0700 Subject: [PATCH 3/3] Add warning to AUTHENTICATION.md & revert env variables --- google-cloud-bigquery/AUTHENTICATION.md | 14 +++++--- google-cloud-bigtable/AUTHENTICATION.md | 14 +++++--- .../lib/google-cloud-bigtable.rb | 4 ++- google-cloud-datastore/AUTHENTICATION.md | 14 +++++--- google-cloud-dns/AUTHENTICATION.md | 14 +++++--- google-cloud-firestore/AUTHENTICATION.md | 14 +++++--- google-cloud-logging/AUTHENTICATION.md | 14 +++++--- google-cloud-pubsub/AUTHENTICATION.md | 14 +++++--- .../AUTHENTICATION.md | 6 ++++ google-cloud-translate/AUTHENTICATION.md | 6 ++++ google-cloud-translate/MIGRATING.md | 33 ++++--------------- 11 files changed, 84 insertions(+), 63 deletions(-) diff --git a/google-cloud-bigquery/AUTHENTICATION.md b/google-cloud-bigquery/AUTHENTICATION.md index 686a410e6a40..ea3125b11dea 100644 --- a/google-cloud-bigquery/AUTHENTICATION.md +++ b/google-cloud-bigquery/AUTHENTICATION.md @@ -28,6 +28,12 @@ providing **Project ID** and **Service Account Credentials** directly in code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -67,14 +73,12 @@ The environment variables that BigQuery checks for credentials are configured on 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/bigquery" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["BIGQUERY_PROJECT"] = "my-project-id" +ENV["BIGQUERY_CREDENTIALS"] = "path/to/keyfile.json" -bigquery = Google::Cloud::Bigquery.new project_id: "my-project-id", credentials: credentials +bigquery = Google::Cloud::Bigquery.new ``` ### Configuration diff --git a/google-cloud-bigtable/AUTHENTICATION.md b/google-cloud-bigtable/AUTHENTICATION.md index 7a62d1881730..b28dbda6e0a2 100644 --- a/google-cloud-bigtable/AUTHENTICATION.md +++ b/google-cloud-bigtable/AUTHENTICATION.md @@ -46,6 +46,12 @@ code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -85,14 +91,12 @@ The environment variables that google-cloud-bigtable checks for credentials are 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/bigtable" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["BIGTABLE_PROJECT"] = "my-project-id" +ENV["BIGTABLE_CREDENTIALS"] = "path/to/keyfile.json" -client = Google::Cloud::Bigtable.new project_id: "my-project-id", credentials: credentials +client = Google::Cloud::Bigtable.new ``` ### Configuration diff --git a/google-cloud-bigtable/lib/google-cloud-bigtable.rb b/google-cloud-bigtable/lib/google-cloud-bigtable.rb index e71186e2cf27..daceabd5029b 100644 --- a/google-cloud-bigtable/lib/google-cloud-bigtable.rb +++ b/google-cloud-bigtable/lib/google-cloud-bigtable.rb @@ -64,7 +64,9 @@ module Cloud # json_key_io: ::File.open("/path/to/keyfile.json") # ) # - # client = Google::Cloud.bigtable credentials: credentials + # gcloud = Google::Cloud.new + # + # bigtable = gcloud.bigtable credentials: credentials # def bigtable scope: nil, timeout: nil, credentials: nil credentials ||= @keyfile diff --git a/google-cloud-datastore/AUTHENTICATION.md b/google-cloud-datastore/AUTHENTICATION.md index 4e901976bb01..212d19b25999 100644 --- a/google-cloud-datastore/AUTHENTICATION.md +++ b/google-cloud-datastore/AUTHENTICATION.md @@ -46,6 +46,12 @@ code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -86,14 +92,12 @@ The environment variables that google-cloud-datastore checks for credentials are 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/datastore" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["DATASTORE_PROJECT"] = "my-project-id" +ENV["DATASTORE_CREDENTIALS"] = "path/to/keyfile.json" -client = Google::Cloud::Datastore.new project_id: "my-project-id", credentials: credentials +client = Google::Cloud::Datastore.new ``` ### Configuration diff --git a/google-cloud-dns/AUTHENTICATION.md b/google-cloud-dns/AUTHENTICATION.md index e1242c31c09e..79ee78ceb578 100644 --- a/google-cloud-dns/AUTHENTICATION.md +++ b/google-cloud-dns/AUTHENTICATION.md @@ -28,6 +28,12 @@ providing **Project ID** and **Service Account Credentials** directly in code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -68,14 +74,12 @@ The environment variables that DNS checks for credentials are configured on 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/dns" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["DNS_PROJECT"] = "my-project-id" +ENV["DNS_CREDENTIALS"] = "path/to/keyfile.json" -dns = Google::Cloud::Dns.new project_id: "my-project-id", credentials: credentials +dns = Google::Cloud::Dns.new ``` ### Configuration diff --git a/google-cloud-firestore/AUTHENTICATION.md b/google-cloud-firestore/AUTHENTICATION.md index db316b4e90ce..7bf3ba7b5573 100644 --- a/google-cloud-firestore/AUTHENTICATION.md +++ b/google-cloud-firestore/AUTHENTICATION.md @@ -46,6 +46,12 @@ code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -85,14 +91,12 @@ The environment variables that google-cloud-firestore checks for credentials are 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/firestore" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["FIRESTORE_PROJECT"] = "my-project-id" +ENV["FIRESTORE_CREDENTIALS"] = "path/to/keyfile.json" -client = Google::Cloud::Firestore.new project_id: "my-project-id", credentials: credentials +client = Google::Cloud::Firestore.new ``` ### Configuration diff --git a/google-cloud-logging/AUTHENTICATION.md b/google-cloud-logging/AUTHENTICATION.md index 383ae31f19c0..290bd8754dca 100644 --- a/google-cloud-logging/AUTHENTICATION.md +++ b/google-cloud-logging/AUTHENTICATION.md @@ -46,6 +46,12 @@ code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -86,14 +92,12 @@ configured on `Google::Cloud::Logging::V2::LoggingService::Credentials`: 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/logging" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["LOGGING_PROJECT"] = "my-project-id" +ENV["LOGGING_CREDENTIALS"] = "path/to/keyfile.json" -client = Google::Cloud::Logging.new project_id: "my-project-id", credentials: credentials +client = Google::Cloud::Logging.new ``` ### Configuration diff --git a/google-cloud-pubsub/AUTHENTICATION.md b/google-cloud-pubsub/AUTHENTICATION.md index b76ae5717f50..51ac3721ed8a 100644 --- a/google-cloud-pubsub/AUTHENTICATION.md +++ b/google-cloud-pubsub/AUTHENTICATION.md @@ -46,6 +46,12 @@ code. **Credentials** are discovered in the following order: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Specify credentials in method arguments 2. Specify credentials in configuration 3. Discover credentials path in environment variables @@ -86,14 +92,12 @@ are configured on {Google::Cloud::PubSub::Credentials}: 5. `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file ```ruby -require "googleauth" require "google/cloud/pubsub" -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) +ENV["PUBSUB_PROJECT"] = "my-project-id" +ENV["PUBSUB_CREDENTIALS"] = "path/to/keyfile.json" -client = Google::Cloud::PubSub.new project_id: "my-project-id", credentials: credentials +client = Google::Cloud::PubSub.new ``` ### Configuration diff --git a/google-cloud-resource_manager/AUTHENTICATION.md b/google-cloud-resource_manager/AUTHENTICATION.md index c8e9afa43d64..63cb1f139590 100644 --- a/google-cloud-resource_manager/AUTHENTICATION.md +++ b/google-cloud-resource_manager/AUTHENTICATION.md @@ -33,6 +33,12 @@ credentials, there are several methods available to you. Credentials are accepted in the following ways, in the following order or precedence: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Credentials specified in method arguments 2. Credentials specified in configuration 3. Credentials pointed to or included in environment variables diff --git a/google-cloud-translate/AUTHENTICATION.md b/google-cloud-translate/AUTHENTICATION.md index 206e5c8a7f4b..61c99d5f0270 100644 --- a/google-cloud-translate/AUTHENTICATION.md +++ b/google-cloud-translate/AUTHENTICATION.md @@ -33,6 +33,12 @@ credentials, there are several methods available to you. Credentials are accepted in the following ways, in the following order or precedence: +> [!WARNING] +> If you accept a credential configuration (JSON file or Hash) from an +> external source for authentication to Google Cloud, you must validate it before +> providing it to a Google API client library. Providing an unvalidated credential +> configuration to Google APIs can compromise the security of your systems and data. + 1. Credentials specified in method arguments 2. Credentials specified in configuration 3. Credentials pointed to or included in environment variables diff --git a/google-cloud-translate/MIGRATING.md b/google-cloud-translate/MIGRATING.md index 7c04d67c2c60..315270becfd3 100644 --- a/google-cloud-translate/MIGRATING.md +++ b/google-cloud-translate/MIGRATING.md @@ -77,28 +77,14 @@ you would have used previously. To create a V3 (or later) client, use the `translation_service` class method and set options in a configuration block. Old (V3): -```ruby -require "googleauth" -require "google/cloud/translate" - -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) - -client = Google::Cloud::Translate.new credentials: credentials +``` +client = Google::Cloud::Translate.new credentials: "/path/to/credentials.json" ``` Old (V2): -```ruby -require "googleauth" -require "google/cloud/translate" - -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) - +``` client = Google::Cloud::Translate.new version: :v2, - credentials: credentials + credentials: "/path/to/credentials.json" ``` New (V3): @@ -121,18 +107,11 @@ default_client = Google::Cloud::Translate.translation_service ``` New (V2): -```ruby -require "googleauth" -require "google/cloud/translate" - -credentials = ::Google::Auth::ServiceAccountCredentials.make_creds( - json_key_io: ::File.open("/path/to/keyfile.json") -) - +``` # Call the separate translation_v2_service method to create a legacy V2 client, # and pass configuration as keyword arguments. client = Google::Cloud::Translate.translation_v2_service( - credentials: credentials) + credentials: "/path/to/credentials.json") ``` ### Passing Arguments