docs: add warning against accepting untrusted credentials (#8037)

PiperOrigin-RevId: 719330114
Source-Link: googleapis/googleapis@9e0f143
Source-Link: googleapis/googleapis-gen@9612bdf
Copy-Tag: eyJwIjoiQWNjZXNzQXBwcm92YWwvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQWNjZXNzQ29udGV4dE1hbmFnZXIvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQWRzQWRNYW5hZ2VyLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0=
Copy-Tag: eyJwIjoiQWRzTWFya2V0aW5nUGxhdGZvcm1BZG1pbi8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQWR2aXNvcnlOb3RpZmljYXRpb25zLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0=
Copy-Tag: eyJwIjoiQWlQbGF0Zm9ybS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQWxsb3lEYi8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQW5hbHl0aWNzQWRtaW4vLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQW5hbHl0aWNzRGF0YS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQXBpR2F0ZXdheS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQXBpSHViLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0=
Copy-Tag: eyJwIjoiQXBpS2V5cy8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQXBpZ2VlQ29ubmVjdC8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9
Copy-Tag: eyJwIjoiQXBpZ2VlUmVnaXN0cnkvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQXBwRW5naW5lQWRtaW4vLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQXBwSHViLy5Pd2xCb3QueWFtbCIsImgiOiI5NjEyYmRmODZjZGIxYTg5NDg1OTgwNmYzMzk1ODI5ZjFjYmE0ZjFjIn0=
Copy-Tag: eyJwIjoiQXBwc0NoYXQvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQXBwc0V2ZW50c1N1YnNjcmlwdGlvbnMvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQXBwc01lZXQvLk93bEJvdC55YW1sIiwiaCI6Ijk2MTJiZGY4NmNkYjFhODk0ODU5ODA2ZjMzOTU4MjlmMWNiYTRmMWMifQ==
Copy-Tag: eyJwIjoiQXJ0aWZhY3RSZWdpc3RyeS8uT3dsQm90LnlhbWwiLCJoIjoiOTYxMmJkZjg2Y2RiMWE4OTQ4NTk4MDZmMzM5NTgyOWYxY2JhNGYxYyJ9

AccessApproval/src/V1/Client/AccessApprovalClient.php

@@ -371,6 +371,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AccessContextManager/src/V1/Client/AccessContextManagerClient.php

@@ -345,6 +345,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/AdUnitServiceClient.php

@@ -187,6 +187,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CompanyServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CustomFieldServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CustomTargetingKeyServiceClient.php

@@ -186,6 +186,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/CustomTargetingValueServiceClient.php

@@ -193,6 +193,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/EntitySignalsMappingServiceClient.php

@@ -196,6 +196,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/NetworkServiceClient.php

@@ -167,6 +167,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/OrderServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/PlacementServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/ReportServiceClient.php

@@ -250,6 +250,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/RoleServiceClient.php

@@ -185,6 +185,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/TaxonomyCategoryServiceClient.php

@@ -186,6 +186,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsAdManager/src/V1/Client/UserServiceClient.php

@@ -166,6 +166,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdsMarketingPlatformAdmin/src/V1alpha/Client/MarketingplatformAdminServiceClient.php

@@ -231,6 +231,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see

AdvisoryNotifications/src/V1/Client/AdvisoryNotificationsServiceClient.php

@@ -319,6 +319,12 @@ public static function parseName(string $formattedName, ?string $template = null
      *           {@see \Google\Auth\FetchAuthTokenInterface} object or
      *           {@see \Google\ApiCore\CredentialsWrapper} object. Note that when one of these
      *           objects are provided, any settings in $credentialsConfig will be ignored.
+     *           *Important*: If you accept a credential configuration (credential
+     *           JSON/File/Stream) from an external source for authentication to Google Cloud
+     *           Platform, you must validate it before providing it to any Google API or library.
+     *           Providing an unvalidated credential configuration to Google APIs can compromise
+     *           the security of your systems and data. For more information {@see
+     *           https://cloud.google.com/docs/authentication/external/externally-sourced-credentials}
      *     @type array $credentialsConfig
      *           Options used to configure credentials, including auth token caching, for the
      *           client. For a full list of supporting configuration options, see