From b28885fbd46bf5772778c85d14e1f608b151e6d0 Mon Sep 17 00:00:00 2001 From: Diego Marquez Date: Wed, 22 Oct 2025 12:34:11 -0400 Subject: [PATCH 1/8] chore(docs): add warning for encoded credential --- .../cloud/spanner/connection/ConnectionOptions.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java index 13f316e2cc..3993adab5c 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java @@ -229,6 +229,14 @@ public class ConnectionOptions { /** Name of the 'encodedCredentials' connection property. */ public static final String ENCODED_CREDENTIALS_PROPERTY_NAME = "encodedCredentials"; + /** System property used to enable encoded credentials. + * WARNING: Enabling this property without proper validation can + * expose the application to security risks. + * It is intended for use with credentials from a trusted source only, + * as it could otherwise allow end-users to supply arbitrary credentials. + * For more information, see + * https://cloud.google.com/docs/authentication/client-libraries#external-credentials + */ public static final String ENABLE_ENCODED_CREDENTIALS_SYSTEM_PROPERTY = "ENABLE_ENCODED_CREDENTIALS"; From 749e6d315a9b76dccf53fed338f99914c2d9c9a3 Mon Sep 17 00:00:00 2001 From: Diego Marquez Date: Wed, 22 Oct 2025 12:37:32 -0400 Subject: [PATCH 2/8] chore: generalize comment --- .../com/google/cloud/spanner/connection/ConnectionOptions.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java index 3993adab5c..f07abe2b50 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java @@ -233,7 +233,7 @@ public class ConnectionOptions { * WARNING: Enabling this property without proper validation can * expose the application to security risks. * It is intended for use with credentials from a trusted source only, - * as it could otherwise allow end-users to supply arbitrary credentials. + * as it could otherwise allow the application to process arbitrary credentials. * For more information, see * https://cloud.google.com/docs/authentication/client-libraries#external-credentials */ From 2e4d7fafed9f13102e6a89b104fdfcbdcf710ebc Mon Sep 17 00:00:00 2001 From: cloud-java-bot Date: Wed, 22 Oct 2025 16:41:24 +0000 Subject: [PATCH 3/8] chore: generate libraries at Wed Oct 22 16:38:42 UTC 2025 --- .../cloud/spanner/connection/ConnectionOptions.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java index f07abe2b50..82ba2bc7e4 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java @@ -229,12 +229,11 @@ public class ConnectionOptions { /** Name of the 'encodedCredentials' connection property. */ public static final String ENCODED_CREDENTIALS_PROPERTY_NAME = "encodedCredentials"; - /** System property used to enable encoded credentials. - * WARNING: Enabling this property without proper validation can - * expose the application to security risks. - * It is intended for use with credentials from a trusted source only, - * as it could otherwise allow the application to process arbitrary credentials. - * For more information, see + /** + * System property used to enable encoded credentials. WARNING: Enabling this property without + * proper validation can expose the application to security risks. It is intended for use with + * credentials from a trusted source only, as it could otherwise allow the application to process + * arbitrary credentials. For more information, see * https://cloud.google.com/docs/authentication/client-libraries#external-credentials */ public static final String ENABLE_ENCODED_CREDENTIALS_SYSTEM_PROPERTY = From 1450b08936e2357ec6da92f0216b034da5ffc377 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Wed, 22 Oct 2025 20:05:06 +0000 Subject: [PATCH 4/8] Revert "chore(docs): add warning for encoded credential" This reverts commit b28885fbd46bf5772778c85d14e1f608b151e6d0. --- .../cloud/spanner/connection/ConnectionOptions.java | 8 -------- 1 file changed, 8 deletions(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java index 3993adab5c..13f316e2cc 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java @@ -229,14 +229,6 @@ public class ConnectionOptions { /** Name of the 'encodedCredentials' connection property. */ public static final String ENCODED_CREDENTIALS_PROPERTY_NAME = "encodedCredentials"; - /** System property used to enable encoded credentials. - * WARNING: Enabling this property without proper validation can - * expose the application to security risks. - * It is intended for use with credentials from a trusted source only, - * as it could otherwise allow end-users to supply arbitrary credentials. - * For more information, see - * https://cloud.google.com/docs/authentication/client-libraries#external-credentials - */ public static final String ENABLE_ENCODED_CREDENTIALS_SYSTEM_PROPERTY = "ENABLE_ENCODED_CREDENTIALS"; From 4282fdae7367f8f5227dfd0bc4a29a5963959f81 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Wed, 22 Oct 2025 20:10:44 +0000 Subject: [PATCH 5/8] chore: move warning to ConnectionProperties --- .../cloud/spanner/connection/ConnectionProperties.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java index f23082ea6c..e8d7fc12c1 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java @@ -270,7 +270,13 @@ public class ConnectionProperties { ENCODED_CREDENTIALS_PROPERTY_NAME, "Base64-encoded credentials to use for this connection. If neither this property or a" + " credentials location are set, the connection will use the default Google Cloud" - + " credentials for the runtime environment.", + + " credentials for the runtime environment." + + " WARNING: Enabling this property without proper validation can" + + " expose the application to security risks." + + " It is intended for use with credentials from a trusted source only," + + " as it could otherwise allow end-users to supply arbitrary credentials." + + " For more information, see" + + "https://cloud.google.com/docs/authentication/client-libraries#external-credentials", null, StringValueConverter.INSTANCE, Context.STARTUP); From 4c82899c4a482b51b85f683c40ef85aa3bd58313 Mon Sep 17 00:00:00 2001 From: cloud-java-bot Date: Wed, 22 Oct 2025 20:14:41 +0000 Subject: [PATCH 6/8] chore: generate libraries at Wed Oct 22 20:11:58 UTC 2025 --- .../cloud/spanner/connection/ConnectionProperties.java | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java index e8d7fc12c1..97044fa6df 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java @@ -270,12 +270,10 @@ public class ConnectionProperties { ENCODED_CREDENTIALS_PROPERTY_NAME, "Base64-encoded credentials to use for this connection. If neither this property or a" + " credentials location are set, the connection will use the default Google Cloud" - + " credentials for the runtime environment." - + " WARNING: Enabling this property without proper validation can" - + " expose the application to security risks." - + " It is intended for use with credentials from a trusted source only," - + " as it could otherwise allow end-users to supply arbitrary credentials." - + " For more information, see" + + " credentials for the runtime environment. WARNING: Enabling this property without" + + " proper validation can expose the application to security risks. It is intended" + + " for use with credentials from a trusted source only, as it could otherwise allow" + + " end-users to supply arbitrary credentials. For more information, see" + "https://cloud.google.com/docs/authentication/client-libraries#external-credentials", null, StringValueConverter.INSTANCE, From 30aeb8d20ba265390d6062fec26a62fe35ea3257 Mon Sep 17 00:00:00 2001 From: diegomarquezp Date: Wed, 22 Oct 2025 21:04:32 +0000 Subject: [PATCH 7/8] chore: add warning to CREDENTIALS_URL as well --- .../cloud/spanner/connection/ConnectionProperties.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java index e8d7fc12c1..d6be646bb6 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java @@ -261,7 +261,13 @@ public class ConnectionProperties { CREDENTIALS_PROPERTY_NAME, "The location of the credentials file to use for this connection. If neither this" + " property or encoded credentials are set, the connection will use the default" - + " Google Cloud credentials for the runtime environment.", + + " Google Cloud credentials for the runtime environment." + + " WARNING: Using this property without proper validation can" + + " expose the application to security risks." + + " It is intended for use with credentials from a trusted source only," + + " as it could otherwise allow end-users to supply arbitrary credentials." + + " For more information, see" + + "https://cloud.google.com/docs/authentication/client-libraries#external-credentials", DEFAULT_CREDENTIALS, StringValueConverter.INSTANCE, Context.STARTUP); From 00dacf6765b8f23ef84dda73b6363eac2849b47e Mon Sep 17 00:00:00 2001 From: cloud-java-bot Date: Wed, 22 Oct 2025 21:08:00 +0000 Subject: [PATCH 8/8] chore: generate libraries at Wed Oct 22 21:05:13 UTC 2025 --- .../spanner/connection/ConnectionProperties.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java index 781abbd051..b9f495cc32 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java @@ -261,13 +261,11 @@ public class ConnectionProperties { CREDENTIALS_PROPERTY_NAME, "The location of the credentials file to use for this connection. If neither this" + " property or encoded credentials are set, the connection will use the default" - + " Google Cloud credentials for the runtime environment." - + " WARNING: Using this property without proper validation can" - + " expose the application to security risks." - + " It is intended for use with credentials from a trusted source only," - + " as it could otherwise allow end-users to supply arbitrary credentials." - + " For more information, see" - + "https://cloud.google.com/docs/authentication/client-libraries#external-credentials", + + " Google Cloud credentials for the runtime environment. WARNING: Using this" + + " property without proper validation can expose the application to security risks." + + " It is intended for use with credentials from a trusted source only, as it could" + + " otherwise allow end-users to supply arbitrary credentials. For more information," + + " seehttps://cloud.google.com/docs/authentication/client-libraries#external-credentials", DEFAULT_CREDENTIALS, StringValueConverter.INSTANCE, Context.STARTUP);