chore: Update discovery artifacts#2745
Conversation
#### ces:v1 The following keys were added: - schemas.Deployment.properties.experimentConfig.$ref (Total Keys: 1) - schemas.ExperimentConfig (Total Keys: 14) - schemas.LoggingSettings.properties.unredactedAudioRecordingConfig.$ref (Total Keys: 1) - schemas.WidgetTool.properties.textResponseConfig.$ref (Total Keys: 1) - schemas.WidgetToolTextResponseConfig (Total Keys: 5) #### ces:v1beta The following keys were added: - schemas.Deployment.properties.experimentConfig.$ref (Total Keys: 1) - schemas.ExperimentConfig (Total Keys: 14) - schemas.ExportEvaluationResultsResponse (Total Keys: 5) - schemas.ExportEvaluationRunsResponse (Total Keys: 5) - schemas.LoggingSettings.properties.unredactedAudioRecordingConfig.$ref (Total Keys: 1) - schemas.WidgetTool.properties.textResponseConfig.$ref (Total Keys: 1) - schemas.WidgetToolTextResponseConfig (Total Keys: 5)
#### chromemanagement:v1 The following keys were deleted: - schemas.GoogleChromeManagementVersionsV1ListConnectorConfigsResponse.properties.totalSize (Total Keys: 2) The following keys were added: - resources.customers.resources.connectorConfigs.methods.patch (Total Keys: 14)
#### datamanager:v1 The following keys were changed: - resources.accountTypes.resources.accounts.resources.partnerLinks.methods.create.scopes (Total Keys: 1) - resources.accountTypes.resources.accounts.resources.partnerLinks.methods.delete.scopes (Total Keys: 1) - resources.accountTypes.resources.accounts.resources.partnerLinks.methods.search.scopes (Total Keys: 1)
#### displayvideo:v2 The following keys were added: - schemas.VideoAdInventoryControl.properties.allowNonSkippableInStream.type (Total Keys: 1) #### displayvideo:v3 The following keys were added: - schemas.VideoAdInventoryControl.properties.allowNonSkippableInStream.type (Total Keys: 1) #### displayvideo:v4 The following keys were added: - schemas.VideoAdInventoryControl.properties.allowNonSkippableInStream.type (Total Keys: 1)
#### games:v1 The following keys were added: - schemas.AchievementDefinition.properties.achievementLifecycleState (Total Keys: 2)
#### policytroubleshooter:v3beta The following keys were added: - schemas.GoogleIamV3PrincipalAccessBoundaryPolicyRule.properties.operation.$ref (Total Keys: 1) - schemas.GoogleIamV3PrincipalAccessBoundaryPolicyRuleOperation (Total Keys: 6)
#### workspaceevents:v1 The following keys were changed: - resources.operations.methods.get.scopes (Total Keys: 1) - resources.subscriptions.methods.create.scopes (Total Keys: 1) - resources.subscriptions.methods.delete.scopes (Total Keys: 1) - resources.subscriptions.methods.get.scopes (Total Keys: 1) - resources.subscriptions.methods.list.scopes (Total Keys: 1) - resources.subscriptions.methods.patch.scopes (Total Keys: 1) - resources.subscriptions.methods.reactivate.scopes (Total Keys: 1)
trusted-contributions-gcf
Bot
added
kokoro:force-run
yoshi-approver
added
the
automerge: exact
gcf-owl-bot
Bot
removed
the
owlbot:run
yoshi-kokoro
removed
the
kokoro:force-run
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates documentation and API discovery files to include details about base64 encoding and password usage for pkcs12 keys, adds new configuration fields for deployments and audio recording, and introduces a new Developer Knowledge API. My review identified a critical security issue regarding the inclusion of a hardcoded password, 'notasecret', in both the documentation and the API discovery document for the Android Enterprise service. This is a significant security risk and must be addressed by removing the hardcoded credential or adding a strong warning that it is insecure and must not be used in production.
| { # A service account identity, including the name and credentials that can be used to authenticate as the service account. | ||
| "key": { # *Deprecated:* New integrations cannot use this method and can refer to our new recommendations # Credentials that can be used to authenticate as this ServiceAccount. | ||
| "data": "A String", # The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google. | ||
| "data": "A String", # The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google. When type is "pkcs12", the contents of the data field is base64 encoded and has the password "notasecret". |
There was a problem hiding this comment.
The documentation mentions a hardcoded password notasecret. This is a significant security risk as it encourages the use of weak and well-known credentials. Hardcoded secrets should not be present in documentation. Please remove the mention of this password or add a strong warning that it is insecure and must not be used in production environments.
|
|
||
| { # *Deprecated:* New integrations cannot use this method and can refer to our new recommendations | ||
| "data": "A String", # The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google. | ||
| "data": "A String", # The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google. When type is "pkcs12", the contents of the data field is base64 encoded and has the password "notasecret". |
There was a problem hiding this comment.
The documentation mentions a hardcoded password notasecret. This is a significant security risk as it encourages the use of weak and well-known credentials. Hardcoded secrets should not be present in documentation. Please remove the mention of this password or add a strong warning that it is insecure and must not be used in production environments. This issue is also present on lines 134 and 158.
| "properties": { | ||
| "data": { | ||
| "description": "The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google.", | ||
| "description": "The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google. When type is \"pkcs12\", the contents of the data field is base64 encoded and has the password \"notasecret\".", |
There was a problem hiding this comment.
The API discovery document's description for ServiceAccountKey.data contains a hardcoded password notasecret. This is a significant security risk. Hardcoded credentials, especially weak and well-known ones, should not be part of the API definition. This encourages insecure practices by users of the API. Please remove the mention of this password from the description.
gcf-merge-on-green
Bot
removed
the
automerge: exact
4 participants
Deleted keys were detected in the following stable discovery artifacts:
chromemanagement v1 7c70f58
Discovery Artifact Change Summary:
feat(ces): update the api 93dd8d1
feat(chromemanagement): update the api 7c70f58
fix(datamanager): update the api 867d11d
feat(displayvideo): update the api 254d617
feat(games): update the api 8b77092
feat(policytroubleshooter): update the api 9d7a211
fix(workspaceevents): update the api 6bd8141