update a `load_credentials_*` method into a `credential-type-specific` load method

A recent change ([PR #1812](https://github.com/googleapis/google-auth-library-python/pull/1812/files)) causes a warning to be emitted when a user attempts to use a method that "does not validate the credential configuration".

It appears that within this library we have at least one location where we end up using one of these unsafe methods, specifically (`credentials, project_id = load_credentials_from_file`) on [line 342](https://github.com/googleapis/google-auth-library-python/blob/819199ac180e368823e1364695273aa41851cc6e/google/auth/_default.py#L342) (there may be more).

This was detected when this `continuous` test failed in the python-dns library: https://github.com/googleapis/python-dns/issues/318

ACTION: update the method into a `credential-type-specific` load method.

```
tests/system/test_system.py:22: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
google/cloud/dns/client.py:72: in __init__
    super(Client, self).__init__(
.nox/system-3-8/lib/python3.8/site-packages/google/cloud/client/__init__.py:338: in __init__
    _ClientProjectMixin.__init__(self, project=project, credentials=credentials)
.nox/system-3-8/lib/python3.8/site-packages/google/cloud/client/__init__.py:286: in __init__
    project = self._determine_default(project)
.nox/system-3-8/lib/python3.8/site-packages/google/cloud/client/__init__.py:305: in _determine_default
    return _determine_default_project(project)
.nox/system-3-8/lib/python3.8/site-packages/google/cloud/_helpers/__init__.py:152: in _determine_default_project
    _, project = google.auth.default()
.nox/system-3-8/lib/python3.8/site-packages/google/auth/_default.py:700: in default
    credentials, project_id = checker()
.nox/system-3-8/lib/python3.8/site-packages/google/auth/_default.py:693: in 
    lambda: _get_explicit_environ_credentials(quota_project_id=quota_project_id),
.nox/system-3-8/lib/python3.8/site-packages/google/auth/_default.py:342: in _get_explicit_environ_credentials
    credentials, project_id = load_credentials_from_file(
.nox/system-3-8/lib/python3.8/site-packages/google/auth/_default.py:170: in load_credentials_from_file
    _warn_about_generic_load_method("load_credentials_from_file")
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

method_name = 'load_credentials_from_file'

    def _warn_about_generic_load_method(method_name):  # pragma: NO COVER
        """Warns that a generic load method is being used.
    
        This is to discourage use of the generic load methods in favor of
        more specific methods. The generic methods are more likely to lead to
        security issues if the input is not validated.
    
        Args:
            method_name (str): The name of the method being used.
        """
    
>       warnings.warn(_GENERIC_LOAD_METHOD_WARNING.format(method_name), DeprecationWarning)
E       DeprecationWarning: The load_credentials_from_file method is deprecated because of a potential security risk.
E       
E       This method does not validate the credential configuration. The security
E       risk occurs when a credential configuration is accepted from a source that
E       is not under your control and used without validation on your side.
E       
E       If you know that you will be loading credential configurations of a
E       specific type, it is recommended to use a credential-type-specific
E       load method.
E       This will ensure that an unexpected credential type with potential for
E       malicious intent is not loaded unintentionally. You might still have to do
E       validation for certain credential types. Please follow the recommendations
E       for that method. For example, if you want to load only service accounts,
E       you can create the service account credentials explicitly:
E       
E      
E       from google.oauth2 import service_account
E       creds = service_account.Credentials.from_service_account_file(filename)
E       
E       
E       If you are loading your credential configuration from an untrusted source and have
E       not mitigated the risks (e.g. by validating the configuration yourself), make
E       these changes as soon as possible to prevent security risks to your environment.
E       
E       Regardless of the method used, it is always your responsibility to validate
E       configurations received from external sources.
E       
E       Refer to https://cloud.google.com/docs/authentication/external/externally-sourced-credentials
E       for more details.

.nox/system-3-8/lib/python3.8/site-packages/google/auth/_default.py:122: DeprecationWarning
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

update a `load_credentials_*` method into a `credential-type-specific` load method #1814

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

update a load_credentials_* method into a credential-type-specific load method #1814

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

update a `load_credentials_*` method into a `credential-type-specific` load method #1814