From 21d0729bdd5a2437c89e820bbde3320133390ef2 Mon Sep 17 00:00:00 2001
From: Zach Himsel <zach@himsel.net>
Date: Wed, 27 Apr 2022 15:30:47 -0400
Subject: [PATCH] Don't output malformed credentials in error message (#11599)

If the JSON credentials are unable to be properly parsed, the error
message will output those very credentials _in plain text_ to the
console. This is obviously a serious security concern for any CI systems
running Terraform that may produce this error.

There's really no reason to output the "this string is what we can't
parse" in the error message. The `err` is sufficient enough. The user
can inspect their own JSON credentials file.

I'm sure this can be done a better way, maybe by outputting it to the
debug logs; however, this is a quick and easy fix to remove the security
concern from this issue immediately while a better solution can be
found.
---
 google/provider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/google/provider.go b/google/provider.go
index c1f2811eb16..99d98aa66be 100644
--- a/google/provider.go
+++ b/google/provider.go
@@ -1525,7 +1525,7 @@ func validateCredentials(v interface{}, k string) (warnings []string, errors []e
 	}
 	if _, err := googleoauth.CredentialsFromJSON(context.Background(), []byte(creds)); err != nil {
 		errors = append(errors,
-			fmt.Errorf("JSON credentials in %q are not valid: %s", creds, err))
+			fmt.Errorf("JSON credentials are not valid: %s", err))
 	}
 
 	return