Set up JpaTransactionManager in BEAM pipelines (#639)

* Set up JpaTransactionManager in BEAM pipelines

Added modules and utilities to create JpaTransactionManager in BEAM
pipelines.

Not wanting to set up AppEngine Remote API to access Keyring in the
Datastore, we instead use the credential files in GCS, which are
used by Spinnaker/Cloud Build and desktop access. Added utility
to download, decrypt, and parse the file. Also added/modified dagger
modules.

core/src/test/java/google/registry/beam/initsql/BackupPathsTest.java

@@ -0,0 +1,63 @@
+// Copyright 2020 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.beam.initsql;
+
+import static com.google.common.truth.Truth.assertThat;
+import static google.registry.beam.initsql.BackupPaths.getCloudSQLCredentialFilePatterns;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import org.junit.jupiter.api.Test;
+
+/** Unit tests for {@link google.registry.beam.initsql.BackupPaths}. */
+public class BackupPathsTest {
+
+  @Test
+  void getCloudSQLCredentialFilePatterns_alpha() {
+    assertThat(getCloudSQLCredentialFilePatterns("alpha"))
+        .containsExactly(
+            "gs://domain-registry-dev-deploy/cloudsql-credentials/alpha/admin_credential.enc");
+  }
+
+  @Test
+  void getCloudSQLCredentialFilePatterns_crash() {
+    assertThat(getCloudSQLCredentialFilePatterns("crash"))
+        .containsExactly(
+            "gs://domain-registry-dev-deploy/cloudsql-credentials/crash/admin_credential.enc");
+  }
+
+  @Test
+  void getCloudSQLCredentialFilePatterns_sandbox() {
+    assertThat(getCloudSQLCredentialFilePatterns("sandbox"))
+        .containsExactly(
+            "gs://domain-registry-dev-deploy/cloudsql-credentials/sandbox/admin_credential.enc");
+  }
+
+  @Test
+  void getCloudSQLCredentialFilePatterns_production() {
+    assertThat(getCloudSQLCredentialFilePatterns("production"))
+        .containsExactly(
+            "gs://domain-registry-dev-deploy/cloudsql-credentials/production/admin_credential.enc");
+  }
+
+  @Test
+  void getEnvFromProject_illegal() {
+    assertThrows(IllegalArgumentException.class, () -> getCloudSQLCredentialFilePatterns("bad"));
+  }
+
+  @Test
+  void getEnvFromProject_null() {
+    assertThrows(IllegalArgumentException.class, () -> getCloudSQLCredentialFilePatterns(null));
+  }
+}

core/src/test/java/google/registry/beam/initsql/BeamJpaModuleTest.java

@@ -0,0 +1,96 @@
+// Copyright 2020 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.beam.initsql;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.junit.Assume.assumeThat;
+
+import google.registry.persistence.NomulusPostgreSql;
+import google.registry.persistence.transaction.JpaTransactionManager;
+import java.io.File;
+import java.io.IOException;
+import java.io.PrintStream;
+import org.apache.beam.sdk.io.FileSystems;
+import org.apache.beam.sdk.options.PipelineOptionsFactory;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.testcontainers.containers.PostgreSQLContainer;
+
+/** Unit tests for {@link BeamJpaModule}. */
+@RunWith(JUnit4.class) // TODO(weiminyu): upgrade to JUnit 5.
+public class BeamJpaModuleTest {
+
+  @Rule
+  public PostgreSQLContainer database = new PostgreSQLContainer(NomulusPostgreSql.getDockerTag());
+
+  @Rule public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+  private File credentialFile;
+
+  @Before
+  public void beforeEach() throws IOException {
+    credentialFile = temporaryFolder.newFile();
+    new PrintStream(credentialFile)
+        .printf("%s %s %s", database.getJdbcUrl(), database.getUsername(), database.getPassword())
+        .close();
+  }
+
+  @Test
+  public void getJpaTransactionManager_local() {
+    JpaTransactionManager jpa =
+        DaggerBeamJpaModule_JpaTransactionManagerComponent.builder()
+            .beamJpaModule(new BeamJpaModule(credentialFile.getAbsolutePath()))
+            .build()
+            .localDbJpaTransactionManager();
+    assertThat(
+            jpa.transact(
+                () -> jpa.getEntityManager().createNativeQuery("select 1").getSingleResult()))
+        .isEqualTo(1);
+  }
+
+  /**
+   * Integration test with a GCP project, only run when the 'test.gcp_integration.env' property is
+   * defined. Otherwise this test is ignored. This is meant to be run from a developer's desktop,
+   * with auth already set up by gcloud.
+   *
+   * <p>Example: {@code gradlew test -P test.gcp_integration.env=alpha}.
+   *
+   * <p>See <a href="../../../../../../../../java_common.gradle">java_common.gradle</a> for more
+   * information.
+   */
+  @Test
+  public void getJpaTransactionManager_cloudSql_authRequired() {
+    String environmentName = System.getProperty("test.gcp_integration.env");
+    assumeThat(environmentName, notNullValue());
+
+    FileSystems.setDefaultPipelineOptions(PipelineOptionsFactory.create());
+    JpaTransactionManager jpa =
+        DaggerBeamJpaModule_JpaTransactionManagerComponent.builder()
+            .beamJpaModule(
+                new BeamJpaModule(
+                    BackupPaths.getCloudSQLCredentialFilePatterns(environmentName).get(0)))
+            .build()
+            .cloudSqlJpaTransactionManager();
+    assertThat(
+            jpa.transact(
+                () -> jpa.getEntityManager().createNativeQuery("select 1").getSingleResult()))
+        .isEqualTo(1);
+  }
+}

core/src/test/java/google/registry/persistence/PersistenceModuleTest.java

@@ -42,7 +42,7 @@ public class PersistenceModuleTest {
             database.getJdbcUrl(),
             database.getUsername(),
             database.getPassword(),
-            PersistenceModule.providesDefaultDatabaseConfigs());
+            PersistenceModule.provideDefaultDatabaseConfigs());
   }
 
   @AfterEach

core/src/test/java/google/registry/persistence/transaction/JpaTransactionManagerRule.java

@@ -166,7 +166,7 @@ abstract class JpaTransactionManagerRule extends ExternalResource {
           new String(Files.readAllBytes(tempSqlFile.toPath()), StandardCharsets.UTF_8));
     }
 
-    ImmutableMap properties = PersistenceModule.providesDefaultDatabaseConfigs();
+    ImmutableMap properties = PersistenceModule.provideDefaultDatabaseConfigs();
     if (!userProperties.isEmpty()) {
       // If there are user properties, create a new properties object with these added.
       Map<String, String> mergedProperties = Maps.newHashMap();