mirror of
https://github.com/google/nomulus.git
synced 2025-07-20 01:35:59 +02:00
Add the ability to provide credential JSON file to the nomulus tool
This allows us to run nomulus tool programmatically on environments that do not allow the 3-legged OAuth authentication flow. The provided JSON file corresponds to a service account, which must have GAE admin permission and whose client ID must be whitelisted in the config file. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=226008337
This commit is contained in:
parent
40b05ffb3c
commit
27b6231053
5 changed files with 76 additions and 20 deletions
|
@ -33,6 +33,7 @@ import com.google.common.collect.ImmutableMap;
|
|||
import com.google.common.collect.Ordering;
|
||||
import com.google.gson.Gson;
|
||||
import dagger.Binds;
|
||||
import dagger.Lazy;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.DefaultCredential;
|
||||
|
@ -45,12 +46,14 @@ import java.io.IOException;
|
|||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.inject.Named;
|
||||
import javax.inject.Qualifier;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
/**
|
||||
* Module providing the dependency graph for authorization credentials.
|
||||
*/
|
||||
/** Module providing the dependency graph for authorization credentials. */
|
||||
@Module
|
||||
public class AuthModule {
|
||||
|
||||
|
@ -84,9 +87,15 @@ public class AuthModule {
|
|||
@Provides
|
||||
@LocalCredential
|
||||
public static GoogleCredential provideLocalCredential(
|
||||
@LocalCredentialJson String credentialJson) {
|
||||
@LocalCredentialJson String credentialJson,
|
||||
@Config("localCredentialOauthScopes") ImmutableList<String> scopes) {
|
||||
try {
|
||||
return GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
|
||||
GoogleCredential credential =
|
||||
GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
|
||||
if (credential.createScopedRequired()) {
|
||||
credential = credential.createScoped(scopes);
|
||||
}
|
||||
return credential;
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
@ -133,15 +142,25 @@ public class AuthModule {
|
|||
@Provides
|
||||
@LocalCredentialJson
|
||||
public static String provideLocalCredentialJson(
|
||||
GoogleClientSecrets clientSecrets, @StoredCredential Credential credential) {
|
||||
return new Gson()
|
||||
.toJson(
|
||||
ImmutableMap.<String, String>builder()
|
||||
.put("type", "authorized_user")
|
||||
.put("client_id", clientSecrets.getDetails().getClientId())
|
||||
.put("client_secret", clientSecrets.getDetails().getClientSecret())
|
||||
.put("refresh_token", credential.getRefreshToken())
|
||||
.build());
|
||||
Lazy<GoogleClientSecrets> clientSecrets,
|
||||
@StoredCredential Lazy<Credential> credential,
|
||||
@Nullable @Named("credentialFileName") String credentialFilename) {
|
||||
try {
|
||||
if (credentialFilename != null) {
|
||||
return new String(Files.readAllBytes(Paths.get(credentialFilename)), UTF_8);
|
||||
} else {
|
||||
return new Gson()
|
||||
.toJson(
|
||||
ImmutableMap.<String, String>builder()
|
||||
.put("type", "authorized_user")
|
||||
.put("client_id", clientSecrets.get().getDetails().getClientId())
|
||||
.put("client_secret", clientSecrets.get().getDetails().getClientSecret())
|
||||
.put("refresh_token", credential.get().getRefreshToken())
|
||||
.build());
|
||||
}
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Provides
|
||||
|
|
|
@ -58,6 +58,13 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
|
|||
description = "Returns all command names.")
|
||||
private boolean showAllCommands;
|
||||
|
||||
@Parameter(
|
||||
names = {"--credential"},
|
||||
description =
|
||||
"Name of a JSON file containing credential information used by the tool. "
|
||||
+ "If not set, credentials saved by running `nomulus login' will be used.")
|
||||
private String credentialJson = null;
|
||||
|
||||
// Do not make this final - compile-time constant inlining may interfere with JCommander.
|
||||
@ParametersDelegate
|
||||
private LoggingParameters loggingParams = new LoggingParameters();
|
||||
|
@ -81,8 +88,6 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
|
|||
this.commands = commands;
|
||||
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
|
||||
component = DaggerRegistryToolComponent.create();
|
||||
}
|
||||
|
||||
// The <? extends Class<? extends Command>> wildcard looks a little funny, but is needed so that
|
||||
|
@ -146,6 +151,9 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
|
|||
checkState(RegistryToolEnvironment.get() == environment,
|
||||
"RegistryToolEnvironment argument pre-processing kludge failed.");
|
||||
|
||||
component =
|
||||
DaggerRegistryToolComponent.builder().credentialFilename(credentialJson).build();
|
||||
|
||||
// JCommander stores sub-commands as nested JCommander objects containing a list of user objects
|
||||
// to be populated. Extract the subcommand by getting the JCommander wrapper and then
|
||||
// retrieving the first (and, by virtue of our usage, only) object from it.
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
package google.registry.tools;
|
||||
|
||||
import dagger.BindsInstance;
|
||||
import dagger.Component;
|
||||
import google.registry.bigquery.BigqueryModule;
|
||||
import google.registry.config.CredentialModule.LocalCredentialJson;
|
||||
|
@ -36,6 +37,8 @@ import google.registry.util.AppEngineServiceUtilsImpl.AppEngineServiceUtilsModul
|
|||
import google.registry.util.SystemClock.SystemClockModule;
|
||||
import google.registry.util.SystemSleeper.SystemSleeperModule;
|
||||
import google.registry.whois.WhoisModule;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.inject.Named;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
/**
|
||||
|
@ -113,5 +116,12 @@ interface RegistryToolComponent {
|
|||
|
||||
@LocalCredentialJson
|
||||
String googleCredentialJson();
|
||||
}
|
||||
|
||||
@Component.Builder
|
||||
interface Builder {
|
||||
@BindsInstance
|
||||
Builder credentialFilename(@Nullable @Named("credentialFileName") String credentialFilename);
|
||||
|
||||
RegistryToolComponent build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ import com.google.api.client.http.HttpRequestFactory;
|
|||
import com.google.api.client.http.javanet.NetHttpTransport;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.LocalCredential;
|
||||
import google.registry.config.CredentialModule.DefaultCredential;
|
||||
import google.registry.config.RegistryConfig;
|
||||
|
||||
/**
|
||||
|
@ -35,7 +35,7 @@ class RequestFactoryModule {
|
|||
|
||||
@Provides
|
||||
static HttpRequestFactory provideHttpRequestFactory(
|
||||
@LocalCredential GoogleCredential credential) {
|
||||
@DefaultCredential GoogleCredential credential) {
|
||||
if (RegistryConfig.areServersLocal()) {
|
||||
return new NetHttpTransport()
|
||||
.createRequestFactory(
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue