Add the ability to provide credential JSON file to the nomulus tool

This allows us to run nomulus tool programmatically on environments that do not allow the 3-legged OAuth authentication flow. The provided JSON file corresponds to a service account, which must have GAE admin permission and whose client ID must be whitelisted in the config file. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=226008337
2025-07-25 20:18:34 +02:00 · 2018-12-18 09:25:06 -08:00 · 2018-12-18 09:25:06 -08:00 · 27b6231053
commit 27b6231053
parent 40b05ffb3c
5 changed files with 76 additions and 20 deletions
--- a/java/google/registry/tools/AuthModule.java
+++ b/java/google/registry/tools/AuthModule.java
@ -33,6 +33,7 @@ import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Ordering;
 import com.google.gson.Gson;
 import dagger.Binds;
+import dagger.Lazy;
 import dagger.Module;
 import dagger.Provides;
 import google.registry.config.CredentialModule.DefaultCredential;
@ -45,12 +46,14 @@ import java.io.IOException;
 import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import javax.annotation.Nullable;
+import javax.inject.Named;
 import javax.inject.Qualifier;
 import javax.inject.Singleton;

-/**
- * Module providing the dependency graph for authorization credentials.
- */
+/** Module providing the dependency graph for authorization credentials. */
@Module
 public class AuthModule {

@ -84,9 +87,15 @@ public class AuthModule {
  @Provides
  @LocalCredential
  public static GoogleCredential provideLocalCredential(
-      @LocalCredentialJson String credentialJson) {
+      @LocalCredentialJson String credentialJson,
+      @Config("localCredentialOauthScopes") ImmutableList<String> scopes) {
    try {
-      return GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
+      GoogleCredential credential =
+          GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
+      if (credential.createScopedRequired()) {
+        credential = credential.createScoped(scopes);
+      }
+      return credential;
    } catch (IOException e) {
      throw new RuntimeException(e);
    }
@ -133,15 +142,25 @@ public class AuthModule {
  @Provides
  @LocalCredentialJson
  public static String provideLocalCredentialJson(
-      GoogleClientSecrets clientSecrets, @StoredCredential Credential credential) {
-    return new Gson()
-        .toJson(
-            ImmutableMap.<String, String>builder()
-                .put("type", "authorized_user")
-                .put("client_id", clientSecrets.getDetails().getClientId())
-                .put("client_secret", clientSecrets.getDetails().getClientSecret())
-                .put("refresh_token", credential.getRefreshToken())
-                .build());
+      Lazy<GoogleClientSecrets> clientSecrets,
+      @StoredCredential Lazy<Credential> credential,
+      @Nullable @Named("credentialFileName") String credentialFilename) {
+    try {
+      if (credentialFilename != null) {
+        return new String(Files.readAllBytes(Paths.get(credentialFilename)), UTF_8);
+      } else {
+        return new Gson()
+            .toJson(
+                ImmutableMap.<String, String>builder()
+                    .put("type", "authorized_user")
+                    .put("client_id", clientSecrets.get().getDetails().getClientId())
+                    .put("client_secret", clientSecrets.get().getDetails().getClientSecret())
+                    .put("refresh_token", credential.get().getRefreshToken())
+                    .build());
+      }
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
  }

  @Provides
--- a/java/google/registry/tools/RegistryCli.java
+++ b/java/google/registry/tools/RegistryCli.java
@ -58,6 +58,13 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
      description = "Returns all command names.")
  private boolean showAllCommands;

+  @Parameter(
+      names = {"--credential"},
+      description =
+          "Name of a JSON file containing credential information used by the tool. "
+              + "If not set, credentials saved by running `nomulus login' will be used.")
+  private String credentialJson = null;
+
  // Do not make this final - compile-time constant inlining may interfere with JCommander.
  @ParametersDelegate
  private LoggingParameters loggingParams = new LoggingParameters();
@ -81,8 +88,6 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
    this.commands = commands;

    Security.addProvider(new BouncyCastleProvider());
-
-    component = DaggerRegistryToolComponent.create();
  }

  // The <? extends Class<? extends Command>> wildcard looks a little funny, but is needed so that
@ -146,6 +151,9 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
    checkState(RegistryToolEnvironment.get() == environment,
        "RegistryToolEnvironment argument pre-processing kludge failed.");

+    component =
+        DaggerRegistryToolComponent.builder().credentialFilename(credentialJson).build();
+
    // JCommander stores sub-commands as nested JCommander objects containing a list of user objects
    // to be populated.  Extract the subcommand by getting the JCommander wrapper and then
    // retrieving the first (and, by virtue of our usage, only) object from it.
--- a/java/google/registry/tools/RegistryToolComponent.java
+++ b/java/google/registry/tools/RegistryToolComponent.java
@ -14,6 +14,7 @@

 package google.registry.tools;

+import dagger.BindsInstance;
 import dagger.Component;
 import google.registry.bigquery.BigqueryModule;
 import google.registry.config.CredentialModule.LocalCredentialJson;
@ -36,6 +37,8 @@ import google.registry.util.AppEngineServiceUtilsImpl.AppEngineServiceUtilsModul
 import google.registry.util.SystemClock.SystemClockModule;
 import google.registry.util.SystemSleeper.SystemSleeperModule;
 import google.registry.whois.WhoisModule;
+import javax.annotation.Nullable;
+import javax.inject.Named;
 import javax.inject.Singleton;

 /**
@ -113,5 +116,12 @@ interface RegistryToolComponent {

  @LocalCredentialJson
  String googleCredentialJson();
-}

+  @Component.Builder
+  interface Builder {
+    @BindsInstance
+    Builder credentialFilename(@Nullable @Named("credentialFileName") String credentialFilename);
+
+    RegistryToolComponent build();
+  }
+}
--- a/java/google/registry/tools/RequestFactoryModule.java
+++ b/java/google/registry/tools/RequestFactoryModule.java
@ -19,7 +19,7 @@ import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import dagger.Module;
 import dagger.Provides;
-import google.registry.config.CredentialModule.LocalCredential;
+import google.registry.config.CredentialModule.DefaultCredential;
 import google.registry.config.RegistryConfig;

 /**
@ -35,7 +35,7 @@ class RequestFactoryModule {

  @Provides
  static HttpRequestFactory provideHttpRequestFactory(
-      @LocalCredential GoogleCredential credential) {
+      @DefaultCredential GoogleCredential credential) {
    if (RegistryConfig.areServersLocal()) {
      return new NetHttpTransport()
          .createRequestFactory(