mirror of
https://github.com/google/nomulus.git
synced 2025-07-21 18:26:12 +02:00
Replace deprecated GoogleCredential with new auth lib (#129)
Replace deprecated GoogleCredential with new lib This PR also introduced a CredentialsBundle class to carry HttpTransport and JsonFactory object which are needed by most of the GCP library to instantiate client.
This commit is contained in:
Shicong Huang
GitHub
parent
dae8923bd1
commit
34a28e871e
29 changed files with 822 additions and 684 deletions
|
|
@ -14,13 +14,13 @@
|
|||
|
||||
package google.registry.beam.invoicing;
|
||||
|
||||
import com.google.auth.oauth2.GoogleCredentials;
|
||||
import google.registry.beam.invoicing.BillingEvent.InvoiceGroupingKey;
|
||||
import google.registry.beam.invoicing.BillingEvent.InvoiceGroupingKey.InvoiceGroupingKeyCoder;
|
||||
import google.registry.config.CredentialModule.LocalCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.reporting.billing.BillingModule;
|
||||
import google.registry.reporting.billing.GenerateInvoicesAction;
|
||||
import google.registry.tools.AuthModule.LocalOAuth2Credentials;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import java.io.Serializable;
|
||||
import javax.inject.Inject;
|
||||
import org.apache.beam.runners.dataflow.DataflowRunner;
|
||||
|
|
@ -81,8 +81,8 @@ public class InvoicingPipeline implements Serializable {
|
|||
@Config("invoiceFilePrefix")
|
||||
String invoiceFilePrefix;
|
||||
|
||||
@Inject @LocalOAuth2Credentials
|
||||
GoogleCredentials credentials;
|
||||
@Inject @LocalCredential
|
||||
GoogleCredentialsBundle credentialsBundle;
|
||||
|
||||
@Inject
|
||||
InvoicingPipeline() {}
|
||||
|
|
@ -105,7 +105,7 @@ public class InvoicingPipeline implements Serializable {
|
|||
public void deploy() {
|
||||
// We can't store options as a member variable due to serialization concerns.
|
||||
InvoicingPipelineOptions options = PipelineOptionsFactory.as(InvoicingPipelineOptions.class);
|
||||
options.setGcpCredential(credentials);
|
||||
options.setGcpCredential(credentialsBundle.getGoogleCredentials());
|
||||
options.setProject(projectId);
|
||||
options.setRunner(DataflowRunner.class);
|
||||
// This causes p.run() to stage the pipeline as a template on GCS, as opposed to running it.
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
package google.registry.bigquery;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.bigquery.Bigquery;
|
||||
import com.google.api.services.bigquery.model.TableFieldSchema;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
|
|
@ -23,24 +22,29 @@ import dagger.Provides;
|
|||
import dagger.multibindings.Multibinds;
|
||||
import google.registry.config.CredentialModule.DefaultCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import java.util.Map;
|
||||
|
||||
/** Dagger module for Google {@link Bigquery} connection objects. */
|
||||
@Module
|
||||
public abstract class BigqueryModule {
|
||||
|
||||
/** Provides a map of BigQuery table names to field names. */
|
||||
@Multibinds
|
||||
abstract Map<String, ImmutableList<TableFieldSchema>> bigquerySchemas();
|
||||
// No subclasses.
|
||||
private BigqueryModule() {}
|
||||
|
||||
@Provides
|
||||
static Bigquery provideBigquery(
|
||||
@DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
return new Bigquery.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Bigquery.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
||||
// No subclasses.
|
||||
private BigqueryModule() {}
|
||||
/** Provides a map of BigQuery table names to field names. */
|
||||
@Multibinds
|
||||
abstract Map<String, ImmutableList<TableFieldSchema>> bigquerySchemas();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,32 +16,28 @@ package google.registry.config;
|
|||
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
|
||||
import com.google.api.client.googleapis.util.Utils;
|
||||
import com.google.auth.oauth2.GoogleCredentials;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.keyring.api.KeyModule.Key;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.UncheckedIOException;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.security.GeneralSecurityException;
|
||||
import javax.inject.Qualifier;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
/**
|
||||
* Dagger module that provides all {@link GoogleCredential GoogleCredentials} used in the
|
||||
* application.
|
||||
*/
|
||||
/** Dagger module that provides all {@link GoogleCredentials} used in the application. */
|
||||
@Module
|
||||
public abstract class CredentialModule {
|
||||
|
||||
/**
|
||||
* Provides the default {@link GoogleCredential} from the Google Cloud runtime.
|
||||
* Provides the default {@link GoogleCredentialsBundle} from the Google Cloud runtime.
|
||||
*
|
||||
* <p>The credential returned depends on the runtime environment:
|
||||
*
|
||||
|
|
@ -58,22 +54,22 @@ public abstract class CredentialModule {
|
|||
@DefaultCredential
|
||||
@Provides
|
||||
@Singleton
|
||||
public static GoogleCredential provideDefaultCredential(
|
||||
public static GoogleCredentialsBundle provideDefaultCredential(
|
||||
@Config("defaultCredentialOauthScopes") ImmutableList<String> requiredScopes) {
|
||||
GoogleCredential credential;
|
||||
GoogleCredentials credential;
|
||||
try {
|
||||
credential = GoogleCredential.getApplicationDefault();
|
||||
credential = GoogleCredentials.getApplicationDefault();
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
if (credential.createScopedRequired()) {
|
||||
return credential.createScoped(requiredScopes);
|
||||
credential = credential.createScoped(requiredScopes);
|
||||
}
|
||||
return credential;
|
||||
return GoogleCredentialsBundle.create(credential);
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides a {@link GoogleCredential} from the service account's JSON key file.
|
||||
* Provides a {@link GoogleCredentialsBundle} from the service account's JSON key file.
|
||||
*
|
||||
* <p>On App Engine, a thread created using Java's built-in API needs this credential when it
|
||||
* calls App Engine API. The Google Sheets API also needs this credential.
|
||||
|
|
@ -81,28 +77,24 @@ public abstract class CredentialModule {
|
|||
@JsonCredential
|
||||
@Provides
|
||||
@Singleton
|
||||
public static GoogleCredential provideJsonCredential(
|
||||
public static GoogleCredentialsBundle provideJsonCredential(
|
||||
@Config("defaultCredentialOauthScopes") ImmutableList<String> requiredScopes,
|
||||
@Key("jsonCredential") String jsonCredential) {
|
||||
GoogleCredential credential;
|
||||
GoogleCredentials credential;
|
||||
try {
|
||||
credential =
|
||||
GoogleCredential.fromStream(
|
||||
new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)),
|
||||
// We cannot use UrlFetchTransport as that uses App Engine API.
|
||||
GoogleNetHttpTransport.newTrustedTransport(),
|
||||
Utils.getDefaultJsonFactory());
|
||||
} catch (IOException | GeneralSecurityException e) {
|
||||
throw new RuntimeException(e);
|
||||
GoogleCredentials.fromStream(new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)));
|
||||
} catch (IOException e) {
|
||||
throw new UncheckedIOException(e);
|
||||
}
|
||||
if (credential.createScopedRequired()) {
|
||||
credential = credential.createScoped(requiredScopes);
|
||||
}
|
||||
return credential;
|
||||
return GoogleCredentialsBundle.create(credential);
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides a {@link GoogleCredential} with delegated admin access for a G Suite domain.
|
||||
* Provides a {@link GoogleCredentialsBundle} with delegated admin access for a G Suite domain.
|
||||
*
|
||||
* <p>The G Suite domain must grant delegated admin access to the registry service account with
|
||||
* all scopes in {@code requiredScopes}, including ones not related to G Suite.
|
||||
|
|
@ -110,18 +102,14 @@ public abstract class CredentialModule {
|
|||
@DelegatedCredential
|
||||
@Provides
|
||||
@Singleton
|
||||
public static GoogleCredential provideDelegatedCredential(
|
||||
public static GoogleCredentialsBundle provideDelegatedCredential(
|
||||
@Config("delegatedCredentialOauthScopes") ImmutableList<String> requiredScopes,
|
||||
@JsonCredential GoogleCredential googleCredential,
|
||||
@JsonCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("gSuiteAdminAccountEmailAddress") String gSuiteAdminAccountEmailAddress) {
|
||||
return new GoogleCredential.Builder()
|
||||
.setTransport(Utils.getDefaultTransport())
|
||||
.setJsonFactory(Utils.getDefaultJsonFactory())
|
||||
.setServiceAccountId(googleCredential.getServiceAccountId())
|
||||
.setServiceAccountPrivateKey(googleCredential.getServiceAccountPrivateKey())
|
||||
.setServiceAccountScopes(requiredScopes)
|
||||
.setServiceAccountUser(gSuiteAdminAccountEmailAddress)
|
||||
.build();
|
||||
return GoogleCredentialsBundle.create(credentialsBundle
|
||||
.getGoogleCredentials()
|
||||
.createDelegated(gSuiteAdminAccountEmailAddress)
|
||||
.createScoped(requiredScopes));
|
||||
}
|
||||
|
||||
/** Dagger qualifier for the Application Default Credential. */
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
package google.registry.dns.writer.clouddns;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.dns.Dns;
|
||||
import com.google.common.util.concurrent.RateLimiter;
|
||||
import dagger.Binds;
|
||||
|
|
@ -26,6 +25,7 @@ import dagger.multibindings.StringKey;
|
|||
import google.registry.config.CredentialModule.DefaultCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.dns.writer.DnsWriter;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import java.util.Optional;
|
||||
import javax.inject.Named;
|
||||
|
||||
|
|
@ -35,12 +35,15 @@ public abstract class CloudDnsWriterModule {
|
|||
|
||||
@Provides
|
||||
static Dns provideDns(
|
||||
@DefaultCredential GoogleCredential credential,
|
||||
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId,
|
||||
@Config("cloudDnsRootUrl") Optional<String> rootUrl,
|
||||
@Config("cloudDnsServicePath") Optional<String> servicePath) {
|
||||
Dns.Builder builder =
|
||||
new Dns.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
new Dns.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId);
|
||||
|
||||
rootUrl.ifPresent(builder::setRootUrl);
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
package google.registry.export;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.drive.Drive;
|
||||
import dagger.Component;
|
||||
import dagger.Module;
|
||||
|
|
@ -24,6 +23,7 @@ import google.registry.config.CredentialModule.DefaultCredential;
|
|||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.config.RegistryConfig.ConfigModule;
|
||||
import google.registry.storage.drive.DriveConnection;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
/** Dagger module for Google {@link Drive} service connection objects. */
|
||||
|
|
@ -32,8 +32,13 @@ public final class DriveModule {
|
|||
|
||||
@Provides
|
||||
static Drive provideDrive(
|
||||
@DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
return new Drive.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
|
||||
return new Drive.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,11 +14,11 @@
|
|||
|
||||
package google.registry.export.datastore;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule;
|
||||
import google.registry.config.RegistryConfig;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
/** Dagger module that configures provision of {@link DatastoreAdmin}. */
|
||||
|
|
@ -28,10 +28,12 @@ public abstract class DatastoreAdminModule {
|
|||
@Singleton
|
||||
@Provides
|
||||
static DatastoreAdmin provideDatastoreAdmin(
|
||||
@CredentialModule.DefaultCredential GoogleCredential credential,
|
||||
@CredentialModule.DefaultCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@RegistryConfig.Config("projectId") String projectId) {
|
||||
return new DatastoreAdmin.Builder(
|
||||
credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.setProjectId(projectId)
|
||||
.build();
|
||||
|
|
|
|||
|
|
@ -14,12 +14,12 @@
|
|||
|
||||
package google.registry.export.sheet;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.sheets.v4.Sheets;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.JsonCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
|
||||
/** Dagger module for {@link Sheets}. */
|
||||
@Module
|
||||
|
|
@ -27,8 +27,12 @@ public final class SheetsServiceModule {
|
|||
|
||||
@Provides
|
||||
static Sheets provideSheets(
|
||||
@JsonCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
return new Sheets.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
@JsonCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Sheets.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,12 +14,12 @@
|
|||
|
||||
package google.registry.groups;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.admin.directory.Directory;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.DelegatedCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
|
||||
/** Dagger module for the Google {@link Directory} service. */
|
||||
@Module
|
||||
|
|
@ -27,8 +27,12 @@ public final class DirectoryModule {
|
|||
|
||||
@Provides
|
||||
static Directory provideDirectory(
|
||||
@DelegatedCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
return new Directory.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
@DelegatedCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Directory.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,12 +14,12 @@
|
|||
|
||||
package google.registry.groups;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.groupssettings.Groupssettings;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.DelegatedCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
|
||||
/** Dagger module for the Google {@link Groupssettings} service. */
|
||||
@Module
|
||||
|
|
@ -27,9 +27,12 @@ public final class GroupssettingsModule {
|
|||
|
||||
@Provides
|
||||
static Groupssettings provideDirectory(
|
||||
@DelegatedCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
@DelegatedCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Groupssettings.Builder(
|
||||
credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
package google.registry.keyring.kms;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.cloudkms.v1.CloudKMS;
|
||||
import dagger.Binds;
|
||||
import dagger.Module;
|
||||
|
|
@ -24,6 +23,7 @@ import dagger.multibindings.StringKey;
|
|||
import google.registry.config.CredentialModule.DefaultCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.keyring.api.Keyring;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
|
||||
/** Dagger module for Cloud KMS. */
|
||||
@Module
|
||||
|
|
@ -31,20 +31,23 @@ public abstract class KmsModule {
|
|||
|
||||
public static final String NAME = "KMS";
|
||||
|
||||
@Binds
|
||||
@IntoMap
|
||||
@StringKey(NAME)
|
||||
abstract Keyring provideKeyring(KmsKeyring keyring);
|
||||
|
||||
@Provides
|
||||
static CloudKMS provideKms(
|
||||
@DefaultCredential GoogleCredential credential,
|
||||
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("cloudKmsProjectId") String projectId) {
|
||||
return new CloudKMS.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
return new CloudKMS.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Binds
|
||||
@IntoMap
|
||||
@StringKey(NAME)
|
||||
abstract Keyring provideKeyring(KmsKeyring keyring);
|
||||
|
||||
@Binds
|
||||
abstract KmsConnection provideKmsConnection(KmsConnectionImpl kmsConnectionImpl);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
package google.registry.monitoring.whitebox;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.monitoring.v3.Monitoring;
|
||||
import com.google.api.services.monitoring.v3.model.MonitoredResource;
|
||||
import com.google.appengine.api.modules.ModulesService;
|
||||
|
|
@ -27,6 +26,7 @@ import dagger.Module;
|
|||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.JsonCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import org.joda.time.Duration;
|
||||
|
||||
/** Dagger module for Google Stackdriver service connection objects. */
|
||||
|
|
@ -39,9 +39,12 @@ public final class StackdriverModule {
|
|||
|
||||
@Provides
|
||||
static Monitoring provideMonitoring(
|
||||
@JsonCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
@JsonCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Monitoring.Builder(
|
||||
credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ package google.registry.reporting;
|
|||
import static google.registry.request.RequestParameters.extractOptionalParameter;
|
||||
import static google.registry.request.RequestParameters.extractRequiredParameter;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.services.dataflow.Dataflow;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
|
|
@ -25,6 +24,7 @@ import google.registry.config.CredentialModule.DefaultCredential;
|
|||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import google.registry.util.Clock;
|
||||
import java.util.Optional;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
|
@ -118,8 +118,12 @@ public class ReportingModule {
|
|||
/** Constructs a {@link Dataflow} API client with default settings. */
|
||||
@Provides
|
||||
static Dataflow provideDataflow(
|
||||
@DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
return new Dataflow.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
|
||||
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Dataflow.Builder(
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(String.format("%s billing", projectId))
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,13 +14,12 @@
|
|||
|
||||
package google.registry.tools;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.googleapis.util.Utils;
|
||||
import com.google.api.services.appengine.v1.Appengine;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.LocalCredential;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
/** Module providing the instance of {@link Appengine} to access App Engine Admin Api. */
|
||||
|
|
@ -30,9 +29,12 @@ public abstract class AppEngineAdminApiModule {
|
|||
@Provides
|
||||
@Singleton
|
||||
public static Appengine provideAppengine(
|
||||
@LocalCredential GoogleCredential credential, @Config("projectId") String projectId) {
|
||||
@LocalCredential GoogleCredentialsBundle credentialsBundle,
|
||||
@Config("projectId") String projectId) {
|
||||
return new Appengine.Builder(
|
||||
Utils.getDefaultTransport(), Utils.getDefaultJsonFactory(), credential)
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName(projectId)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import com.google.api.client.auth.oauth2.Credential;
|
|||
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets.Details;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.http.javanet.NetHttpTransport;
|
||||
import com.google.api.client.json.JsonFactory;
|
||||
import com.google.api.client.util.store.AbstractDataStoreFactory;
|
||||
|
|
@ -39,10 +38,10 @@ import google.registry.config.CredentialModule.DefaultCredential;
|
|||
import google.registry.config.CredentialModule.LocalCredential;
|
||||
import google.registry.config.CredentialModule.LocalCredentialJson;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.UncheckedIOException;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
|
|
@ -60,14 +59,6 @@ public class AuthModule {
|
|||
private static final File DATA_STORE_DIR =
|
||||
new File(System.getProperty("user.home"), ".config/nomulus/credentials");
|
||||
|
||||
@Module
|
||||
abstract static class LocalCredentialModule {
|
||||
@Binds
|
||||
@DefaultCredential
|
||||
abstract GoogleCredential provideLocalCredentialAsDefaultCredential(
|
||||
@LocalCredential GoogleCredential credential);
|
||||
}
|
||||
|
||||
@Provides
|
||||
@StoredCredential
|
||||
static Credential provideCredential(
|
||||
|
|
@ -86,38 +77,21 @@ public class AuthModule {
|
|||
|
||||
@Provides
|
||||
@LocalCredential
|
||||
public static GoogleCredential provideLocalCredential(
|
||||
public static GoogleCredentialsBundle provideLocalCredential(
|
||||
@LocalCredentialJson String credentialJson,
|
||||
@Config("localCredentialOauthScopes") ImmutableList<String> scopes) {
|
||||
try {
|
||||
GoogleCredential credential =
|
||||
GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
|
||||
GoogleCredentials credential =
|
||||
GoogleCredentials.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
|
||||
if (credential.createScopedRequired()) {
|
||||
credential = credential.createScoped(scopes);
|
||||
}
|
||||
return credential;
|
||||
return GoogleCredentialsBundle.create(credential);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Provides
|
||||
@LocalOAuth2Credentials
|
||||
public static GoogleCredentials provideLocalOAuth2Credentials(
|
||||
@LocalCredentialJson String credentialJson,
|
||||
@Config("localCredentialOauthScopes") ImmutableList<String> scopes) {
|
||||
try {
|
||||
GoogleCredentials credentials =
|
||||
GoogleCredentials.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
|
||||
if (credentials.createScopedRequired()) {
|
||||
credentials = credentials.createScoped(scopes);
|
||||
}
|
||||
return credentials;
|
||||
} catch (IOException e) {
|
||||
throw new UncheckedIOException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Provides
|
||||
public static GoogleAuthorizationCodeFlow provideAuthorizationCodeFlow(
|
||||
JsonFactory jsonFactory,
|
||||
|
|
@ -198,16 +172,11 @@ public class AuthModule {
|
|||
}
|
||||
}
|
||||
|
||||
/** Raised when we need a user login. */
|
||||
static class LoginRequiredException extends RuntimeException {
|
||||
LoginRequiredException() {}
|
||||
}
|
||||
|
||||
/**
|
||||
* Dagger qualifier for the {@link Credential} constructed from the data stored on disk.
|
||||
*
|
||||
* <p>This {@link Credential} should not be used in another module, hence the private qualifier.
|
||||
* It's only use is to build a {@link GoogleCredential}, which is used in injection sites
|
||||
* It's only use is to build a {@link GoogleCredentials}, which is used in injection sites
|
||||
* elsewhere.
|
||||
*/
|
||||
@Qualifier
|
||||
|
|
@ -227,9 +196,16 @@ public class AuthModule {
|
|||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@interface OAuthClientId {}
|
||||
|
||||
/** Dagger qualifier for the local OAuth2 Credentials. */
|
||||
@Qualifier
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface LocalOAuth2Credentials {}
|
||||
@Module
|
||||
abstract static class LocalCredentialModule {
|
||||
@Binds
|
||||
@DefaultCredential
|
||||
abstract GoogleCredentialsBundle provideLocalCredentialAsDefaultCredential(
|
||||
@LocalCredential GoogleCredentialsBundle credential);
|
||||
}
|
||||
|
||||
/** Raised when we need a user login. */
|
||||
static class LoginRequiredException extends RuntimeException {
|
||||
LoginRequiredException() {}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,13 +14,13 @@
|
|||
|
||||
package google.registry.tools;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.http.HttpRequestFactory;
|
||||
import com.google.api.client.http.javanet.NetHttpTransport;
|
||||
import dagger.Module;
|
||||
import dagger.Provides;
|
||||
import google.registry.config.CredentialModule.DefaultCredential;
|
||||
import google.registry.config.RegistryConfig;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
|
||||
/**
|
||||
* Module for providing the HttpRequestFactory.
|
||||
|
|
@ -30,12 +30,12 @@ import google.registry.config.RegistryConfig;
|
|||
*/
|
||||
@Module
|
||||
class RequestFactoryModule {
|
||||
|
||||
|
||||
static final int REQUEST_TIMEOUT_MS = 10 * 60 * 1000;
|
||||
|
||||
@Provides
|
||||
static HttpRequestFactory provideHttpRequestFactory(
|
||||
@DefaultCredential GoogleCredential credential) {
|
||||
@DefaultCredential GoogleCredentialsBundle credentialsBundle) {
|
||||
if (RegistryConfig.areServersLocal()) {
|
||||
return new NetHttpTransport()
|
||||
.createRequestFactory(
|
||||
|
|
@ -47,11 +47,12 @@ class RequestFactoryModule {
|
|||
return new NetHttpTransport()
|
||||
.createRequestFactory(
|
||||
request -> {
|
||||
credential.initialize(request);
|
||||
credentialsBundle.getHttpRequestInitializer().initialize(request);
|
||||
// GAE request times out after 10 min, so here we set the timeout to 10 min. This is
|
||||
// needed to support some nomulus commands like updating premium lists that take
|
||||
// a lot of time to complete.
|
||||
// See https://developers.google.com/api-client-library/java/google-api-java-client/errors
|
||||
// See
|
||||
// https://developers.google.com/api-client-library/java/google-api-java-client/errors
|
||||
request.setConnectTimeout(REQUEST_TIMEOUT_MS);
|
||||
request.setReadTimeout(REQUEST_TIMEOUT_MS);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -17,17 +17,17 @@ package google.registry.export.datastore;
|
|||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static com.google.common.truth.Truth8.assertThat;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.http.GenericUrl;
|
||||
import com.google.api.client.http.HttpRequest;
|
||||
import com.google.api.client.http.HttpTransport;
|
||||
import com.google.api.client.http.javanet.NetHttpTransport;
|
||||
import com.google.api.client.json.jackson2.JacksonFactory;
|
||||
import com.google.auth.oauth2.AccessToken;
|
||||
import com.google.auth.oauth2.GoogleCredentials;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import google.registry.testing.TestDataHelper;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Date;
|
||||
import java.util.Optional;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
|
|
@ -48,27 +48,44 @@ public class DatastoreAdminTest {
|
|||
|
||||
@Rule public final MockitoRule mocks = MockitoJUnit.rule();
|
||||
|
||||
private HttpTransport httpTransport;
|
||||
private GoogleCredential googleCredential;
|
||||
private DatastoreAdmin datastoreAdmin;
|
||||
|
||||
private static HttpRequest simulateSendRequest(HttpRequest httpRequest) {
|
||||
try {
|
||||
httpRequest.setUrl(new GenericUrl("https://localhost:65537")).execute();
|
||||
} catch (Exception expected) {
|
||||
}
|
||||
return httpRequest;
|
||||
}
|
||||
|
||||
private static Optional<String> getAccessToken(HttpRequest httpRequest) {
|
||||
return httpRequest.getHeaders().getAuthorizationAsList().stream()
|
||||
.filter(header -> header.startsWith(AUTH_HEADER_PREFIX))
|
||||
.map(header -> header.substring(AUTH_HEADER_PREFIX.length()))
|
||||
.findAny();
|
||||
}
|
||||
|
||||
private static Optional<String> getRequestContent(HttpRequest httpRequest) throws IOException {
|
||||
if (httpRequest.getContent() == null) {
|
||||
return Optional.empty();
|
||||
}
|
||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||
httpRequest.getContent().writeTo(outputStream);
|
||||
outputStream.close();
|
||||
return Optional.of(outputStream.toString(StandardCharsets.UTF_8.name()));
|
||||
}
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
httpTransport = new NetHttpTransport();
|
||||
googleCredential =
|
||||
new GoogleCredential.Builder()
|
||||
.setTransport(httpTransport)
|
||||
.setJsonFactory(JacksonFactory.getDefaultInstance())
|
||||
.setClock(() -> 0)
|
||||
.build();
|
||||
googleCredential.setAccessToken(ACCESS_TOKEN);
|
||||
googleCredential.setExpiresInSeconds(1_000L);
|
||||
|
||||
Date oneHourLater = new Date(System.currentTimeMillis() + 3_600_000);
|
||||
GoogleCredentials googleCredentials = GoogleCredentials
|
||||
.create(new AccessToken(ACCESS_TOKEN, oneHourLater));
|
||||
GoogleCredentialsBundle credentialsBundle = GoogleCredentialsBundle.create(googleCredentials);
|
||||
datastoreAdmin =
|
||||
new DatastoreAdmin.Builder(
|
||||
googleCredential.getTransport(),
|
||||
googleCredential.getJsonFactory(),
|
||||
googleCredential)
|
||||
credentialsBundle.getHttpTransport(),
|
||||
credentialsBundle.getJsonFactory(),
|
||||
credentialsBundle.getHttpRequestInitializer())
|
||||
.setApplicationName("MyApplication")
|
||||
.setProjectId("MyCloudProject")
|
||||
.build();
|
||||
|
|
@ -151,29 +168,4 @@ public class DatastoreAdminTest {
|
|||
simulateSendRequest(httpRequest);
|
||||
assertThat(getAccessToken(httpRequest)).hasValue(ACCESS_TOKEN);
|
||||
}
|
||||
|
||||
private static HttpRequest simulateSendRequest(HttpRequest httpRequest) {
|
||||
try {
|
||||
httpRequest.setUrl(new GenericUrl("https://localhost:65537")).execute();
|
||||
} catch (Exception expected) {
|
||||
}
|
||||
return httpRequest;
|
||||
}
|
||||
|
||||
private static Optional<String> getAccessToken(HttpRequest httpRequest) {
|
||||
return httpRequest.getHeaders().getAuthorizationAsList().stream()
|
||||
.filter(header -> header.startsWith(AUTH_HEADER_PREFIX))
|
||||
.map(header -> header.substring(AUTH_HEADER_PREFIX.length()))
|
||||
.findAny();
|
||||
}
|
||||
|
||||
private static Optional<String> getRequestContent(HttpRequest httpRequest) throws IOException {
|
||||
if (httpRequest.getContent() == null) {
|
||||
return Optional.empty();
|
||||
}
|
||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||
httpRequest.getContent().writeTo(outputStream);
|
||||
outputStream.close();
|
||||
return Optional.of(outputStream.toString(StandardCharsets.UTF_8.name()));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,34 +16,40 @@ package google.registry.tools;
|
|||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.tools.RequestFactoryModule.REQUEST_TIMEOUT_MS;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoMoreInteractions;
|
||||
import static org.mockito.Mockito.verifyZeroInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.http.GenericUrl;
|
||||
import com.google.api.client.http.HttpRequest;
|
||||
import com.google.api.client.http.HttpRequestFactory;
|
||||
import com.google.api.client.http.HttpRequestInitializer;
|
||||
import google.registry.config.RegistryConfig;
|
||||
import google.registry.testing.SystemPropertyRule;
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.junit.runners.JUnit4;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnit;
|
||||
import org.mockito.junit.MockitoRule;
|
||||
|
||||
@RunWith(JUnit4.class)
|
||||
public class RequestFactoryModuleTest {
|
||||
|
||||
private final GoogleCredential googleCredential = mock(GoogleCredential.class);
|
||||
|
||||
@Rule public final MockitoRule mockitoRule = MockitoJUnit.rule();
|
||||
@Rule public final SystemPropertyRule systemPropertyRule = new SystemPropertyRule();
|
||||
|
||||
@Mock public GoogleCredentialsBundle credentialsBundle;
|
||||
@Mock public HttpRequestInitializer httpRequestInitializer;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
RegistryToolEnvironment.UNITTEST.setup(systemPropertyRule);
|
||||
when(credentialsBundle.getHttpRequestInitializer()).thenReturn(httpRequestInitializer);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -52,12 +58,13 @@ public class RequestFactoryModuleTest {
|
|||
boolean origIsLocal = RegistryConfig.CONFIG_SETTINGS.get().appEngine.isLocal;
|
||||
RegistryConfig.CONFIG_SETTINGS.get().appEngine.isLocal = true;
|
||||
try {
|
||||
HttpRequestFactory factory = RequestFactoryModule.provideHttpRequestFactory(googleCredential);
|
||||
HttpRequestFactory factory =
|
||||
RequestFactoryModule.provideHttpRequestFactory(credentialsBundle);
|
||||
HttpRequestInitializer initializer = factory.getInitializer();
|
||||
assertThat(initializer).isNotNull();
|
||||
HttpRequest request = factory.buildGetRequest(new GenericUrl("http://localhost"));
|
||||
initializer.initialize(request);
|
||||
verifyZeroInteractions(googleCredential);
|
||||
verifyZeroInteractions(httpRequestInitializer);
|
||||
} finally {
|
||||
RegistryConfig.CONFIG_SETTINGS.get().appEngine.isLocal = origIsLocal;
|
||||
}
|
||||
|
|
@ -69,15 +76,16 @@ public class RequestFactoryModuleTest {
|
|||
boolean origIsLocal = RegistryConfig.CONFIG_SETTINGS.get().appEngine.isLocal;
|
||||
RegistryConfig.CONFIG_SETTINGS.get().appEngine.isLocal = false;
|
||||
try {
|
||||
HttpRequestFactory factory = RequestFactoryModule.provideHttpRequestFactory(googleCredential);
|
||||
HttpRequestFactory factory =
|
||||
RequestFactoryModule.provideHttpRequestFactory(credentialsBundle);
|
||||
HttpRequestInitializer initializer = factory.getInitializer();
|
||||
assertThat(initializer).isNotNull();
|
||||
// HttpRequestFactory#buildGetRequest() calls initialize() once.
|
||||
HttpRequest request = factory.buildGetRequest(new GenericUrl("http://localhost"));
|
||||
verify(googleCredential).initialize(request);
|
||||
verify(httpRequestInitializer).initialize(request);
|
||||
assertThat(request.getConnectTimeout()).isEqualTo(REQUEST_TIMEOUT_MS);
|
||||
assertThat(request.getReadTimeout()).isEqualTo(REQUEST_TIMEOUT_MS);
|
||||
verifyNoMoreInteractions(googleCredential);
|
||||
verifyNoMoreInteractions(httpRequestInitializer);
|
||||
} finally {
|
||||
RegistryConfig.CONFIG_SETTINGS.get().appEngine.isLocal = origIsLocal;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue