diff --git a/java/google/registry/bigquery/BigqueryModule.java b/java/google/registry/bigquery/BigqueryModule.java index f775d09d2..720d09a4a 100644 --- a/java/google/registry/bigquery/BigqueryModule.java +++ b/java/google/registry/bigquery/BigqueryModule.java @@ -20,25 +20,16 @@ import com.google.api.client.json.JsonFactory; import com.google.api.services.bigquery.Bigquery; import com.google.api.services.bigquery.BigqueryScopes; import com.google.api.services.bigquery.model.TableFieldSchema; +import com.google.common.base.Function; import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; -import dagger.multibindings.ElementsIntoSet; import dagger.multibindings.Multibinds; import google.registry.config.ConfigModule.Config; -import google.registry.request.OAuthScopes; import java.util.Map; import java.util.Set; -/** - * Dagger module for Google {@link Bigquery} connection objects. - * - * @see google.registry.config.ConfigModule - * @see google.registry.request.Modules.UrlFetchTransportModule - * @see google.registry.request.Modules.Jackson2Module - * @see google.registry.request.Modules.AppIdentityCredentialModule - * @see google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule - */ +/** Dagger module for Google {@link Bigquery} connection objects. */ @Module public abstract class BigqueryModule { @@ -46,21 +37,13 @@ public abstract class BigqueryModule { @Multibinds abstract Map> bigquerySchemas(); - /** Provides OAuth2 scopes for the Bigquery service needed by Domain Registry. */ - @Provides - @ElementsIntoSet - @OAuthScopes - static Set provideBigqueryOAuthScopes() { - return BigqueryScopes.all(); - } - @Provides static Bigquery provideBigquery( HttpTransport transport, JsonFactory jsonFactory, - HttpRequestInitializer httpRequestInitializer, + Function, ? extends HttpRequestInitializer> credential, @Config("projectId") String projectId) { - return new Bigquery.Builder(transport, jsonFactory, httpRequestInitializer) + return new Bigquery.Builder(transport, jsonFactory, credential.apply(BigqueryScopes.all())) .setApplicationName(projectId) .build(); } diff --git a/java/google/registry/export/DriveModule.java b/java/google/registry/export/DriveModule.java index ab7cf2c77..7c2fbb0c3 100644 --- a/java/google/registry/export/DriveModule.java +++ b/java/google/registry/export/DriveModule.java @@ -19,40 +19,23 @@ import com.google.api.client.http.HttpTransport; import com.google.api.client.json.JsonFactory; import com.google.api.services.drive.Drive; import com.google.api.services.drive.DriveScopes; +import com.google.common.base.Function; import dagger.Module; import dagger.Provides; -import dagger.multibindings.ElementsIntoSet; import google.registry.config.ConfigModule.Config; -import google.registry.request.OAuthScopes; import java.util.Set; -/** - * Dagger module for Google {@link Drive} service connection objects. - * - * @see google.registry.config.ConfigModule - * @see google.registry.request.Modules.UrlFetchTransportModule - * @see google.registry.request.Modules.Jackson2Module - * @see google.registry.request.Modules.AppIdentityCredentialModule - * @see google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule - */ +/** Dagger module for Google {@link Drive} service connection objects. */ @Module public final class DriveModule { - /** Provides OAuth2 scopes for the Drive service needed by Domain Registry. */ - @Provides - @ElementsIntoSet - @OAuthScopes - static Set provideDriveOAuthScopes() { - return DriveScopes.all(); - } - @Provides static Drive provideDrive( HttpTransport transport, JsonFactory jsonFactory, - HttpRequestInitializer httpRequestInitializer, + Function, ? extends HttpRequestInitializer> credential, @Config("projectId") String projectId) { - return new Drive.Builder(transport, jsonFactory, httpRequestInitializer) + return new Drive.Builder(transport, jsonFactory, credential.apply(DriveScopes.all())) .setApplicationName(projectId) .build(); } diff --git a/java/google/registry/groups/DirectoryModule.java b/java/google/registry/groups/DirectoryModule.java index f53ae93af..773198d6a 100644 --- a/java/google/registry/groups/DirectoryModule.java +++ b/java/google/registry/groups/DirectoryModule.java @@ -20,39 +20,24 @@ import com.google.api.services.admin.directory.DirectoryScopes; import com.google.common.collect.ImmutableSet; import dagger.Module; import dagger.Provides; -import dagger.multibindings.ElementsIntoSet; import google.registry.config.ConfigModule.Config; -import google.registry.request.DelegatedOAuthScopes; -import java.util.Set; import javax.inject.Named; -/** - * Dagger module for the Google {@link Directory} service. - * - * @see google.registry.config.ConfigModule - * @see google.registry.request.Modules.UrlFetchTransportModule - * @see google.registry.request.Modules.Jackson2Module - * @see google.registry.request.Modules.AppIdentityCredentialModule - * @see google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule - */ +/** Dagger module for the Google {@link Directory} service. */ @Module public final class DirectoryModule { - /** Provides OAuth2 scopes for the Directory service needed by Domain Registry. */ - @Provides - @ElementsIntoSet - @DelegatedOAuthScopes - static Set provideDirectoryOAuthScopes() { - return ImmutableSet.of( - DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER, - DirectoryScopes.ADMIN_DIRECTORY_GROUP); - } - @Provides static Directory provideDirectory( @Named("delegatedAdmin") GoogleCredential credential, @Config("projectId") String projectId) { - return new Directory.Builder(credential.getTransport(), credential.getJsonFactory(), credential) + return new Directory.Builder( + credential.getTransport(), + credential.getJsonFactory(), + credential.createScoped( + ImmutableSet.of( + DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER, + DirectoryScopes.ADMIN_DIRECTORY_GROUP))) .setApplicationName(projectId) .build(); } diff --git a/java/google/registry/groups/GroupssettingsModule.java b/java/google/registry/groups/GroupssettingsModule.java index 38c12ed3f..81fe65824 100644 --- a/java/google/registry/groups/GroupssettingsModule.java +++ b/java/google/registry/groups/GroupssettingsModule.java @@ -20,38 +20,21 @@ import com.google.api.services.groupssettings.GroupssettingsScopes; import com.google.common.collect.ImmutableSet; import dagger.Module; import dagger.Provides; -import dagger.multibindings.ElementsIntoSet; import google.registry.config.ConfigModule.Config; -import google.registry.request.DelegatedOAuthScopes; -import java.util.Set; import javax.inject.Named; -/** - * Dagger module for the Google {@link Groupssettings} service. - * - * @see google.registry.config.ConfigModule - * @see google.registry.request.Modules.UrlFetchTransportModule - * @see google.registry.request.Modules.Jackson2Module - * @see google.registry.request.Modules.AppIdentityCredentialModule - * @see google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule - */ +/** Dagger module for the Google {@link Groupssettings} service. */ @Module public final class GroupssettingsModule { - /** Provides OAuth2 scopes for the Groupssettings service needed by Domain Registry. */ @Provides - @ElementsIntoSet - @DelegatedOAuthScopes - static Set provideGroupssettingsOAuthScopes() { - return ImmutableSet.of(GroupssettingsScopes.APPS_GROUPS_SETTINGS); - } - - @Provides - static Groupssettings provideGroupssettings( + static Groupssettings provideDirectory( @Named("delegatedAdmin") GoogleCredential credential, @Config("projectId") String projectId) { - return new Groupssettings - .Builder(credential.getTransport(), credential.getJsonFactory(), credential) + return new Groupssettings.Builder( + credential.getTransport(), + credential.getJsonFactory(), + credential.createScoped(ImmutableSet.of(GroupssettingsScopes.APPS_GROUPS_SETTINGS))) .setApplicationName(projectId) .build(); } diff --git a/java/google/registry/monitoring/whitebox/StackdriverModule.java b/java/google/registry/monitoring/whitebox/StackdriverModule.java index 7e55d9068..cfb112b4c 100644 --- a/java/google/registry/monitoring/whitebox/StackdriverModule.java +++ b/java/google/registry/monitoring/whitebox/StackdriverModule.java @@ -19,32 +19,23 @@ import com.google.api.client.http.HttpTransport; import com.google.api.client.json.JsonFactory; import com.google.api.services.monitoring.v3.Monitoring; import com.google.api.services.monitoring.v3.MonitoringScopes; +import com.google.common.base.Function; import dagger.Module; import dagger.Provides; -import dagger.multibindings.ElementsIntoSet; import google.registry.config.ConfigModule.Config; -import google.registry.request.OAuthScopes; import java.util.Set; /** Dagger module for Google Stackdriver service connection objects. */ @Module public final class StackdriverModule { - /** Provides OAuth2 scopes for the Stackdriver service needed by Domain Registry. */ - @Provides - @ElementsIntoSet - @OAuthScopes - static Set provideStackdriverOAuthScopes() { - return MonitoringScopes.all(); - } - @Provides static Monitoring provideMonitoring( HttpTransport transport, JsonFactory jsonFactory, - HttpRequestInitializer httpRequestInitializer, + Function, ? extends HttpRequestInitializer> credential, @Config("projectId") String projectId) { - return new Monitoring.Builder(transport, jsonFactory, httpRequestInitializer) + return new Monitoring.Builder(transport, jsonFactory, credential.apply(MonitoringScopes.all())) .setApplicationName(projectId) .build(); } diff --git a/java/google/registry/request/BUILD b/java/google/registry/request/BUILD index f0a625cc7..3b5140c2c 100644 --- a/java/google/registry/request/BUILD +++ b/java/google/registry/request/BUILD @@ -35,13 +35,13 @@ java_library( srcs = ["Modules.java"], visibility = ["//visibility:public"], deps = [ - ":request", "//java/com/google/api/client/extensions/appengine/http", "//java/com/google/api/client/googleapis/auth/oauth2", "//java/com/google/api/client/googleapis/extensions/appengine/auth/oauth2", "//java/com/google/api/client/http", "//java/com/google/api/client/json", "//java/com/google/api/client/json/jackson2", + "//java/com/google/common/base", "//third_party/java/appengine:appengine-api", "//third_party/java/dagger", "//java/google/registry/config", diff --git a/java/google/registry/request/DelegatedOAuthScopes.java b/java/google/registry/request/DelegatedOAuthScopes.java deleted file mode 100644 index 2ac9cc319..000000000 --- a/java/google/registry/request/DelegatedOAuthScopes.java +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2016 The Domain Registry Authors. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package google.registry.request; - -import java.lang.annotation.Documented; -import java.util.Set; -import javax.inject.Qualifier; - -/** - * Dagger qualifier for the {@link Set} of OAuth2 scope strings used for authorization on APIs that - * are connected to using a delegated user account (the serviceAccountUser in GoogleCredential). - */ -@Qualifier -@Documented -public @interface DelegatedOAuthScopes {} diff --git a/java/google/registry/request/Modules.java b/java/google/registry/request/Modules.java index 939a2f04f..5ee2a7aad 100644 --- a/java/google/registry/request/Modules.java +++ b/java/google/registry/request/Modules.java @@ -31,6 +31,7 @@ import com.google.appengine.api.urlfetch.URLFetchService; import com.google.appengine.api.urlfetch.URLFetchServiceFactory; import com.google.appengine.api.users.UserService; import com.google.appengine.api.users.UserServiceFactory; +import com.google.common.base.Function; import dagger.Binds; import dagger.Module; import dagger.Provides; @@ -40,6 +41,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Set; import javax.inject.Named; +import javax.inject.Provider; import javax.inject.Singleton; /** Dagger modules for App Engine services and other vendor classes. */ @@ -124,20 +126,41 @@ public final class Modules { @Module public static final class AppIdentityCredentialModule { @Provides - static AppIdentityCredential provideAppIdentityCredential(@OAuthScopes Set scopes) { - return new AppIdentityCredential(scopes); + static Function, AppIdentityCredential> provideAppIdentityCredential() { + return new Function, AppIdentityCredential>() { + @Override + public AppIdentityCredential apply(Set scopes) { + return new AppIdentityCredential(scopes); + } + }; } } /** * Dagger module causing Google APIs requests to be authorized with your GAE app identity. * - *

You must also use the {@link AppIdentityCredential} module. + *

You must also use the {@link AppIdentityCredentialModule}. */ @Module public abstract static class UseAppIdentityCredentialForGoogleApisModule { @Binds - abstract HttpRequestInitializer provideHttpRequestInitializer(AppIdentityCredential credential); + abstract Function, ? extends HttpRequestInitializer> + provideHttpRequestInitializer(Function, AppIdentityCredential> credential); + } + + /** + * Module indicating Google API requests should be authorized with JSON {@link GoogleCredential}. + * + *

This is useful when configuring a component that runs the registry outside of the App Engine + * environment, for example, in a command line environment. + * + *

You must also use the {@link GoogleCredentialModule}. + */ + @Module + public abstract static class UseGoogleCredentialForGoogleApisModule { + @Binds + abstract Function, ? extends HttpRequestInitializer> + provideHttpRequestInitializer(Function, GoogleCredential> credential); } /** @@ -160,6 +183,7 @@ public final class Modules { public static final class GoogleCredentialModule { @Provides + @Singleton static GoogleCredential provideGoogleCredential( HttpTransport httpTransport, JsonFactory jsonFactory, @@ -172,6 +196,17 @@ public final class Modules { } } + @Provides + static Function, GoogleCredential> provideScopedGoogleCredential( + final Provider googleCredentialProvider) { + return new Function, GoogleCredential>() { + @Override + public GoogleCredential apply(Set scopes) { + return googleCredentialProvider.get().createScoped(scopes); + } + }; + } + /** * Provides a GoogleCredential that will connect to GAE using delegated admin access. This is * needed for API calls requiring domain admin access to the relevant GAFYD using delegated @@ -183,14 +218,12 @@ public final class Modules { static GoogleCredential provideDelegatedAdminGoogleCredential( GoogleCredential googleCredential, HttpTransport httpTransport, - @DelegatedOAuthScopes Set scopes, @Config("googleAppsAdminEmailAddress") String googleAppsAdminEmailAddress) { return new GoogleCredential.Builder() .setTransport(httpTransport) .setJsonFactory(googleCredential.getJsonFactory()) .setServiceAccountId(googleCredential.getServiceAccountId()) .setServiceAccountPrivateKey(googleCredential.getServiceAccountPrivateKey()) - .setServiceAccountScopes(scopes) .setServiceAccountUser(googleAppsAdminEmailAddress) .build(); } diff --git a/java/google/registry/request/OAuthScopes.java b/java/google/registry/request/OAuthScopes.java deleted file mode 100644 index 63af0206f..000000000 --- a/java/google/registry/request/OAuthScopes.java +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2016 The Domain Registry Authors. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package google.registry.request; - -import java.lang.annotation.Documented; -import java.util.Set; -import javax.inject.Qualifier; - -/** Dagger qualifier for the {@link Set} of OAuth2 scope strings, used for API authorization. */ -@Qualifier -@Documented -public @interface OAuthScopes {}