Refactor DelegatedCredential provisioning for GSuite domains

Updated the registar contact group management, which is the only use case for this credential. Also updated GSuite domain delegated admin access config in admin dashboard for both sandbox (used by alpha and sandbox) and prod. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=212320157
2025-05-13 07:57:13 +02:00 · 2018-09-10 13:16:44 -07:00 · 2018-09-10 13:16:44 -07:00 · 5c1d9bd5c3
commit 5c1d9bd5c3
parent 1b3df82fb3
5 changed files with 30 additions and 57 deletions
--- a/java/google/registry/request/Modules.java
+++ b/java/google/registry/request/Modules.java
@ -31,17 +31,14 @@ import com.google.appengine.api.urlfetch.URLFetchService;
 import com.google.appengine.api.urlfetch.URLFetchServiceFactory;
 import com.google.appengine.api.users.UserService;
 import com.google.appengine.api.users.UserServiceFactory;
-import com.google.common.collect.ImmutableSet;
 import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
-import google.registry.config.RegistryConfig.Config;
 import google.registry.keyring.api.KeyModule.Key;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Set;
 import java.util.function.Function;
-import javax.inject.Named;
 import javax.inject.Provider;
 import javax.inject.Singleton;

@ -206,35 +203,5 @@ public final class Modules {
        final Provider<GoogleCredential> googleCredentialProvider) {
      return scopes -> googleCredentialProvider.get().createScoped(scopes);
    }
-
-    /**
-     * Provides a GoogleCredential that will connect to GAE using delegated admin access. This is
-     * needed for API calls requiring domain admin access to the relevant GAFYD using delegated
-     * scopes, e.g. the Directory API and the Groupssettings API.
-     *
-     * <p>Note that you must call {@link GoogleCredential#createScoped} on the credential provided
-     * by this method first before using it, as this does not and cannot set the scopes, and a
-     * credential without scopes doesn't actually provide access to do anything.
-     */
-    @Provides
-    @Singleton
-    @Named("delegatedAdmin")
-    static GoogleCredential provideDelegatedAdminGoogleCredential(
-        GoogleCredential googleCredential,
-        HttpTransport httpTransport,
-        @Config("gSuiteAdminAccountEmailAddress") String gSuiteAdminAccountEmailAddress) {
-      return new GoogleCredential.Builder()
-          .setTransport(httpTransport)
-          .setJsonFactory(googleCredential.getJsonFactory())
-          .setServiceAccountId(googleCredential.getServiceAccountId())
-          .setServiceAccountPrivateKey(googleCredential.getServiceAccountPrivateKey())
-          // Set the scopes to empty because the default value is null, which throws an NPE in the
-          // GoogleCredential constructor.  We don't yet know the actual scopes to use here, and it
-          // is thus the responsibility of every user of a delegated admin credential to call
-          // createScoped() on it first to get the version with the correct scopes set.
-          .setServiceAccountScopes(ImmutableSet.of())
-          .setServiceAccountUser(gSuiteAdminAccountEmailAddress)
-          .build();
-    }
  }
 }