From 76469e022d3b22bf49aa2868215afde9802318f6 Mon Sep 17 00:00:00 2001
From: Weimin Yu <weiminyu@google.com>
Date: Fri, 4 Nov 2022 17:20:21 -0400
Subject: [PATCH] Use GoogleCredentials for tools Cloud SQL access (#1844)

---
 .../registry/persistence/PersistenceModule.java    |  4 ++--
 .../transaction/CloudSqlCredentialSupplier.java    | 14 ++++++++------
 .../java/google/registry/tools/AuthModule.java     |  9 +++------
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/core/src/main/java/google/registry/persistence/PersistenceModule.java b/core/src/main/java/google/registry/persistence/PersistenceModule.java
index 62ff1334c..e8cddcf52 100644
--- a/core/src/main/java/google/registry/persistence/PersistenceModule.java
+++ b/core/src/main/java/google/registry/persistence/PersistenceModule.java
@@ -25,7 +25,7 @@ import static google.registry.config.RegistryConfig.getHibernateJdbcFetchSize;
 import static google.registry.config.RegistryConfig.getHibernateLogSqlQueries;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
-import com.google.api.client.auth.oauth2.Credential;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Maps;
@@ -247,7 +247,7 @@ public abstract class PersistenceModule {
   static JpaTransactionManager provideNomulusToolJpaTm(
       SqlCredentialStore credentialStore,
       @PartialCloudSqlConfigs ImmutableMap<String, String> cloudSqlConfigs,
-      @CloudSqlClientCredential Credential credential,
+      @CloudSqlClientCredential GoogleCredentials credential,
       Clock clock) {
     CloudSqlCredentialSupplier.setupCredentialSupplier(credential);
     HashMap<String, String> overrides = Maps.newHashMap(cloudSqlConfigs);
diff --git a/core/src/main/java/google/registry/persistence/transaction/CloudSqlCredentialSupplier.java b/core/src/main/java/google/registry/persistence/transaction/CloudSqlCredentialSupplier.java
index d0722121f..afbe8b0f0 100644
--- a/core/src/main/java/google/registry/persistence/transaction/CloudSqlCredentialSupplier.java
+++ b/core/src/main/java/google/registry/persistence/transaction/CloudSqlCredentialSupplier.java
@@ -14,22 +14,24 @@
 
 package google.registry.persistence.transaction;
 
-import com.google.api.client.auth.oauth2.Credential;
+import com.google.api.client.http.HttpRequestInitializer;
+import com.google.auth.http.HttpCredentialsAdapter;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.sql.CredentialFactory;
 
-/** Supplier class to provide {@link Credential} for Cloud SQL library. */
+/** Supplier class to provide Credential for Cloud SQL library. */
 public class CloudSqlCredentialSupplier implements CredentialFactory {
-  private static Credential credential;
+  private static GoogleCredentials credential;
 
   /** Initialize the supplier with given credential json and scopes. */
-  public static void setupCredentialSupplier(Credential credential) {
+  public static void setupCredentialSupplier(GoogleCredentials credential) {
     System.setProperty(
         CredentialFactory.CREDENTIAL_FACTORY_PROPERTY, CloudSqlCredentialSupplier.class.getName());
     CloudSqlCredentialSupplier.credential = credential;
   }
 
   @Override
-  public Credential create() {
-    return credential;
+  public HttpRequestInitializer create() {
+    return new HttpCredentialsAdapter(credential);
   }
 }
diff --git a/core/src/main/java/google/registry/tools/AuthModule.java b/core/src/main/java/google/registry/tools/AuthModule.java
index df357714c..3c6b27bed 100644
--- a/core/src/main/java/google/registry/tools/AuthModule.java
+++ b/core/src/main/java/google/registry/tools/AuthModule.java
@@ -20,7 +20,6 @@ import com.google.api.client.auth.oauth2.Credential;
 import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
 import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
 import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets.Details;
-import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.store.AbstractDataStoreFactory;
@@ -94,16 +93,14 @@ public class AuthModule {
     }
   }
 
-  // TODO(b/138195359): Deprecate this credential once Cloud SQL socket library uses the new auth
-  // library.
   @Provides
   @CloudSqlClientCredential
-  public static Credential providesLocalCredentialForCloudSqlClient(
+  public static GoogleCredentials providesLocalCredentialForCloudSqlClient(
       @LocalCredentialJson String credentialJson,
       @Config("localCredentialOauthScopes") ImmutableList<String> credentialScopes) {
     try {
-      GoogleCredential credential =
-          GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
+      GoogleCredentials credential =
+          GoogleCredentials.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
       if (credential.createScopedRequired()) {
         credential = credential.createScoped(credentialScopes);
       }