Use GoogleCredentials for tools Cloud SQL access (#1844)

core/src/main/java/google/registry/persistence/PersistenceModule.java

@@ -25,7 +25,7 @@ import static google.registry.config.RegistryConfig.getHibernateJdbcFetchSize;
 import static google.registry.config.RegistryConfig.getHibernateLogSqlQueries;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
-import com.google.api.client.auth.oauth2.Credential;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Maps;
@@ -247,7 +247,7 @@ public abstract class PersistenceModule {
   static JpaTransactionManager provideNomulusToolJpaTm(
       SqlCredentialStore credentialStore,
       @PartialCloudSqlConfigs ImmutableMap<String, String> cloudSqlConfigs,
-      @CloudSqlClientCredential Credential credential,
+      @CloudSqlClientCredential GoogleCredentials credential,
       Clock clock) {
     CloudSqlCredentialSupplier.setupCredentialSupplier(credential);
     HashMap<String, String> overrides = Maps.newHashMap(cloudSqlConfigs);

core/src/main/java/google/registry/persistence/transaction/CloudSqlCredentialSupplier.java

@@ -14,22 +14,24 @@
 
 package google.registry.persistence.transaction;
 
-import com.google.api.client.auth.oauth2.Credential;
+import com.google.api.client.http.HttpRequestInitializer;
+import com.google.auth.http.HttpCredentialsAdapter;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.sql.CredentialFactory;
 
-/** Supplier class to provide {@link Credential} for Cloud SQL library. */
+/** Supplier class to provide Credential for Cloud SQL library. */
 public class CloudSqlCredentialSupplier implements CredentialFactory {
-  private static Credential credential;
+  private static GoogleCredentials credential;
 
   /** Initialize the supplier with given credential json and scopes. */
-  public static void setupCredentialSupplier(Credential credential) {
+  public static void setupCredentialSupplier(GoogleCredentials credential) {
     System.setProperty(
         CredentialFactory.CREDENTIAL_FACTORY_PROPERTY, CloudSqlCredentialSupplier.class.getName());
     CloudSqlCredentialSupplier.credential = credential;
   }
 
   @Override
-  public Credential create() {
-    return credential;
+  public HttpRequestInitializer create() {
+    return new HttpCredentialsAdapter(credential);
   }
 }

core/src/main/java/google/registry/tools/AuthModule.java

@@ -20,7 +20,6 @@ import com.google.api.client.auth.oauth2.Credential;
 import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
 import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
 import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets.Details;
-import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.store.AbstractDataStoreFactory;
@@ -94,16 +93,14 @@ public class AuthModule {
     }
   }
 
-  // TODO(b/138195359): Deprecate this credential once Cloud SQL socket library uses the new auth
-  // library.
   @Provides
   @CloudSqlClientCredential
-  public static Credential providesLocalCredentialForCloudSqlClient(
+  public static GoogleCredentials providesLocalCredentialForCloudSqlClient(
       @LocalCredentialJson String credentialJson,
       @Config("localCredentialOauthScopes") ImmutableList<String> credentialScopes) {
     try {
-      GoogleCredential credential =
-          GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
+      GoogleCredentials credential =
+          GoogleCredentials.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
       if (credential.createScopedRequired()) {
         credential = credential.createScoped(credentialScopes);
       }