Introduce simplified Default credential provision

As the first step in credential consolidation, we replace
injection of application default credential in for KMS and
Drive.

Tests:
- for Drive, tested with exportDomainLists and exportReservedTerms.
- For KMS, used CLI commands (get_keyring_secret and update_kms_keyring) to change and
  restore secret for one key.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=211819859
This commit is contained in:
weiminyu 2018-09-06 09:29:21 -07:00 committed by jianglai
parent 4c3207647f
commit 9436ce6f0e
15 changed files with 148 additions and 42 deletions

View file

@ -176,6 +176,21 @@ oAuth:
# numbers-alphanumerics.apps.googleusercontent.com
allowedOauthClientIds: []
credentialOAuth:
# OAuth scopes required for accessing Google APIs.
credentialOauthScopes:
# View and manage data in all Google Cloud APIs.
- https://www.googleapis.com/auth/cloud-platform
# View and manage files in Google Drive.
- https://www.googleapis.com/auth/drive
# View and manage groups on your domain in Directory API.
- https://www.googleapis.com/auth/admin.directory.group
# Inherited from current code.
# TODO(weiminyu): verify if the scope above is sufficient by itself.
- https://www.googleapis.com/auth/admin.directory.group.member
# View and manage the settings of a Google Apps Group.
- https://www.googleapis.com/auth/apps.groups.settings
icannReporting:
# URL we PUT monthly ICANN transactions reports to.
icannTransactionsReportingUploadUrl: https://ry-api.icann.org/report/registrar-transactions