mirror of
https://github.com/google/nomulus.git
synced 2025-07-21 02:06:00 +02:00
Use @DefaultCredential for Cloud API access in GAE
This change completes the switch to @DefaultCredential for all use cases in GAE. Impacted modules: - IcannReporting - CreateCdnsTld command - LoadSnapshot command. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=213511730
This commit is contained in:
weiminyu
Ben McIlwain
parent
9bcd5579ef
commit
961e5cc7c7
20 changed files with 184 additions and 226 deletions
|
|
@ -16,6 +16,8 @@ package google.registry.tools;
|
|||
|
||||
import com.beust.jcommander.ParametersDelegate;
|
||||
import google.registry.bigquery.BigqueryConnection;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Provider;
|
||||
|
||||
/** A {@link Command} that uses the bigquery client API. */
|
||||
abstract class BigqueryCommand implements Command {
|
||||
|
|
@ -28,9 +30,12 @@ abstract class BigqueryCommand implements Command {
|
|||
/** Connection object for interacting with the Bigquery API. */
|
||||
private BigqueryConnection bigquery;
|
||||
|
||||
@Inject Provider<BigqueryConnection.Builder> bigQueryConnectionBuilderProvider;
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
try (BigqueryConnection autoClosingBigquery = bigqueryParameters.newConnection()) {
|
||||
try (BigqueryConnection autoClosingBigquery =
|
||||
bigqueryParameters.newConnection(bigQueryConnectionBuilderProvider.get())) {
|
||||
bigquery = autoClosingBigquery;
|
||||
runWithBigquery();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,13 +16,7 @@ package google.registry.tools;
|
|||
|
||||
import com.beust.jcommander.Parameter;
|
||||
import com.beust.jcommander.Parameters;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.http.HttpTransport;
|
||||
import com.google.api.client.http.javanet.NetHttpTransport;
|
||||
import com.google.api.client.json.JsonFactory;
|
||||
import com.google.api.client.json.jackson2.JacksonFactory;
|
||||
import google.registry.bigquery.BigqueryConnection;
|
||||
import java.io.IOException;
|
||||
import java.util.concurrent.Executors;
|
||||
import org.joda.time.Duration;
|
||||
|
||||
|
|
@ -57,31 +51,15 @@ final class BigqueryParameters {
|
|||
description = "Number of threads for running simultaneous BigQuery operations.")
|
||||
private int bigqueryNumThreads = DEFAULT_NUM_THREADS;
|
||||
|
||||
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
|
||||
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
|
||||
|
||||
/** Returns a new BigqueryConnection constructed according to the delegate's flag settings. */
|
||||
BigqueryConnection newConnection() throws Exception {
|
||||
BigqueryConnection connection = new BigqueryConnection.Builder()
|
||||
.setExecutorService(Executors.newFixedThreadPool(bigqueryNumThreads))
|
||||
.setCredential(newCredential())
|
||||
.setDatasetId(bigqueryDataset)
|
||||
.setOverwrite(bigqueryOverwrite)
|
||||
.setPollInterval(bigqueryPollInterval)
|
||||
.build();
|
||||
connection.initialize();
|
||||
BigqueryConnection newConnection(BigqueryConnection.Builder connectionBuilder) throws Exception {
|
||||
BigqueryConnection connection =
|
||||
connectionBuilder
|
||||
.setExecutorService(Executors.newFixedThreadPool(bigqueryNumThreads))
|
||||
.setDatasetId(bigqueryDataset)
|
||||
.setOverwrite(bigqueryOverwrite)
|
||||
.setPollInterval(bigqueryPollInterval)
|
||||
.build();
|
||||
return connection;
|
||||
}
|
||||
|
||||
/** Creates a credential object for the Bigquery client using application default credentials. */
|
||||
private GoogleCredential newCredential() {
|
||||
try {
|
||||
return GoogleCredential.getApplicationDefault(HTTP_TRANSPORT, JSON_FACTORY);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(
|
||||
"Could not obtain application default credentials - "
|
||||
+ "did you remember to run 'gcloud auth application-default login'?",
|
||||
e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,27 +14,21 @@
|
|||
|
||||
package google.registry.tools;
|
||||
|
||||
import static com.google.common.base.Verify.verify;
|
||||
|
||||
import com.beust.jcommander.Parameter;
|
||||
import com.beust.jcommander.Parameters;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
|
||||
import com.google.api.client.http.HttpTransport;
|
||||
import com.google.api.client.json.JsonFactory;
|
||||
import com.google.api.client.json.jackson2.JacksonFactory;
|
||||
import com.google.api.services.dns.Dns;
|
||||
import com.google.api.services.dns.model.ManagedZone;
|
||||
import com.google.api.services.dns.model.ManagedZoneDnsSecConfig;
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.util.Arrays;
|
||||
import java.util.stream.Collectors;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.inject.Inject;
|
||||
|
||||
@Parameters(separators = " =", commandDescription = "Create a Managed Zone for a TLD in Cloud DNS.")
|
||||
class CreateCdnsTld extends ConfirmingCommand {
|
||||
final class CreateCdnsTld extends ConfirmingCommand {
|
||||
|
||||
@Parameter(names = "--description", description = "Description of the new TLD.")
|
||||
String description;
|
||||
|
|
@ -57,6 +51,8 @@ class CreateCdnsTld extends ConfirmingCommand {
|
|||
@Config("projectId")
|
||||
String projectId;
|
||||
|
||||
@Inject Dns dnsService;
|
||||
|
||||
private static final String KEY_VALUE_FORMAT = " %s = %s";
|
||||
|
||||
private ManagedZone managedZone;
|
||||
|
|
@ -96,41 +92,19 @@ class CreateCdnsTld extends ConfirmingCommand {
|
|||
}
|
||||
|
||||
@Override
|
||||
public String execute() throws IOException, GeneralSecurityException {
|
||||
Dns dnsService = createDnsService();
|
||||
public String execute() throws IOException {
|
||||
validateDnsService();
|
||||
Dns.ManagedZones.Create request = dnsService.managedZones().create(projectId, managedZone);
|
||||
ManagedZone response = request.execute();
|
||||
return String.format("Created managed zone: %s", response);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
Dns createDnsService() throws IOException, GeneralSecurityException {
|
||||
// TODO(b/67367533): We should be obtaining the Dns instance from CloudDnsWriter module. But
|
||||
// to do this cleanly we need to refactor everything down to the credential object. Having
|
||||
// done that, this method will go away and this class will become final.
|
||||
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
|
||||
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
|
||||
|
||||
GoogleCredential credential = GoogleCredential.getApplicationDefault();
|
||||
if (credential.createScopedRequired()) {
|
||||
credential =
|
||||
credential.createScoped(
|
||||
Arrays.asList(
|
||||
"https://www.googleapis.com/auth/cloud-platform",
|
||||
"https://www.googleapis.com/auth/cloud-platform.read-only",
|
||||
"https://www.googleapis.com/auth/ndev.clouddns.readonly",
|
||||
"https://www.googleapis.com/auth/ndev.clouddns.readwrite"));
|
||||
}
|
||||
|
||||
Dns.Builder builder =
|
||||
new Dns.Builder(httpTransport, jsonFactory, credential).setApplicationName(projectId);
|
||||
private void validateDnsService() {
|
||||
// Sanity check to ensure only Production and Sandbox points to the CloudDns prod site.
|
||||
if (RegistryToolEnvironment.get() != RegistryToolEnvironment.PRODUCTION
|
||||
&& RegistryToolEnvironment.get() != RegistryToolEnvironment.SANDBOX) {
|
||||
builder
|
||||
.setRootUrl("https://staging-www.sandbox.googleapis.com")
|
||||
.setServicePath("dns/v2beta1_staging/projects/");
|
||||
verify(!Dns.DEFAULT_ROOT_URL.equals(dnsService.getRootUrl()));
|
||||
verify(!Dns.DEFAULT_SERVICE_PATH.equals(dnsService.getServicePath()));
|
||||
}
|
||||
|
||||
return builder.build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ package google.registry.tools;
|
|||
|
||||
import com.google.monitoring.metrics.MetricWriter;
|
||||
import dagger.Component;
|
||||
import google.registry.bigquery.BigqueryModule;
|
||||
import google.registry.config.CredentialModule;
|
||||
import google.registry.config.RegistryConfig.ConfigModule;
|
||||
import google.registry.dns.writer.VoidDnsWriterModule;
|
||||
|
|
@ -53,6 +54,7 @@ import javax.inject.Singleton;
|
|||
// TODO(b/36866706): Find a way to replace this with a command-line friendly version
|
||||
AppIdentityCredentialModule.class,
|
||||
AuthModule.class,
|
||||
BigqueryModule.class,
|
||||
ConfigModule.class,
|
||||
CredentialModule.class,
|
||||
DatastoreServiceModule.class,
|
||||
|
|
@ -99,6 +101,7 @@ interface RegistryToolComponent {
|
|||
void inject(GetKeyringSecretCommand command);
|
||||
void inject(GhostrydeCommand command);
|
||||
void inject(ListCursorsCommand command);
|
||||
void inject(LoadSnapshotCommand command);
|
||||
void inject(LockDomainCommand command);
|
||||
void inject(LoginCommand command);
|
||||
void inject(LogoutCommand command);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue