zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-16 09:27:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use local credential to deploy beam pipelines

Browse source 
We are moving away from using Application Default Credentials generated by "gcloud auth application-default login" in our code base and consolidate on using self-managed credentials provided from AuthModule.

One of the remaining dependencies on the ADCs is from beam pipeline deployment commands, which by default use the ADCs to talk to GCS and upload the jar files and templates. In this CL, we explicitly provide the locally created credential to the Options used in deployments.

Also moved all credential qualifiers to CredentialModule, and removed @AppEngineAdminApiCredential, which is no longer used.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=224199812
This commit is contained in:
jianglai 2018-12-05 12:20:27 -08:00
parent fdda03eb53
commit a612e9bf66
12 changed files with 77 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

2
java/google/registry/tools/AppEngineAdminApiModule.java
View file

@ -19,8 +19,8 @@ import com.google.api.client.googleapis.util.Utils;
import com.google.api.services.appengine.v1.Appengine;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule.LocalCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.tools.AuthModule.LocalCredential;
import javax.inject.Singleton;
/** Module providing the instance of {@link Appengine} to access App Engine Admin Api. */

43
java/google/registry/tools/AuthModule.java
View file

@ -28,7 +28,6 @@ import com.google.api.client.json.JsonFactory;
import com.google.api.client.util.store.AbstractDataStoreFactory;
import com.google.api.client.util.store.FileDataStoreFactory;
import com.google.common.base.Joiner;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Ordering;
@ -37,11 +36,12 @@ import dagger.Binds;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule.DefaultCredential;
import google.registry.config.CredentialModule.LocalCredential;
import google.registry.config.CredentialModule.LocalCredentialJson;
import google.registry.config.RegistryConfig.Config;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@ -84,9 +84,9 @@ public class AuthModule {
@Provides
@LocalCredential
public static GoogleCredential provideLocalCredential(
@LocalCredentialStream Supplier<InputStream> credentialStream) {
@LocalCredentialJson String credentialJson) {
try {
return GoogleCredential.fromStream(credentialStream.get());
return GoogleCredential.fromStream(new ByteArrayInputStream(credentialJson.getBytes(UTF_8)));
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -132,20 +132,17 @@ public class AuthModule {
}
@Provides
@LocalCredentialStream
public static Supplier<InputStream> provideLocalCredentialStream(
@LocalCredentialJson
public static String provideLocalCredentialJson(
GoogleClientSecrets clientSecrets, @StoredCredential Credential credential) {
String json =
new Gson()
.toJson(
ImmutableMap.<String, String>builder()
.put("type", "authorized_user")
.put("client_id", clientSecrets.getDetails().getClientId())
.put("client_secret", clientSecrets.getDetails().getClientSecret())
.put("refresh_token", credential.getRefreshToken())
.build());
// A supplier is provided so that each binding gets a fresh stream, to avoid contention.
return () -> new ByteArrayInputStream(json.getBytes(UTF_8));
return new Gson()
.toJson(
ImmutableMap.<String, String>builder()
.put("type", "authorized_user")
.put("client_id", clientSecrets.getDetails().getClientId())
.put("client_secret", clientSecrets.getDetails().getClientSecret())
.put("refresh_token", credential.getRefreshToken())
.build());
}
@Provides
@ -189,18 +186,6 @@ public class AuthModule {
@Retention(RetentionPolicy.RUNTIME)
private @interface StoredCredential {}
/** Dagger qualifier for the local credential used in the nomulus tool. */
@Qualifier
@Documented
@Retention(RetentionPolicy.RUNTIME)
@interface LocalCredential {}
/** Dagger qualifier for the JSON stream used to create the local credential. */
@Qualifier
@Documented
@Retention(RetentionPolicy.RUNTIME)
@interface LocalCredentialStream {}
/** Dagger qualifier for the credential qualifier consisting of client and scopes. */
@Qualifier
@Documented

4
java/google/registry/tools/RegistryCli.java
View file

@ -17,6 +17,7 @@ package google.registry.tools;
import static com.google.common.base.Preconditions.checkState;
import static google.registry.model.ofy.ObjectifyService.ofy;
import static google.registry.tools.Injector.injectReflectively;
import static java.nio.charset.StandardCharsets.UTF_8;
import com.beust.jcommander.JCommander;
import com.beust.jcommander.Parameter;
@ -32,6 +33,7 @@ import google.registry.config.RegistryConfig;
import google.registry.model.ofy.ObjectifyService;
import google.registry.tools.AuthModule.LoginRequiredException;
import google.registry.tools.params.ParameterFactory;
import java.io.ByteArrayInputStream;
import java.net.URL;
import java.security.Security;
import java.util.Map;
@ -211,7 +213,7 @@ final class RegistryCli implements AutoCloseable, CommandRunner {
options.useDevelopmentServerCredential();
} else {
RemoteApiOptionsUtil.useGoogleCredentialStream(
options, component.googleCredentialStream().get());
options, new ByteArrayInputStream(component.googleCredentialJson().getBytes(UTF_8)));
}
installer.install(options);
}

8
java/google/registry/tools/RegistryToolComponent.java
View file

@ -14,9 +14,9 @@
package google.registry.tools;
import com.google.common.base.Supplier;
import dagger.Component;
import google.registry.bigquery.BigqueryModule;
import google.registry.config.CredentialModule.LocalCredentialJson;
import google.registry.config.RegistryConfig.ConfigModule;
import google.registry.dns.writer.VoidDnsWriterModule;
import google.registry.dns.writer.clouddns.CloudDnsWriterModule;
@ -32,12 +32,10 @@ import google.registry.request.Modules.URLFetchServiceModule;
import google.registry.request.Modules.UrlFetchTransportModule;
import google.registry.request.Modules.UserServiceModule;
import google.registry.tools.AuthModule.LocalCredentialModule;
import google.registry.tools.AuthModule.LocalCredentialStream;
import google.registry.util.AppEngineServiceUtilsImpl.AppEngineServiceUtilsModule;
import google.registry.util.SystemClock.SystemClockModule;
import google.registry.util.SystemSleeper.SystemSleeperModule;
import google.registry.whois.WhoisModule;
import java.io.InputStream;
import javax.inject.Singleton;
/**
@ -112,7 +110,7 @@ interface RegistryToolComponent {
AppEngineConnection appEngineConnection();
@LocalCredentialStream
Supplier<InputStream> googleCredentialStream();
@LocalCredentialJson
String googleCredentialJson();
}

2
java/google/registry/tools/RequestFactoryModule.java
View file

@ -19,8 +19,8 @@ import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.javanet.NetHttpTransport;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule.LocalCredential;
import google.registry.config.RegistryConfig;
import google.registry.tools.AuthModule.LocalCredential;
/**
* Module for providing the HttpRequestFactory.