diff --git a/java/google/registry/config/BUILD b/java/google/registry/config/BUILD index 275a144d3..812b0a13a 100644 --- a/java/google/registry/config/BUILD +++ b/java/google/registry/config/BUILD @@ -9,6 +9,7 @@ java_library( srcs = glob(["*.java"]), resources = glob(["files/*.yaml"]), deps = [ + "//java/google/registry/keyring/api", "//java/google/registry/util", "@com_google_api_client", "@com_google_appengine_api_1_0_sdk", @@ -18,6 +19,7 @@ java_library( "@com_google_flogger", "@com_google_flogger_system_backend", "@com_google_guava", + "@com_google_http_client", "@javax_inject", "@joda_time", "@org_joda_money", diff --git a/java/google/registry/config/CredentialModule.java b/java/google/registry/config/CredentialModule.java index a14aacc97..4061fd1b6 100644 --- a/java/google/registry/config/CredentialModule.java +++ b/java/google/registry/config/CredentialModule.java @@ -14,12 +14,19 @@ package google.registry.config; +import static java.nio.charset.StandardCharsets.UTF_8; + import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; +import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; +import com.google.api.client.googleapis.util.Utils; import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; import google.registry.config.RegistryConfig.Config; +import google.registry.keyring.api.KeyModule.Key; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.security.GeneralSecurityException; import javax.inject.Qualifier; import javax.inject.Singleton; @@ -48,6 +55,30 @@ public abstract class CredentialModule { return credential; } + /** Provides a {@link GoogleCredential} from the service account's JSON key file. */ + @JsonCredential + @Provides + @Singleton + public static GoogleCredential provideJsonCredential( + @Config("credentialOauthScopes") ImmutableList requiredScopes, + @Key("jsonCredential") String jsonCredential) { + GoogleCredential credential; + try { + credential = + GoogleCredential.fromStream( + new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)), + // We cannot use UrlFetchTransport as that uses App Engine API. + GoogleNetHttpTransport.newTrustedTransport(), + Utils.getDefaultJsonFactory()); + } catch (IOException | GeneralSecurityException e) { + throw new RuntimeException(e); + } + if (credential.createScopedRequired()) { + credential = credential.createScoped(requiredScopes); + } + return credential; + } + /** Dagger qualifier for the Application Default Credential. */ @Qualifier public @interface DefaultCredential {} diff --git a/java/google/registry/monitoring/whitebox/StackdriverModule.java b/java/google/registry/monitoring/whitebox/StackdriverModule.java index 6cee68028..a5d0427ea 100644 --- a/java/google/registry/monitoring/whitebox/StackdriverModule.java +++ b/java/google/registry/monitoring/whitebox/StackdriverModule.java @@ -15,10 +15,7 @@ package google.registry.monitoring.whitebox; import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; -import com.google.api.client.http.javanet.NetHttpTransport; -import com.google.api.client.json.JsonFactory; import com.google.api.services.monitoring.v3.Monitoring; -import com.google.api.services.monitoring.v3.MonitoringScopes; import com.google.api.services.monitoring.v3.model.MonitoredResource; import com.google.appengine.api.modules.ModulesService; import com.google.common.collect.ImmutableMap; @@ -28,9 +25,8 @@ import com.google.monitoring.metrics.MetricWriter; import com.google.monitoring.metrics.stackdriver.StackdriverWriter; import dagger.Module; import dagger.Provides; +import google.registry.config.CredentialModule.JsonCredential; import google.registry.config.RegistryConfig.Config; -import java.util.Set; -import java.util.function.Function; import org.joda.time.Duration; /** Dagger module for Google Stackdriver service connection objects. */ @@ -43,11 +39,9 @@ public final class StackdriverModule { @Provides static Monitoring provideMonitoring( - NetHttpTransport transport, - JsonFactory jsonFactory, - Function, GoogleCredential> credential, - @Config("projectId") String projectId) { - return new Monitoring.Builder(transport, jsonFactory, credential.apply(MonitoringScopes.all())) + @JsonCredential GoogleCredential credential, @Config("projectId") String projectId) { + return new Monitoring.Builder( + credential.getTransport(), credential.getJsonFactory(), credential) .setApplicationName(projectId) .build(); }