Switch to new Json credential provisioning

As part of credential consolidation, update the credential provisioing in StackDriver Module. This is the only module that will continue using Json-based credential. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=211878151
2025-05-15 00:47:11 +02:00 · 2018-09-06 15:16:06 -07:00 · 2018-09-06 15:16:06 -07:00 · be18f55640
commit be18f55640
parent 22e1d905b6
3 changed files with 37 additions and 10 deletions
--- a/java/google/registry/config/CredentialModule.java
+++ b/java/google/registry/config/CredentialModule.java
@ -14,12 +14,19 @@

 package google.registry.config;

+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
+import com.google.api.client.googleapis.util.Utils;
 import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
 import google.registry.config.RegistryConfig.Config;
+import google.registry.keyring.api.KeyModule.Key;
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import javax.inject.Qualifier;
 import javax.inject.Singleton;

@ -48,6 +55,30 @@ public abstract class CredentialModule {
    return credential;
  }

+  /** Provides a {@link GoogleCredential} from the service account's JSON key file. */
+  @JsonCredential
+  @Provides
+  @Singleton
+  public static GoogleCredential provideJsonCredential(
+      @Config("credentialOauthScopes") ImmutableList<String> requiredScopes,
+      @Key("jsonCredential") String jsonCredential) {
+    GoogleCredential credential;
+    try {
+      credential =
+          GoogleCredential.fromStream(
+              new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)),
+              // We cannot use UrlFetchTransport as that uses App Engine API.
+              GoogleNetHttpTransport.newTrustedTransport(),
+              Utils.getDefaultJsonFactory());
+    } catch (IOException | GeneralSecurityException e) {
+      throw new RuntimeException(e);
+    }
+    if (credential.createScopedRequired()) {
+      credential = credential.createScoped(requiredScopes);
+    }
+    return credential;
+  }
+
  /** Dagger qualifier for the Application Default Credential. */
  @Qualifier
  public @interface DefaultCredential {}