Make BigqueryCommand use application default creds

This fixes a long-standing bug b/26016322 to move BigqueryCommand off of using a service account to access the Bigquery API.  It's now using Application Default Credentials, which can be easily auto-installed on a machine by running 'gcloud auth application-default login' and clicking through the OAuth consent screen.

The old method was a pain because:

1) individual users of the tool each needed to know to download and store a private key for the service account, and specify the key file via a CLI flag
2) BigQuery actions taken via the tool (e.g. load or query jobs) were listed as belonging to the service account, making them harder to find in the UI or for debugging, and difficult to audit (no idea which engineer invoked the tool)
3) within Google, this meant extra whitelisting headaches

The new method also isn't perfect because Application Default Credentials obtained via gcloud are supposed to be used primarily for local testing, and don't support setting any custom scopes.  However, we don't need custom scopes for this, and the smoother flow is worth it.

In the longer term, once the CLI is using OAuth to talk to the app itself, we'll be able to switch to the "best practice" option of also using those credentials for talking to the BigQuery API.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145120770

java/google/registry/tools/BigqueryParameters.java

@@ -21,11 +21,8 @@ import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.jackson2.JacksonFactory;
-import com.google.api.services.bigquery.BigqueryScopes;
 import google.registry.bigquery.BigqueryConnection;
-import google.registry.tools.params.PathParameter;
+import java.io.IOException;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.concurrent.Executors;
 import org.joda.time.Duration;
 
@@ -40,18 +37,6 @@ final class BigqueryParameters {
    */
   private static final int DEFAULT_NUM_THREADS = 20;
 
-  @Parameter(
-      names = "--bigquery_service_account",
-      description = "Email for the Google APIs service account to use.")
-  private String bigqueryServiceAccountEmail =
-      "1080941367941-ic4pknfqcj1q7hhc9ob0bls920v80unu@developer.gserviceaccount.com";
-
-  @Parameter(
-      names = "--bigquery_service_account_key",
-      description = "PKCS file (.p12) containing the private key for the service account.",
-      validateWith = PathParameter.InputFile.class)
-  private Path bigqueryServiceAccountKeyFile = Paths.get("key.p12");
-
   @Parameter(
       names = "--bigquery_dataset",
       description = "Name of the default dataset to use, for reading and writing.")
@@ -88,13 +73,15 @@ final class BigqueryParameters {
     return connection;
   }
 
-  /** Creates a credential object for the Bigquery client service using a service account. */
+  /** Creates a credential object for the Bigquery client using application default credentials. */
-  private GoogleCredential newCredential() throws Exception {
+  private GoogleCredential newCredential() {
-    return new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
+    try {
-        .setJsonFactory(JSON_FACTORY)
+      return GoogleCredential.getApplicationDefault(HTTP_TRANSPORT, JSON_FACTORY);
-        .setServiceAccountId(bigqueryServiceAccountEmail)
+    } catch (IOException e) {
-        .setServiceAccountScopes(BigqueryScopes.all())
+      throw new RuntimeException(
-        .setServiceAccountPrivateKeyFromP12File(bigqueryServiceAccountKeyFile.toFile())
+          "Could not obtain application default credentials - "
-        .build();
+              + "did you remember to run 'gcloud auth application-default login'?",
+          e);
+    }
   }
 }