Bring back the old GoogleCredential for Drive API (#187)

Using the new GoogleCredentials to access Drive API caused 403 forbidden exception. So, this PR brought back the old GoogleCredential to temporarily resolve the production issue while we are figuring out the long term fix. TESTED=Deployed to alpha and verified exportPremiumTerms succeeded, see https://paste.googleplex.com/6153215760400384.
2025-06-23 21:00:50 +02:00 · 2019-07-23 11:31:35 -04:00 · 2019-07-23 11:31:35 -04:00 · bfb5d04daa
commit bfb5d04daa
parent cdb94ba24f
2 changed files with 37 additions and 6 deletions
--- a/core/src/main/java/google/registry/config/CredentialModule.java
+++ b/core/src/main/java/google/registry/config/CredentialModule.java
@ -16,6 +16,7 @@ package google.registry.config;

 import static java.nio.charset.StandardCharsets.UTF_8;

+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.collect.ImmutableList;
 import dagger.Module;
@ -68,6 +69,29 @@ public abstract class CredentialModule {
    return GoogleCredentialsBundle.create(credential);
  }

+  /**
+   * Provides the default {@link GoogleCredential} from the Google Cloud runtime for G Suite
+   * Drive API.
+   * TODO(b/138195359): Deprecate this credential once we figure out how to use
+   * {@link GoogleCredentials} for G Suite Drive API.
+   */
+  @GSuiteDriveCredential
+  @Provides
+  @Singleton
+  public static GoogleCredential provideGSuiteDriveCredential(
+      @Config("defaultCredentialOauthScopes") ImmutableList<String> requiredScopes) {
+    GoogleCredential credential;
+    try {
+      credential = GoogleCredential.getApplicationDefault();
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+    if (credential.createScopedRequired()) {
+      credential = credential.createScoped(requiredScopes);
+    }
+    return credential;
+  }
+
  /**
   * Provides a {@link GoogleCredentialsBundle} from the service account's JSON key file.
   *
@ -118,6 +142,13 @@ public abstract class CredentialModule {
  @Retention(RetentionPolicy.RUNTIME)
  public @interface DefaultCredential {}

+
+  /** Dagger qualifier for the credential for G Suite Drive API. */
+  @Qualifier
+  @Documented
+  @Retention(RetentionPolicy.RUNTIME)
+  public @interface GSuiteDriveCredential {}
+
  /**
   * Dagger qualifier for a credential from a service account's JSON key, to be used in non-request
   * threads.
--- a/core/src/main/java/google/registry/export/DriveModule.java
+++ b/core/src/main/java/google/registry/export/DriveModule.java
@ -14,16 +14,16 @@

 package google.registry.export;

+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.services.drive.Drive;
 import dagger.Component;
 import dagger.Module;
 import dagger.Provides;
 import google.registry.config.CredentialModule;
-import google.registry.config.CredentialModule.DefaultCredential;
+import google.registry.config.CredentialModule.GSuiteDriveCredential;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.config.RegistryConfig.ConfigModule;
 import google.registry.storage.drive.DriveConnection;
-import google.registry.util.GoogleCredentialsBundle;
 import javax.inject.Singleton;

 /** Dagger module for Google {@link Drive} service connection objects. */
@ -32,13 +32,13 @@ public final class DriveModule {

  @Provides
  static Drive provideDrive(
-      @DefaultCredential GoogleCredentialsBundle credentialsBundle,
+      @GSuiteDriveCredential GoogleCredential googleCredential,
      @Config("projectId") String projectId) {

    return new Drive.Builder(
-            credentialsBundle.getHttpTransport(),
-            credentialsBundle.getJsonFactory(),
-            credentialsBundle.getHttpRequestInitializer())
+            googleCredential.getTransport(),
+            googleCredential.getJsonFactory(),
+            googleCredential)
        .setApplicationName(projectId)
        .build();
  }