diff --git a/core/src/main/java/google/registry/config/CredentialModule.java b/core/src/main/java/google/registry/config/CredentialModule.java index f57f70564..47d9b98d5 100644 --- a/core/src/main/java/google/registry/config/CredentialModule.java +++ b/core/src/main/java/google/registry/config/CredentialModule.java @@ -16,6 +16,7 @@ package google.registry.config; import static java.nio.charset.StandardCharsets.UTF_8; +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.auth.oauth2.GoogleCredentials; import com.google.common.collect.ImmutableList; import dagger.Module; @@ -68,6 +69,29 @@ public abstract class CredentialModule { return GoogleCredentialsBundle.create(credential); } + /** + * Provides the default {@link GoogleCredential} from the Google Cloud runtime for G Suite + * Drive API. + * TODO(b/138195359): Deprecate this credential once we figure out how to use + * {@link GoogleCredentials} for G Suite Drive API. + */ + @GSuiteDriveCredential + @Provides + @Singleton + public static GoogleCredential provideGSuiteDriveCredential( + @Config("defaultCredentialOauthScopes") ImmutableList requiredScopes) { + GoogleCredential credential; + try { + credential = GoogleCredential.getApplicationDefault(); + } catch (IOException e) { + throw new RuntimeException(e); + } + if (credential.createScopedRequired()) { + credential = credential.createScoped(requiredScopes); + } + return credential; + } + /** * Provides a {@link GoogleCredentialsBundle} from the service account's JSON key file. * @@ -118,6 +142,13 @@ public abstract class CredentialModule { @Retention(RetentionPolicy.RUNTIME) public @interface DefaultCredential {} + + /** Dagger qualifier for the credential for G Suite Drive API. */ + @Qualifier + @Documented + @Retention(RetentionPolicy.RUNTIME) + public @interface GSuiteDriveCredential {} + /** * Dagger qualifier for a credential from a service account's JSON key, to be used in non-request * threads. diff --git a/core/src/main/java/google/registry/export/DriveModule.java b/core/src/main/java/google/registry/export/DriveModule.java index a0500fd15..f41dedf11 100644 --- a/core/src/main/java/google/registry/export/DriveModule.java +++ b/core/src/main/java/google/registry/export/DriveModule.java @@ -14,16 +14,16 @@ package google.registry.export; +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.services.drive.Drive; import dagger.Component; import dagger.Module; import dagger.Provides; import google.registry.config.CredentialModule; -import google.registry.config.CredentialModule.DefaultCredential; +import google.registry.config.CredentialModule.GSuiteDriveCredential; import google.registry.config.RegistryConfig.Config; import google.registry.config.RegistryConfig.ConfigModule; import google.registry.storage.drive.DriveConnection; -import google.registry.util.GoogleCredentialsBundle; import javax.inject.Singleton; /** Dagger module for Google {@link Drive} service connection objects. */ @@ -32,13 +32,13 @@ public final class DriveModule { @Provides static Drive provideDrive( - @DefaultCredential GoogleCredentialsBundle credentialsBundle, + @GSuiteDriveCredential GoogleCredential googleCredential, @Config("projectId") String projectId) { return new Drive.Builder( - credentialsBundle.getHttpTransport(), - credentialsBundle.getJsonFactory(), - credentialsBundle.getHttpRequestInitializer()) + googleCredential.getTransport(), + googleCredential.getJsonFactory(), + googleCredential) .setApplicationName(projectId) .build(); }