From bfb5d04daaf6d06faea4e78b3fac7c7444fb2903 Mon Sep 17 00:00:00 2001 From: Shicong Huang Date: Tue, 23 Jul 2019 11:31:35 -0400 Subject: [PATCH] Bring back the old GoogleCredential for Drive API (#187) Using the new GoogleCredentials to access Drive API caused 403 forbidden exception. So, this PR brought back the old GoogleCredential to temporarily resolve the production issue while we are figuring out the long term fix. TESTED=Deployed to alpha and verified exportPremiumTerms succeeded, see https://paste.googleplex.com/6153215760400384. --- .../registry/config/CredentialModule.java | 31 +++++++++++++++++++ .../google/registry/export/DriveModule.java | 12 +++---- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/core/src/main/java/google/registry/config/CredentialModule.java b/core/src/main/java/google/registry/config/CredentialModule.java index f57f70564..47d9b98d5 100644 --- a/core/src/main/java/google/registry/config/CredentialModule.java +++ b/core/src/main/java/google/registry/config/CredentialModule.java @@ -16,6 +16,7 @@ package google.registry.config; import static java.nio.charset.StandardCharsets.UTF_8; +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.auth.oauth2.GoogleCredentials; import com.google.common.collect.ImmutableList; import dagger.Module; @@ -68,6 +69,29 @@ public abstract class CredentialModule { return GoogleCredentialsBundle.create(credential); } + /** + * Provides the default {@link GoogleCredential} from the Google Cloud runtime for G Suite + * Drive API. + * TODO(b/138195359): Deprecate this credential once we figure out how to use + * {@link GoogleCredentials} for G Suite Drive API. + */ + @GSuiteDriveCredential + @Provides + @Singleton + public static GoogleCredential provideGSuiteDriveCredential( + @Config("defaultCredentialOauthScopes") ImmutableList requiredScopes) { + GoogleCredential credential; + try { + credential = GoogleCredential.getApplicationDefault(); + } catch (IOException e) { + throw new RuntimeException(e); + } + if (credential.createScopedRequired()) { + credential = credential.createScoped(requiredScopes); + } + return credential; + } + /** * Provides a {@link GoogleCredentialsBundle} from the service account's JSON key file. * @@ -118,6 +142,13 @@ public abstract class CredentialModule { @Retention(RetentionPolicy.RUNTIME) public @interface DefaultCredential {} + + /** Dagger qualifier for the credential for G Suite Drive API. */ + @Qualifier + @Documented + @Retention(RetentionPolicy.RUNTIME) + public @interface GSuiteDriveCredential {} + /** * Dagger qualifier for a credential from a service account's JSON key, to be used in non-request * threads. diff --git a/core/src/main/java/google/registry/export/DriveModule.java b/core/src/main/java/google/registry/export/DriveModule.java index a0500fd15..f41dedf11 100644 --- a/core/src/main/java/google/registry/export/DriveModule.java +++ b/core/src/main/java/google/registry/export/DriveModule.java @@ -14,16 +14,16 @@ package google.registry.export; +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.services.drive.Drive; import dagger.Component; import dagger.Module; import dagger.Provides; import google.registry.config.CredentialModule; -import google.registry.config.CredentialModule.DefaultCredential; +import google.registry.config.CredentialModule.GSuiteDriveCredential; import google.registry.config.RegistryConfig.Config; import google.registry.config.RegistryConfig.ConfigModule; import google.registry.storage.drive.DriveConnection; -import google.registry.util.GoogleCredentialsBundle; import javax.inject.Singleton; /** Dagger module for Google {@link Drive} service connection objects. */ @@ -32,13 +32,13 @@ public final class DriveModule { @Provides static Drive provideDrive( - @DefaultCredential GoogleCredentialsBundle credentialsBundle, + @GSuiteDriveCredential GoogleCredential googleCredential, @Config("projectId") String projectId) { return new Drive.Builder( - credentialsBundle.getHttpTransport(), - credentialsBundle.getJsonFactory(), - credentialsBundle.getHttpRequestInitializer()) + googleCredential.getTransport(), + googleCredential.getJsonFactory(), + googleCredential) .setApplicationName(projectId) .build(); }