From c52a5e3b18d88289c843bbb36e81ed591aa9b1d7 Mon Sep 17 00:00:00 2001
From: Weimin Yu <weiminyu@google.com>
Date: Thu, 11 Feb 2021 14:06:13 -0500
Subject: [PATCH] Revert BEAM pipeline back to SQL credential file (#961)

* Revert BEAM pipeline back to SQL credential file

Stop using the SecretManager for SQL credential in BEAM for now. The
SecretManager cannot be injected into the code on pipeline workers
because RegistryEnvironment is not set.

See b/179839014 for details.
---
 .../persistence/PersistenceModule.java        | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/google/registry/persistence/PersistenceModule.java b/core/src/main/java/google/registry/persistence/PersistenceModule.java
index fbc2185c4..75cb905ae 100644
--- a/core/src/main/java/google/registry/persistence/PersistenceModule.java
+++ b/core/src/main/java/google/registry/persistence/PersistenceModule.java
@@ -46,6 +46,7 @@ import java.lang.annotation.Documented;
 import java.sql.Connection;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
 import javax.annotation.Nullable;
 import javax.inject.Provider;
@@ -204,9 +205,24 @@ public abstract class PersistenceModule {
       Clock clock) {
     HashMap<String, String> overrides = Maps.newHashMap(cloudSqlConfigs);
     overrides.put(HIKARI_MAXIMUM_POOL_SIZE, String.valueOf(hikariMaximumPoolSize));
+    overrides.put(Environment.USER, username);
+    overrides.put(Environment.PASS, password);
     // TODO(b/175700623): consider assigning different logins to pipelines
-    validateAndSetCredential(
-        credentialStore, new RobotUser(RobotId.NOMULUS), overrides, username, password);
+    // TODO(b/179839014): Make SqlCredentialStore injectable in BEAM
+    // Note: the logs below appear in the pipeline's Worker logs, not the Job log.
+    try {
+      SqlCredential credential = credentialStore.getCredential(new RobotUser(RobotId.NOMULUS));
+      if (!Objects.equals(username, credential.login())) {
+        logger.atWarning().log(
+            "Wrong username for nomulus. Expecting %s, found %s.", username, credential.login());
+      } else if (!Objects.equals(password, credential.password())) {
+        logger.atWarning().log("Wrong password for nomulus.");
+      } else {
+        logger.atWarning().log("Credentials in the kerying and the secret manager match.");
+      }
+    } catch (Exception e) {
+      logger.atWarning().withCause(e).log("Failed to get SQL credential from Secret Manager.");
+    }
     return new JpaTransactionManagerImpl(create(overrides), clock);
   }
 
@@ -280,7 +296,7 @@ public abstract class PersistenceModule {
       overrides.put(Environment.PASS, credential.password());
       logger.atWarning().log("Credentials in the kerying and the secret manager match.");
     } catch (Throwable e) {
-      logger.atWarning().log(e.getMessage());
+      logger.atSevere().withCause(e).log("Failed to get SQL credential from Secret Manager");
     }
   }