zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-08 20:23:24 +02:00
Code Issues Projects Releases Packages Wiki Activity

Revert BEAM pipeline back to SQL credential file (#961)

Browse source 
* Revert BEAM pipeline back to SQL credential file

Stop using the SecretManager for SQL credential in BEAM for now. The
SecretManager cannot be injected into the code on pipeline workers
because RegistryEnvironment is not set.

See b/179839014 for details.
This commit is contained in:
Weimin Yu 2021-02-11 14:06:13 -05:00 committed by GitHub
parent 3f6a796aaf
commit c52a5e3b18
1 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

22
core/src/main/java/google/registry/persistence/PersistenceModule.java
View file

@ -46,6 +46,7 @@ import java.lang.annotation.Documented;
import java.sql.Connection; import java.sql.Connection;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.Optional; import java.util.Optional;
import javax.annotation.Nullable; import javax.annotation.Nullable;
import javax.inject.Provider; import javax.inject.Provider;
@ -204,9 +205,24 @@ public abstract class PersistenceModule {
Clock clock) { Clock clock) {
HashMap<String, String> overrides = Maps.newHashMap(cloudSqlConfigs); HashMap<String, String> overrides = Maps.newHashMap(cloudSqlConfigs);
overrides.put(HIKARI_MAXIMUM_POOL_SIZE, String.valueOf(hikariMaximumPoolSize)); overrides.put(HIKARI_MAXIMUM_POOL_SIZE, String.valueOf(hikariMaximumPoolSize));
overrides.put(Environment.USER, username);
overrides.put(Environment.PASS, password);
// TODO(b/175700623): consider assigning different logins to pipelines // TODO(b/175700623): consider assigning different logins to pipelines
validateAndSetCredential( // TODO(b/179839014): Make SqlCredentialStore injectable in BEAM
credentialStore, new RobotUser(RobotId.NOMULUS), overrides, username, password); // Note: the logs below appear in the pipeline's Worker logs, not the Job log.
try {
SqlCredential credential = credentialStore.getCredential(new RobotUser(RobotId.NOMULUS));
if (!Objects.equals(username, credential.login())) {
logger.atWarning().log(
"Wrong username for nomulus. Expecting %s, found %s.", username, credential.login());
} else if (!Objects.equals(password, credential.password())) {
logger.atWarning().log("Wrong password for nomulus.");
} else {
logger.atWarning().log("Credentials in the kerying and the secret manager match.");
}
} catch (Exception e) {
logger.atWarning().withCause(e).log("Failed to get SQL credential from Secret Manager.");
}
return new JpaTransactionManagerImpl(create(overrides), clock); return new JpaTransactionManagerImpl(create(overrides), clock);
} }
@ -280,7 +296,7 @@ public abstract class PersistenceModule {
overrides.put(Environment.PASS, credential.password()); overrides.put(Environment.PASS, credential.password());
logger.atWarning().log("Credentials in the kerying and the secret manager match."); logger.atWarning().log("Credentials in the kerying and the secret manager match.");
} catch (Throwable e) { } catch (Throwable e) {
logger.atWarning().log(e.getMessage()); logger.atSevere().withCause(e).log("Failed to get SQL credential from Secret Manager");
} }
} }