diff --git a/java/google/registry/config/CredentialModule.java b/java/google/registry/config/CredentialModule.java index d299089bd..446280be3 100644 --- a/java/google/registry/config/CredentialModule.java +++ b/java/google/registry/config/CredentialModule.java @@ -55,7 +55,12 @@ public abstract class CredentialModule { return credential; } - /** Provides a {@link GoogleCredential} from the service account's JSON key file. */ + /** + * Provides a {@link GoogleCredential} from the service account's JSON key file. + * + *

On App Engine, a thread created using Java's built-in API needs this credential when it + * calls App Engine API. The Google Sheets API also needs this credential. + */ @JsonCredential @Provides @Singleton diff --git a/java/google/registry/config/files/default-config.yaml b/java/google/registry/config/files/default-config.yaml index 379ee0eaa..16065c961 100644 --- a/java/google/registry/config/files/default-config.yaml +++ b/java/google/registry/config/files/default-config.yaml @@ -188,7 +188,7 @@ credentialOAuth: defaultCredentialOauthScopes: # View and manage data in all Google Cloud APIs. - https://www.googleapis.com/auth/cloud-platform - # View and manage files in Google Drive. + # View and manage files in Google Drive, e.g., Docs and Sheets. - https://www.googleapis.com/auth/drive # OAuth scopes required for delegated admin access to G Suite domain. # Deployment of changes to this list must be coordinated with G Suite admin diff --git a/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java b/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java index f73d085c2..f43d9f822 100644 --- a/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java +++ b/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java @@ -14,11 +14,8 @@ package google.registry.dns.writer.clouddns; -import com.google.api.client.http.HttpRequestInitializer; -import com.google.api.client.http.HttpTransport; -import com.google.api.client.json.JsonFactory; +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.services.dns.Dns; -import com.google.api.services.dns.DnsScopes; import com.google.common.util.concurrent.RateLimiter; import dagger.Binds; import dagger.Module; @@ -26,11 +23,10 @@ import dagger.Provides; import dagger.multibindings.IntoMap; import dagger.multibindings.IntoSet; import dagger.multibindings.StringKey; +import google.registry.config.CredentialModule.DefaultCredential; import google.registry.config.RegistryConfig.Config; import google.registry.dns.writer.DnsWriter; import java.util.Optional; -import java.util.Set; -import java.util.function.Function; import javax.inject.Named; /** Dagger module for Google Cloud DNS service connection objects. */ @@ -39,14 +35,12 @@ public abstract class CloudDnsWriterModule { @Provides static Dns provideDns( - HttpTransport transport, - JsonFactory jsonFactory, - Function, ? extends HttpRequestInitializer> credential, + @DefaultCredential GoogleCredential credential, @Config("projectId") String projectId, @Config("cloudDnsRootUrl") Optional rootUrl, @Config("cloudDnsServicePath") Optional servicePath) { Dns.Builder builder = - new Dns.Builder(transport, jsonFactory, credential.apply(DnsScopes.all())) + new Dns.Builder(credential.getTransport(), credential.getJsonFactory(), credential) .setApplicationName(projectId); rootUrl.ifPresent(builder::setRootUrl); diff --git a/java/google/registry/export/sheet/SheetsServiceModule.java b/java/google/registry/export/sheet/SheetsServiceModule.java index e661752a4..2640614b6 100644 --- a/java/google/registry/export/sheet/SheetsServiceModule.java +++ b/java/google/registry/export/sheet/SheetsServiceModule.java @@ -15,27 +15,20 @@ package google.registry.export.sheet; import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; -import com.google.api.client.http.HttpTransport; -import com.google.api.client.json.JsonFactory; import com.google.api.services.sheets.v4.Sheets; -import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; +import google.registry.config.CredentialModule.JsonCredential; import google.registry.config.RegistryConfig.Config; /** Dagger module for {@link Sheets}. */ @Module public final class SheetsServiceModule { - private static final ImmutableList SCOPES = ImmutableList.of( - "https://www.googleapis.com/auth/spreadsheets"); @Provides static Sheets provideSheets( - HttpTransport transport, - JsonFactory jsonFactory, - @Config("projectId") String projectId, - GoogleCredential credential) { - return new Sheets.Builder(transport, jsonFactory, credential.createScoped(SCOPES)) + @JsonCredential GoogleCredential credential, @Config("projectId") String projectId) { + return new Sheets.Builder(credential.getTransport(), credential.getJsonFactory(), credential) .setApplicationName(projectId) .build(); } diff --git a/java/google/registry/reporting/BUILD b/java/google/registry/reporting/BUILD index e2bd95c53..edc2bdad8 100644 --- a/java/google/registry/reporting/BUILD +++ b/java/google/registry/reporting/BUILD @@ -11,6 +11,7 @@ java_library( "//java/google/registry/config", "//java/google/registry/request", "//java/google/registry/util", + "@com_google_api_client", "@com_google_api_client_appengine", "@com_google_apis_google_api_services_dataflow", "@com_google_appengine_api_1_0_sdk", diff --git a/java/google/registry/reporting/ReportingModule.java b/java/google/registry/reporting/ReportingModule.java index 6a8ca71eb..b02fd7028 100644 --- a/java/google/registry/reporting/ReportingModule.java +++ b/java/google/registry/reporting/ReportingModule.java @@ -17,20 +17,16 @@ package google.registry.reporting; import static google.registry.request.RequestParameters.extractOptionalParameter; import static google.registry.request.RequestParameters.extractRequiredParameter; -import com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential; -import com.google.api.client.http.HttpTransport; -import com.google.api.client.json.JsonFactory; +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.services.dataflow.Dataflow; -import com.google.common.collect.ImmutableSet; import dagger.Module; import dagger.Provides; +import google.registry.config.CredentialModule.DefaultCredential; import google.registry.config.RegistryConfig.Config; import google.registry.request.HttpException.BadRequestException; import google.registry.request.Parameter; import google.registry.util.Clock; import java.util.Optional; -import java.util.Set; -import java.util.function.Function; import javax.servlet.http.HttpServletRequest; import org.joda.time.YearMonth; import org.joda.time.format.DateTimeFormat; @@ -40,9 +36,6 @@ import org.joda.time.format.DateTimeFormatter; @Module public class ReportingModule { - private static final String CLOUD_PLATFORM_SCOPE = - "https://www.googleapis.com/auth/cloud-platform"; - public static final String BEAM_QUEUE = "beam-reporting"; /** * The request parameter name used by reporting actions that takes a year/month parameter, which @@ -88,15 +81,9 @@ public class ReportingModule { /** Constructs a {@link Dataflow} API client with default settings. */ @Provides static Dataflow provideDataflow( - @Config("projectId") String projectId, - HttpTransport transport, - JsonFactory jsonFactory, - Function, AppIdentityCredential> appIdentityCredentialFunc) { + @DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) { - return new Dataflow.Builder( - transport, - jsonFactory, - appIdentityCredentialFunc.apply(ImmutableSet.of(CLOUD_PLATFORM_SCOPE))) + return new Dataflow.Builder(credential.getTransport(), credential.getJsonFactory(), credential) .setApplicationName(String.format("%s billing", projectId)) .build(); }