Use new default credentials in a few more modules

Updated Reporting (Beam pipeline), Registrar sync to sheets, and Cloud Dns. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=212811185
2025-05-13 07:57:13 +02:00 · 2018-09-13 07:43:05 -07:00 · 2018-09-13 07:43:05 -07:00 · e19a431fab
commit e19a431fab
parent b588c57526
6 changed files with 19 additions and 39 deletions
--- a/java/google/registry/config/CredentialModule.java
+++ b/java/google/registry/config/CredentialModule.java
@ -55,7 +55,12 @@ public abstract class CredentialModule {
    return credential;
  }

-  /** Provides a {@link GoogleCredential} from the service account's JSON key file. */
+  /**
+   * Provides a {@link GoogleCredential} from the service account's JSON key file.
+   *
+   * <p>On App Engine, a thread created using Java's built-in API needs this credential when it
+   * calls App Engine API. The Google Sheets API also needs this credential.
+   */
  @JsonCredential
  @Provides
  @Singleton
--- a/java/google/registry/config/files/default-config.yaml
+++ b/java/google/registry/config/files/default-config.yaml
@ -188,7 +188,7 @@ credentialOAuth:
  defaultCredentialOauthScopes:
    # View and manage data in all Google Cloud APIs.
    - https://www.googleapis.com/auth/cloud-platform
-    # View and manage files in Google Drive.
+    # View and manage files in Google Drive, e.g., Docs and Sheets.
    - https://www.googleapis.com/auth/drive
  # OAuth scopes required for delegated admin access to G Suite domain.
  # Deployment of changes to this list must be coordinated with G Suite admin
--- a/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java
+++ b/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java
@ -14,11 +14,8 @@

 package google.registry.dns.writer.clouddns;

-import com.google.api.client.http.HttpRequestInitializer;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.json.JsonFactory;
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.services.dns.Dns;
-import com.google.api.services.dns.DnsScopes;
 import com.google.common.util.concurrent.RateLimiter;
 import dagger.Binds;
 import dagger.Module;
@ -26,11 +23,10 @@ import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import dagger.multibindings.IntoSet;
 import dagger.multibindings.StringKey;
+import google.registry.config.CredentialModule.DefaultCredential;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.dns.writer.DnsWriter;
 import java.util.Optional;
-import java.util.Set;
-import java.util.function.Function;
 import javax.inject.Named;

 /** Dagger module for Google Cloud DNS service connection objects. */
@ -39,14 +35,12 @@ public abstract class CloudDnsWriterModule {

  @Provides
  static Dns provideDns(
-      HttpTransport transport,
-      JsonFactory jsonFactory,
-      Function<Set<String>, ? extends HttpRequestInitializer> credential,
+      @DefaultCredential GoogleCredential credential,
      @Config("projectId") String projectId,
      @Config("cloudDnsRootUrl") Optional<String> rootUrl,
      @Config("cloudDnsServicePath") Optional<String> servicePath) {
    Dns.Builder builder =
-        new Dns.Builder(transport, jsonFactory, credential.apply(DnsScopes.all()))
+        new Dns.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
            .setApplicationName(projectId);

    rootUrl.ifPresent(builder::setRootUrl);
--- a/java/google/registry/export/sheet/SheetsServiceModule.java
+++ b/java/google/registry/export/sheet/SheetsServiceModule.java
@ -15,27 +15,20 @@
 package google.registry.export.sheet;

 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.json.JsonFactory;
 import com.google.api.services.sheets.v4.Sheets;
-import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
+import google.registry.config.CredentialModule.JsonCredential;
 import google.registry.config.RegistryConfig.Config;

 /** Dagger module for {@link Sheets}. */
@Module
 public final class SheetsServiceModule {

-  private static final ImmutableList<String> SCOPES = ImmutableList.of(
-      "https://www.googleapis.com/auth/spreadsheets");
  @Provides
  static Sheets provideSheets(
-      HttpTransport transport,
-      JsonFactory jsonFactory,
-      @Config("projectId") String projectId,
-      GoogleCredential credential) {
-    return new Sheets.Builder(transport, jsonFactory, credential.createScoped(SCOPES))
+      @JsonCredential GoogleCredential credential, @Config("projectId") String projectId) {
+    return new Sheets.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
        .setApplicationName(projectId)
        .build();
  }
--- a/java/google/registry/reporting/BUILD
+++ b/java/google/registry/reporting/BUILD
@ -11,6 +11,7 @@ java_library(
        "//java/google/registry/config",
        "//java/google/registry/request",
        "//java/google/registry/util",
+        "@com_google_api_client",
        "@com_google_api_client_appengine",
        "@com_google_apis_google_api_services_dataflow",
        "@com_google_appengine_api_1_0_sdk",
--- a/java/google/registry/reporting/ReportingModule.java
+++ b/java/google/registry/reporting/ReportingModule.java
@ -17,20 +17,16 @@ package google.registry.reporting;
 import static google.registry.request.RequestParameters.extractOptionalParameter;
 import static google.registry.request.RequestParameters.extractRequiredParameter;

-import com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.json.JsonFactory;
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.services.dataflow.Dataflow;
-import com.google.common.collect.ImmutableSet;
 import dagger.Module;
 import dagger.Provides;
+import google.registry.config.CredentialModule.DefaultCredential;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.Parameter;
 import google.registry.util.Clock;
 import java.util.Optional;
-import java.util.Set;
-import java.util.function.Function;
 import javax.servlet.http.HttpServletRequest;
 import org.joda.time.YearMonth;
 import org.joda.time.format.DateTimeFormat;
@ -40,9 +36,6 @@ import org.joda.time.format.DateTimeFormatter;
@Module
 public class ReportingModule {

-  private static final String CLOUD_PLATFORM_SCOPE =
-      "https://www.googleapis.com/auth/cloud-platform";
-
  public static final String BEAM_QUEUE = "beam-reporting";
  /**
   * The request parameter name used by reporting actions that takes a year/month parameter, which
@ -88,15 +81,9 @@ public class ReportingModule {
  /** Constructs a {@link Dataflow} API client with default settings. */
  @Provides
  static Dataflow provideDataflow(
-      @Config("projectId") String projectId,
-      HttpTransport transport,
-      JsonFactory jsonFactory,
-      Function<Set<String>, AppIdentityCredential> appIdentityCredentialFunc) {
+      @DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) {

-    return new Dataflow.Builder(
-        transport,
-        jsonFactory,
-        appIdentityCredentialFunc.apply(ImmutableSet.of(CLOUD_PLATFORM_SCOPE)))
+    return new Dataflow.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
        .setApplicationName(String.format("%s billing", projectId))
        .build();
  }