Use local GoogleCredential in the nomulus tool

The scenarios in which the credential is used are: 1) Calls to Nomulus GAE HTTP endpoints. 2) Calls to Google APIs within the tool. 3) Calls to GAE APIs within the tool. From now on the tool should not depend on ADCs created from gcloud any more (expect for beam pipeline deployments which need some more investigation as the dependency on ADC is not apparent). Using the nomulus tool requires running "nomulus login" first, but only once. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=224165735
2025-08-02 07:52:11 +02:00 · 2018-12-05 09:20:26 -08:00 · 2018-12-05 09:20:26 -08:00 · fdda03eb53
commit fdda03eb53
parent 5f9aad90fc
12 changed files with 143 additions and 165 deletions
--- a/java/google/registry/config/RegistryConfig.java
+++ b/java/google/registry/config/RegistryConfig.java
@ -1237,14 +1237,6 @@ public final class RegistryConfig {
      return ImmutableList.copyOf(config.credentialOAuth.localCredentialOauthScopes);
    }

-    /** Provides the OAuth scopes required for access to App Engine Admin API. */
-    @Provides
-    @Config("appEngineAdminApiCredentialOauthScopes")
-    public static ImmutableList<String> provideAppEngineAdminApiCredentialOauthScopes(
-        RegistryConfigSettings config) {
-      return ImmutableList.copyOf(config.credentialOAuth.appEngineAdminApiCredentialOauthScopes);
-    }
-
    /**
     * Returns the help path for the RDAP terms of service.
     *
--- a/java/google/registry/config/RegistryConfigSettings.java
+++ b/java/google/registry/config/RegistryConfigSettings.java
@ -59,7 +59,6 @@ public class RegistryConfigSettings {
    public List<String> defaultCredentialOauthScopes;
    public List<String> delegatedCredentialOauthScopes;
    public List<String> localCredentialOauthScopes;
-    public List<String> appEngineAdminApiCredentialOauthScopes;
  }

  /** Configuration options for the G Suite account used by Nomulus. */
--- a/java/google/registry/config/files/default-config.yaml
+++ b/java/google/registry/config/files/default-config.yaml
@ -285,17 +285,15 @@ credentialOAuth:
    - https://www.googleapis.com/auth/apps.groups.settings
  # OAuth scopes required to create a credential locally in for the nomulus tool.
  localCredentialOauthScopes:
-    # Call App Engine APIs.
+    # View and manage data in all Google Cloud APIs.
+    - https://www.googleapis.com/auth/cloud-platform
+    # Call App Engine APIs locally.
    - https://www.googleapis.com/auth/appengine.apis
    # View your email address.
    - https://www.googleapis.com/auth/userinfo.email
-  # OAuth scopes required for accessing App Engine Admin API using the
-  # AppIdentityCredential.
-  appEngineAdminApiCredentialOauthScopes:
    # View and manage your applications deployed on Google App Engine
    - https://www.googleapis.com/auth/appengine.admin

-
 icannReporting:
  # URL we PUT monthly ICANN transactions reports to.
  icannTransactionsReportingUploadUrl: https://ry-api.icann.org/report/registrar-transactions
--- a/java/google/registry/config/files/nomulus-config-production-sample.yaml
+++ b/java/google/registry/config/files/nomulus-config-production-sample.yaml
@ -44,6 +44,7 @@ icannReporting:
 oAuth:
  allowedOauthClientIds:
    - placeholder.apps.googleusercontent.com
+    - placeholder-for-proxy

 rde:
  reportUrlPrefix: https://ry-api.icann.org/report/registry-escrow-report
@ -69,3 +70,7 @@ keyring:
  activeKeyring: KMS
  kms:
    projectId: placeholder
+
+registryTool:
+  clientId: placeholder.apps.googleusercontent.com
+  clientSecret: placeholder