diff --git a/api/build.gradle b/api/build.gradle index 4c975e45449..a5cd6560637 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -6,6 +6,7 @@ buildscript { // External properties on the default project. Values declared in ext blocks // outside of the buildscript block aren't usable here. ext { + GAE_VERSION = '2.0.9' GOOGLE_TRUTH_VERSION = '1.1.3' GSON_VERSION = '2.9.0' HIBERNATE_VERSION = '5.6.15.Final' @@ -425,15 +426,15 @@ dependencies { // TODO: consider switching google deps to the BOM. https://cloud.google.com/java/docs/bom - implementation 'com.google.api-client:google-api-client-appengine:1.35.2' + implementation "com.google.appengine:appengine-api-1.0-sdk:$project.ext.GAE_VERSION" implementation 'com.google.apis:google-api-services-admin-directory:directory_v1-rev20220919-2.0.0' implementation 'com.google.apis:google-api-services-cloudbilling:v1-rev20220908-2.0.0' implementation 'com.google.apis:google-api-services-cloudresourcemanager:v3-rev20220925-2.0.0' implementation 'com.google.apis:google-api-services-oauth2:v2-rev20200213-2.0.0' implementation 'com.google.apis:google-api-services-iam:v1-rev20220825-2.0.0' implementation 'com.google.api-client:google-api-client-appengine:2.2.0' - implementation 'com.google.auth:google-auth-library-appengine:1.11.0' - implementation 'com.google.auth:google-auth-library-oauth2-http:1.11.0' + implementation 'com.google.auth:google-auth-library-appengine:1.23.0' + implementation 'com.google.auth:google-auth-library-oauth2-http:1.23.0' implementation 'com.google.cloud.sql:mysql-socket-factory:1.7.0' implementation 'com.google.cloud:google-cloud-bigquery:2.25.0' implementation 'com.google.cloud:google-cloud-iamcredentials:2.3.6' diff --git a/api/src/main/java/org/pmiops/workbench/auth/ServiceAccounts.java b/api/src/main/java/org/pmiops/workbench/auth/ServiceAccounts.java index fc7ce6a9ff1..fe509d67eb8 100644 --- a/api/src/main/java/org/pmiops/workbench/auth/ServiceAccounts.java +++ b/api/src/main/java/org/pmiops/workbench/auth/ServiceAccounts.java @@ -1,5 +1,9 @@ package org.pmiops.workbench.auth; +import static org.pmiops.workbench.utils.AppEngineUtils.IS_GAE; + +import com.google.appengine.api.appidentity.AppIdentityServiceFactory; +import com.google.auth.appengine.AppEngineCredentials; import com.google.auth.oauth2.GoogleCredentials; import java.io.IOException; import java.util.List; @@ -34,7 +38,16 @@ public class ServiceAccounts { */ public static GoogleCredentials getScopedServiceCredentials(List scopes) throws IOException { - GoogleCredentials credentials = GoogleCredentials.getApplicationDefault().createScoped(scopes); + GoogleCredentials credentials; + if (IS_GAE) { + credentials = + AppEngineCredentials.newBuilder() + .setScopes(scopes) + .setAppIdentityService(AppIdentityServiceFactory.getAppIdentityService()) + .build(); + } else { + credentials = GoogleCredentials.getApplicationDefault().createScoped(scopes); + } credentials.refreshIfExpired(); return credentials; } diff --git a/api/src/main/java/org/pmiops/workbench/utils/AppEngineUtils.java b/api/src/main/java/org/pmiops/workbench/utils/AppEngineUtils.java new file mode 100644 index 00000000000..c63967f17e5 --- /dev/null +++ b/api/src/main/java/org/pmiops/workbench/utils/AppEngineUtils.java @@ -0,0 +1,7 @@ +package org.pmiops.workbench.utils; + +public class AppEngineUtils { + public static boolean IS_GAE = + System.getProperty("com.google.appengine.runtime.version") != null + && !System.getProperty("com.google.appengine.runtime.version").startsWith("dev"); +} diff --git a/api/src/main/webapp/WEB-INF/appengine-web.xml.template b/api/src/main/webapp/WEB-INF/appengine-web.xml.template index aca45fe77fd..0306470e981 100644 --- a/api/src/main/webapp/WEB-INF/appengine-web.xml.template +++ b/api/src/main/webapp/WEB-INF/appengine-web.xml.template @@ -13,6 +13,7 @@ + true