Skip to content
Permalink
Browse files

Replace deprecated GoogleCredential with new auth lib (#129)

Replace deprecated GoogleCredential with new lib

This PR also introduced a CredentialsBundle class to carry
HttpTransport and JsonFactory object which are needed by
most of the GCP library to instantiate client.
  • Loading branch information...
hstonec committed Jul 2, 2019
1 parent 7ce3714 commit 6daf72a54e0e427563ee03e592d5da9a51053fa3
Showing with 822 additions and 684 deletions.
  1. +5 −5 core/src/main/java/google/registry/beam/invoicing/InvoicingPipeline.java
  2. +12 −8 core/src/main/java/google/registry/bigquery/BigqueryModule.java
  3. +24 −36 core/src/main/java/google/registry/config/CredentialModule.java
  4. +6 −3 core/src/main/java/google/registry/dns/writer/clouddns/CloudDnsWriterModule.java
  5. +8 −3 core/src/main/java/google/registry/export/DriveModule.java
  6. +5 −3 core/src/main/java/google/registry/export/datastore/DatastoreAdminModule.java
  7. +7 −3 core/src/main/java/google/registry/export/sheet/SheetsServiceModule.java
  8. +7 −3 core/src/main/java/google/registry/groups/DirectoryModule.java
  9. +6 −3 core/src/main/java/google/registry/groups/GroupssettingsModule.java
  10. +11 −8 core/src/main/java/google/registry/keyring/kms/KmsModule.java
  11. +6 −3 core/src/main/java/google/registry/monitoring/whitebox/StackdriverModule.java
  12. +7 −3 core/src/main/java/google/registry/reporting/ReportingModule.java
  13. +6 −4 core/src/main/java/google/registry/tools/AppEngineAdminApiModule.java
  14. +18 −42 core/src/main/java/google/registry/tools/AuthModule.java
  15. +6 −5 core/src/main/java/google/registry/tools/RequestFactoryModule.java
  16. +36 −44 core/src/test/java/google/registry/export/datastore/DatastoreAdminTest.java
  17. +17 −9 core/src/test/java/google/registry/tools/RequestFactoryModuleTest.java
  18. +438 −438 package-lock.json
  19. +2 −0 proxy/build.gradle
  20. +12 −10 proxy/gradle/dependency-locks/compile.lockfile
  21. +12 −10 proxy/gradle/dependency-locks/compileClasspath.lockfile
  22. +12 −10 proxy/gradle/dependency-locks/runtimeClasspath.lockfile
  23. +6 −4 proxy/src/main/java/google/registry/proxy/MetricsModule.java
  24. +35 −24 proxy/src/main/java/google/registry/proxy/ProxyModule.java
  25. +3 −0 util/build.gradle
  26. +15 −1 util/gradle/dependency-locks/compile.lockfile
  27. +15 −1 util/gradle/dependency-locks/compileClasspath.lockfile
  28. +15 −1 util/gradle/dependency-locks/runtimeClasspath.lockfile
  29. +70 −0 util/src/main/java/google/registry/util/GoogleCredentialsBundle.java
@@ -14,13 +14,13 @@

package google.registry.beam.invoicing;

import com.google.auth.oauth2.GoogleCredentials;
import google.registry.beam.invoicing.BillingEvent.InvoiceGroupingKey;
import google.registry.beam.invoicing.BillingEvent.InvoiceGroupingKey.InvoiceGroupingKeyCoder;
import google.registry.config.CredentialModule.LocalCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.reporting.billing.BillingModule;
import google.registry.reporting.billing.GenerateInvoicesAction;
import google.registry.tools.AuthModule.LocalOAuth2Credentials;
import google.registry.util.GoogleCredentialsBundle;
import java.io.Serializable;
import javax.inject.Inject;
import org.apache.beam.runners.dataflow.DataflowRunner;
@@ -81,8 +81,8 @@
@Config("invoiceFilePrefix")
String invoiceFilePrefix;

@Inject @LocalOAuth2Credentials
GoogleCredentials credentials;
@Inject @LocalCredential
GoogleCredentialsBundle credentialsBundle;

@Inject
InvoicingPipeline() {}
@@ -105,7 +105,7 @@
public void deploy() {
// We can't store options as a member variable due to serialization concerns.
InvoicingPipelineOptions options = PipelineOptionsFactory.as(InvoicingPipelineOptions.class);
options.setGcpCredential(credentials);
options.setGcpCredential(credentialsBundle.getGoogleCredentials());
options.setProject(projectId);
options.setRunner(DataflowRunner.class);
// This causes p.run() to stage the pipeline as a template on GCS, as opposed to running it.
@@ -14,7 +14,6 @@

package google.registry.bigquery;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.bigquery.Bigquery;
import com.google.api.services.bigquery.model.TableFieldSchema;
import com.google.common.collect.ImmutableList;
@@ -23,24 +22,29 @@
import dagger.multibindings.Multibinds;
import google.registry.config.CredentialModule.DefaultCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.util.GoogleCredentialsBundle;
import java.util.Map;

/** Dagger module for Google {@link Bigquery} connection objects. */
@Module
public abstract class BigqueryModule {

/** Provides a map of BigQuery table names to field names. */
@Multibinds
abstract Map<String, ImmutableList<TableFieldSchema>> bigquerySchemas();
// No subclasses.
private BigqueryModule() {}

@Provides
static Bigquery provideBigquery(
@DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) {
return new Bigquery.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
@Config("projectId") String projectId) {
return new Bigquery.Builder(
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId)
.build();
}

// No subclasses.
private BigqueryModule() {}
/** Provides a map of BigQuery table names to field names. */
@Multibinds
abstract Map<String, ImmutableList<TableFieldSchema>> bigquerySchemas();
}
@@ -16,32 +16,28 @@

import static java.nio.charset.StandardCharsets.UTF_8;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.collect.ImmutableList;
import dagger.Module;
import dagger.Provides;
import google.registry.config.RegistryConfig.Config;
import google.registry.keyring.api.KeyModule.Key;
import google.registry.util.GoogleCredentialsBundle;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.GeneralSecurityException;
import javax.inject.Qualifier;
import javax.inject.Singleton;

/**
* Dagger module that provides all {@link GoogleCredential GoogleCredentials} used in the
* application.
*/
/** Dagger module that provides all {@link GoogleCredentials} used in the application. */
@Module
public abstract class CredentialModule {

/**
* Provides the default {@link GoogleCredential} from the Google Cloud runtime.
* Provides the default {@link GoogleCredentialsBundle} from the Google Cloud runtime.
*
* <p>The credential returned depends on the runtime environment:
*
@@ -58,70 +54,62 @@
@DefaultCredential
@Provides
@Singleton
public static GoogleCredential provideDefaultCredential(
public static GoogleCredentialsBundle provideDefaultCredential(
@Config("defaultCredentialOauthScopes") ImmutableList<String> requiredScopes) {
GoogleCredential credential;
GoogleCredentials credential;
try {
credential = GoogleCredential.getApplicationDefault();
credential = GoogleCredentials.getApplicationDefault();
} catch (IOException e) {
throw new RuntimeException(e);
}
if (credential.createScopedRequired()) {
return credential.createScoped(requiredScopes);
credential = credential.createScoped(requiredScopes);
}
return credential;
return GoogleCredentialsBundle.create(credential);
}

/**
* Provides a {@link GoogleCredential} from the service account's JSON key file.
* Provides a {@link GoogleCredentialsBundle} from the service account's JSON key file.
*
* <p>On App Engine, a thread created using Java's built-in API needs this credential when it
* calls App Engine API. The Google Sheets API also needs this credential.
*/
@JsonCredential
@Provides
@Singleton
public static GoogleCredential provideJsonCredential(
public static GoogleCredentialsBundle provideJsonCredential(
@Config("defaultCredentialOauthScopes") ImmutableList<String> requiredScopes,
@Key("jsonCredential") String jsonCredential) {
GoogleCredential credential;
GoogleCredentials credential;
try {
credential =
GoogleCredential.fromStream(
new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)),
// We cannot use UrlFetchTransport as that uses App Engine API.
GoogleNetHttpTransport.newTrustedTransport(),
Utils.getDefaultJsonFactory());
} catch (IOException | GeneralSecurityException e) {
throw new RuntimeException(e);
GoogleCredentials.fromStream(new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)));
} catch (IOException e) {
throw new UncheckedIOException(e);
}
if (credential.createScopedRequired()) {
credential = credential.createScoped(requiredScopes);
}
return credential;
return GoogleCredentialsBundle.create(credential);
}

/**
* Provides a {@link GoogleCredential} with delegated admin access for a G Suite domain.
* Provides a {@link GoogleCredentialsBundle} with delegated admin access for a G Suite domain.
*
* <p>The G Suite domain must grant delegated admin access to the registry service account with
* all scopes in {@code requiredScopes}, including ones not related to G Suite.
*/
@DelegatedCredential
@Provides
@Singleton
public static GoogleCredential provideDelegatedCredential(
public static GoogleCredentialsBundle provideDelegatedCredential(
@Config("delegatedCredentialOauthScopes") ImmutableList<String> requiredScopes,
@JsonCredential GoogleCredential googleCredential,
@JsonCredential GoogleCredentialsBundle credentialsBundle,
@Config("gSuiteAdminAccountEmailAddress") String gSuiteAdminAccountEmailAddress) {
return new GoogleCredential.Builder()
.setTransport(Utils.getDefaultTransport())
.setJsonFactory(Utils.getDefaultJsonFactory())
.setServiceAccountId(googleCredential.getServiceAccountId())
.setServiceAccountPrivateKey(googleCredential.getServiceAccountPrivateKey())
.setServiceAccountScopes(requiredScopes)
.setServiceAccountUser(gSuiteAdminAccountEmailAddress)
.build();
return GoogleCredentialsBundle.create(credentialsBundle
.getGoogleCredentials()
.createDelegated(gSuiteAdminAccountEmailAddress)
.createScoped(requiredScopes));
}

/** Dagger qualifier for the Application Default Credential. */
@@ -14,7 +14,6 @@

package google.registry.dns.writer.clouddns;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.dns.Dns;
import com.google.common.util.concurrent.RateLimiter;
import dagger.Binds;
@@ -26,6 +25,7 @@
import google.registry.config.CredentialModule.DefaultCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.dns.writer.DnsWriter;
import google.registry.util.GoogleCredentialsBundle;
import java.util.Optional;
import javax.inject.Named;

@@ -35,12 +35,15 @@

@Provides
static Dns provideDns(
@DefaultCredential GoogleCredential credential,
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
@Config("projectId") String projectId,
@Config("cloudDnsRootUrl") Optional<String> rootUrl,
@Config("cloudDnsServicePath") Optional<String> servicePath) {
Dns.Builder builder =
new Dns.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
new Dns.Builder(
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId);

rootUrl.ifPresent(builder::setRootUrl);
@@ -14,7 +14,6 @@

package google.registry.export;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.drive.Drive;
import dagger.Component;
import dagger.Module;
@@ -24,6 +23,7 @@
import google.registry.config.RegistryConfig.Config;
import google.registry.config.RegistryConfig.ConfigModule;
import google.registry.storage.drive.DriveConnection;
import google.registry.util.GoogleCredentialsBundle;
import javax.inject.Singleton;

/** Dagger module for Google {@link Drive} service connection objects. */
@@ -32,8 +32,13 @@

@Provides
static Drive provideDrive(
@DefaultCredential GoogleCredential credential, @Config("projectId") String projectId) {
return new Drive.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
@DefaultCredential GoogleCredentialsBundle credentialsBundle,
@Config("projectId") String projectId) {

return new Drive.Builder(
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId)
.build();
}
@@ -14,11 +14,11 @@

package google.registry.export.datastore;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule;
import google.registry.config.RegistryConfig;
import google.registry.util.GoogleCredentialsBundle;
import javax.inject.Singleton;

/** Dagger module that configures provision of {@link DatastoreAdmin}. */
@@ -28,10 +28,12 @@
@Singleton
@Provides
static DatastoreAdmin provideDatastoreAdmin(
@CredentialModule.DefaultCredential GoogleCredential credential,
@CredentialModule.DefaultCredential GoogleCredentialsBundle credentialsBundle,
@RegistryConfig.Config("projectId") String projectId) {
return new DatastoreAdmin.Builder(
credential.getTransport(), credential.getJsonFactory(), credential)
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId)
.setProjectId(projectId)
.build();
@@ -14,21 +14,25 @@

package google.registry.export.sheet;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.sheets.v4.Sheets;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule.JsonCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.util.GoogleCredentialsBundle;

/** Dagger module for {@link Sheets}. */
@Module
public final class SheetsServiceModule {

@Provides
static Sheets provideSheets(
@JsonCredential GoogleCredential credential, @Config("projectId") String projectId) {
return new Sheets.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
@JsonCredential GoogleCredentialsBundle credentialsBundle,
@Config("projectId") String projectId) {
return new Sheets.Builder(
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId)
.build();
}
@@ -14,21 +14,25 @@

package google.registry.groups;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.admin.directory.Directory;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule.DelegatedCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.util.GoogleCredentialsBundle;

/** Dagger module for the Google {@link Directory} service. */
@Module
public final class DirectoryModule {

@Provides
static Directory provideDirectory(
@DelegatedCredential GoogleCredential credential, @Config("projectId") String projectId) {
return new Directory.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
@DelegatedCredential GoogleCredentialsBundle credentialsBundle,
@Config("projectId") String projectId) {
return new Directory.Builder(
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId)
.build();
}
@@ -14,22 +14,25 @@

package google.registry.groups;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.groupssettings.Groupssettings;
import dagger.Module;
import dagger.Provides;
import google.registry.config.CredentialModule.DelegatedCredential;
import google.registry.config.RegistryConfig.Config;
import google.registry.util.GoogleCredentialsBundle;

/** Dagger module for the Google {@link Groupssettings} service. */
@Module
public final class GroupssettingsModule {

@Provides
static Groupssettings provideDirectory(
@DelegatedCredential GoogleCredential credential, @Config("projectId") String projectId) {
@DelegatedCredential GoogleCredentialsBundle credentialsBundle,
@Config("projectId") String projectId) {
return new Groupssettings.Builder(
credential.getTransport(), credential.getJsonFactory(), credential)
credentialsBundle.getHttpTransport(),
credentialsBundle.getJsonFactory(),
credentialsBundle.getHttpRequestInitializer())
.setApplicationName(projectId)
.build();
}

0 comments on commit 6daf72a

Please sign in to comment.
You can’t perform that action at this time.