Commit b8f2b39a authored by Riabokon Stanislav(EPAM)[GCP]'s avatar Riabokon Stanislav(EPAM)[GCP]
Browse files

Merge branch 'gcp-iam-migration' into 'master'

Gcp iam migration(GONRG-2518)

See merge request !135
parents a8a9b20e d7663cb4
Pipeline #48796 failed with stages
in 39 minutes and 11 seconds
This diff is collapsed.
......@@ -57,6 +57,11 @@
<version>0.10.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-core</artifactId>
<version>1.38.1</version>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-datastore</artifactId>
......@@ -65,7 +70,7 @@
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-logging</artifactId>
<version>1.72.0</version>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
......
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.search.provider.gcp.provider.persistence;
import java.util.Date;
import org.apache.commons.lang3.time.DateUtils;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.Iam.Projects.ServiceAccounts.SignJwt;
import com.google.api.services.iam.v1.model.SignJwtRequest;
import com.google.api.services.iam.v1.model.SignJwtResponse;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.gson.JsonObject;
import org.opengroup.osdu.core.common.util.Crc32c;
import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import org.opengroup.osdu.search.provider.gcp.cache.DatastoreCredentialCache;
public class DatastoreCredential extends GoogleCredentials {
private static final long serialVersionUID = 8344377091688956815L;
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
private Iam iam;
private final TenantInfo tenant;
private final DatastoreCredentialCache cache;
protected DatastoreCredential(TenantInfo tenant, DatastoreCredentialCache cache) {
this.tenant = tenant;
this.cache = cache;
}
@Override
public AccessToken refreshAccessToken() {
String cacheKey = this.getCacheKey();
AccessToken accessToken = this.cache.get(cacheKey);
if (accessToken != null) {
return accessToken;
}
try {
SignJwtRequest signJwtRequest = new SignJwtRequest();
signJwtRequest.setPayload(this.getPayload());
String serviceAccountName = String.format("projects/-/serviceAccounts/%s", this.tenant.getServiceAccount());
SignJwt signJwt = this.getIam().projects().serviceAccounts().signJwt(serviceAccountName, signJwtRequest);
SignJwtResponse signJwtResponse = signJwt.execute();
String signedJwt = signJwtResponse.getSignedJwt();
accessToken = new AccessToken(signedJwt, DateUtils.addSeconds(new Date(), 3600));
this.cache.put(cacheKey, accessToken);
return accessToken;
} catch (Exception e) {
throw new RuntimeException("Error creating datastore credential", e);
}
}
private String getPayload() {
JsonObject payload = new JsonObject();
payload.addProperty("iss", this.tenant.getServiceAccount());
payload.addProperty("sub", this.tenant.getServiceAccount());
payload.addProperty("aud", "https://datastore.googleapis.com/google.datastore.v1.Datastore");
payload.addProperty("iat", System.currentTimeMillis() / 1000);
return payload.toString();
}
protected void setIam(Iam iam) {
this.iam = iam;
}
private Iam getIam() throws Exception {
if (this.iam == null) {
Iam.Builder builder = new Iam.Builder(GoogleNetHttpTransport.newTrustedTransport(), JSON_FACTORY,
GoogleCredential.getApplicationDefault()).setApplicationName("Search Service");
this.iam = builder.build();
}
return this.iam;
}
private String getCacheKey() {
return Crc32c.hashToBase64EncodedString(String.format("datastoreCredential:%s", this.tenant.getName()));
}
}
\ No newline at end of file
......@@ -23,6 +23,7 @@ import java.util.HashMap;
import java.util.Map;
import javax.inject.Inject;
import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import org.opengroup.osdu.core.gcp.multitenancy.credentials.DatastoreCredential;
import org.opengroup.osdu.search.provider.gcp.cache.DatastoreCredentialCache;
import org.springframework.stereotype.Component;
import org.threeten.bp.Duration;
......@@ -53,7 +54,7 @@ public class DatastoreFactory {
public Datastore getDatastoreInstance(TenantInfo tenantInfo) {
if (datastoreClients.get(tenantInfo.getName()) == null) {
Datastore googleDatastore = DatastoreOptions.newBuilder()
.setCredentials(new DatastoreCredential(tenantInfo, this.cache))
.setCredentials(new DatastoreCredential(tenantInfo))
.setRetrySettings(RETRY_SETTINGS)
.setTransportOptions(TRANSPORT_OPTIONS)
.setNamespace(tenantInfo.getName())
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment