Package google.registry.config

Class CredentialModule

java.lang.Object
google.registry.config.CredentialModule
@Module public abstract class CredentialModule extends Object
Dagger module that provides all GoogleCredentials used in the application.

  • Constructor Details

    • CredentialModule

      public CredentialModule()

  • Method Details

    • provideApplicationDefaultCredential

      @ApplicationDefaultCredential @Provides @Singleton public static GoogleCredentialsBundle provideApplicationDefaultCredential()
      Provides a GoogleCredentialsBundle backed by the application default credential from the Google Cloud Runtime. This credential may be used to access GCP APIs that are NOT part of the Google Workspace.

      The credential returned by the Cloud Runtime depends on the runtime environment:

      • On App Engine, returns a scope-less ComputeEngineCredentials for PROJECT_ID@appspot.gserviceaccount.com
      • On Compute Engine, returns a scope-less ComputeEngineCredentials for PROJECT_NUMBER-compute@developer.gserviceaccount.com
      • On end user host, this returns the credential downloaded by gcloud. Please refer to Cloud SDK documentation for details.

    • provideGSuiteDriveCredential

      @GoogleWorkspaceCredential @Provides @Singleton public static GoogleCredentialsBundle provideGSuiteDriveCredential(@ApplicationDefaultCredential GoogleCredentialsBundle applicationDefaultCredential, @Config("defaultCredentialOauthScopes") com.google.common.collect.ImmutableList<String> requiredScopes)
      Provides a GoogleCredentialsBundle for accessing Google Workspace APIs, such as Drive and Sheets.

    • provideSelfSignedAdminDelegatedCredential

      @AdcDelegatedCredential @Provides @Singleton public static GoogleCredentialsBundle provideSelfSignedAdminDelegatedCredential(@Config("defaultCredentialOauthScopes") com.google.common.collect.ImmutableList<String> defaultScopes, @Config("delegatedCredentialOauthScopes") com.google.common.collect.ImmutableList<String> delegationScopes, @ApplicationDefaultCredential GoogleCredentialsBundle credentialsBundle, @Config("gSuiteAdminAccountEmailAddress") String gSuiteAdminAccountEmailAddress, @Config("tokenRefreshDelay") Duration tokenRefreshDelay, Clock clock)
      Provides a GoogleCredentialsBundle with delegated access to Google Workspace APIs for the application default credential user.

      The Workspace domain must grant delegated admin access to the default service account user (project-id@appspot.gserviceaccount.com on AppEngine) with all scopes in defaultScopes and delegationScopes.

    • provideSelfSignedGmailDelegatedCredential

      @GmailDelegatedCredential @Provides @Singleton public static GoogleCredentialsBundle provideSelfSignedGmailDelegatedCredential(@Config("defaultCredentialOauthScopes") com.google.common.collect.ImmutableList<String> defaultScopes, @Config("delegatedCredentialOauthScopes") com.google.common.collect.ImmutableList<String> delegationScopes, @ApplicationDefaultCredential GoogleCredentialsBundle credentialsBundle, @Config("gSuiteNewOutgoingEmailAddress") String gSuiteOutgoingEmailAddress, @Config("tokenRefreshDelay") Duration tokenRefreshDelay, Clock clock)
      Provides a GoogleCredentialsBundle for sending emails through Google Workspace.

      The Workspace domain must grant delegated admin access to the default service account user (project-id@appspot.gserviceaccount.com on AppEngine) with all scopes in defaultScopes and delegationScopes. In addition, the user gSuiteOutgoingEmailAddress must have the permission to send emails.

    • createSelfSignedDelegatedCredential

      public static GoogleCredentialsBundle createSelfSignedDelegatedCredential(com.google.common.collect.ImmutableList<String> defaultScopes, com.google.common.collect.ImmutableList<String> delegationScopes, GoogleCredentialsBundle credentialsBundle, String gSuiteUserEmailAddress, Duration tokenRefreshDelay, Clock clock)