mirror of
https://github.com/google/nomulus
synced 2026-01-03 11:45:39 +00:00
Make GKE the default in alpha and qa (#2624)
This commit is contained in:
Lai Jiang
GitHub
@@ -15,6 +15,7 @@
|
||||
package google.registry.request.auth;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static com.google.common.base.Suppliers.memoizeWithExpiration;
|
||||
import static com.google.common.net.HttpHeaders.AUTHORIZATION;
|
||||
import static google.registry.util.RegistryEnvironment.UNITTEST;
|
||||
|
||||
@@ -37,8 +38,11 @@ import google.registry.request.auth.OidcTokenAuthenticationMechanism.TokenVerifi
|
||||
import google.registry.util.GoogleCredentialsBundle;
|
||||
import google.registry.util.RegistryEnvironment;
|
||||
import java.io.IOException;
|
||||
import java.time.Duration;
|
||||
import java.util.function.Supplier;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.inject.Named;
|
||||
import javax.inject.Provider;
|
||||
import javax.inject.Qualifier;
|
||||
import javax.inject.Singleton;
|
||||
|
||||
@@ -87,13 +91,13 @@ public class AuthModule {
|
||||
TokenVerifier provideIapTokenVerifier(
|
||||
@Config("projectId") String projectId,
|
||||
@Config("projectIdNumber") long projectIdNumber,
|
||||
@Named("backendServiceIdMap") ImmutableMap<String, Long> backendServiceIdMap) {
|
||||
@Named("backendServiceIdMap") Supplier<ImmutableMap<String, Long>> backendServiceIdMap) {
|
||||
com.google.auth.oauth2.TokenVerifier.Builder tokenVerifierBuilder =
|
||||
com.google.auth.oauth2.TokenVerifier.newBuilder().setIssuer(IAP_ISSUER_URL);
|
||||
return (String service, String token) -> {
|
||||
String audience;
|
||||
if (RegistryEnvironment.isOnJetty()) {
|
||||
Long backendServiceId = backendServiceIdMap.get(service);
|
||||
Long backendServiceId = backendServiceIdMap.get().get(service);
|
||||
checkNotNull(
|
||||
backendServiceId,
|
||||
"Backend service ID not found for service: %s, available IDs are %s",
|
||||
@@ -156,7 +160,6 @@ public class AuthModule {
|
||||
}
|
||||
|
||||
@Provides
|
||||
@Singleton
|
||||
@Named("backendServiceIdMap")
|
||||
static ImmutableMap<String, Long> provideBackendServiceList(
|
||||
Lazy<BackendServicesClient> client, @Config("projectId") String projectId) {
|
||||
@@ -174,4 +177,15 @@ public class AuthModule {
|
||||
}
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
// Use an expiring cache so that the backend service ID map can be refreshed without restarting
|
||||
// the server. The map is very unlikely to change, except for when services are just deployed
|
||||
// for the first time, because some pods might receive traffic before all services are deployed.
|
||||
@Provides
|
||||
@Singleton
|
||||
@Named("backendServiceIdMap")
|
||||
static Supplier<ImmutableMap<String, Long>> provideBackendServiceIdMapSupplier(
|
||||
@Named("backendServiceIdMap") Provider<ImmutableMap<String, Long>> backendServiceIdMap) {
|
||||
return memoizeWithExpiration(backendServiceIdMap::get, Duration.ofMinutes(15));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,6 +25,7 @@ import com.beust.jcommander.Parameters;
|
||||
import com.beust.jcommander.ParametersDelegate;
|
||||
import com.google.common.base.Throwables;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.Iterables;
|
||||
import google.registry.persistence.transaction.JpaTransactionManager;
|
||||
import google.registry.persistence.transaction.TransactionManagerFactory;
|
||||
@@ -41,6 +42,9 @@ import org.postgresql.util.PSQLException;
|
||||
@Parameters(separators = " =", commandDescription = "Command-line interface to the registry")
|
||||
final class RegistryCli implements CommandRunner {
|
||||
|
||||
private static final ImmutableSet<RegistryToolEnvironment> DEFAULT_GKE_ENVIRONMENTS =
|
||||
ImmutableSet.of(RegistryToolEnvironment.ALPHA, RegistryToolEnvironment.QA);
|
||||
|
||||
// The environment parameter is parsed twice: once here, and once with {@link
|
||||
// RegistryToolEnvironment#parseFromArgs} in the {@link RegistryTool#main} function.
|
||||
//
|
||||
@@ -73,6 +77,9 @@ final class RegistryCli implements CommandRunner {
|
||||
@Parameter(names = "--gke", description = "Whether to use GKE runtime, instead of GAE")
|
||||
private boolean useGke = false;
|
||||
|
||||
@Parameter(names = "--gae", description = "Whether to use GAE runtime, instead of GKE")
|
||||
private boolean useGae = false;
|
||||
|
||||
@Parameter(names = "--canary", description = "Whether to connect to the canary instances")
|
||||
private boolean useCanary = false;
|
||||
|
||||
@@ -149,6 +156,13 @@ final class RegistryCli implements CommandRunner {
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
|
||||
checkState(!useGke || !useGae, "Cannot specify both --gke and --gae");
|
||||
// Special logic to set the default based on the environment if neither --gae nor --gke is set.
|
||||
if (!useGke && !useGae) {
|
||||
useGke = DEFAULT_GKE_ENVIRONMENTS.contains(environment);
|
||||
}
|
||||
|
||||
String parsedCommand = jcommander.getParsedCommand();
|
||||
// Show the list of all commands either if requested or if no subcommand name was specified
|
||||
// (which does not throw a ParameterException parse error above).
|
||||
|
||||
Reference in New Issue
Block a user