mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-04-23 17:50:49 +00:00
Code Issues Releases Wiki Activity

Revert BEAM pipeline back to SQL credential file (#961)

Browse Source 
* Revert BEAM pipeline back to SQL credential file

Stop using the SecretManager for SQL credential in BEAM for now. The
SecretManager cannot be injected into the code on pipeline workers
because RegistryEnvironment is not set.

See b/179839014 for details.
This commit is contained in:
Weimin Yu
2021-02-11 14:06:13 -05:00
committed by GitHub
parent 13f61dd7b9
commit f86936788e
1 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
core/src/main/java/google/registry/persistence/PersistenceModule.java
View File

@@ -46,6 +46,7 @@ import java.lang.annotation.Documented;
import java.sql.Connection;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.inject.Provider;
@@ -204,9 +205,24 @@ public abstract class PersistenceModule {
Clock clock) {
HashMap<String, String> overrides = Maps.newHashMap(cloudSqlConfigs);
overrides.put(HIKARI_MAXIMUM_POOL_SIZE, String.valueOf(hikariMaximumPoolSize));
overrides.put(Environment.USER, username);
overrides.put(Environment.PASS, password);
// TODO(b/175700623): consider assigning different logins to pipelines
validateAndSetCredential(
credentialStore, new RobotUser(RobotId.NOMULUS), overrides, username, password);
// TODO(b/179839014): Make SqlCredentialStore injectable in BEAM
// Note: the logs below appear in the pipeline's Worker logs, not the Job log.
try {
SqlCredential credential = credentialStore.getCredential(new RobotUser(RobotId.NOMULUS));
if (!Objects.equals(username, credential.login())) {
logger.atWarning().log(
"Wrong username for nomulus. Expecting %s, found %s.", username, credential.login());
} else if (!Objects.equals(password, credential.password())) {
logger.atWarning().log("Wrong password for nomulus.");
} else {
logger.atWarning().log("Credentials in the kerying and the secret manager match.");
}
} catch (Exception e) {
logger.atWarning().withCause(e).log("Failed to get SQL credential from Secret Manager.");
}
return new JpaTransactionManagerImpl(create(overrides), clock);
}
@@ -280,7 +296,7 @@ public abstract class PersistenceModule {
overrides.put(Environment.PASS, credential.password());
logger.atWarning().log("Credentials in the kerying and the secret manager match.");
} catch (Throwable e) {
logger.atWarning().log(e.getMessage());
logger.atSevere().withCause(e).log("Failed to get SQL credential from Secret Manager");
}
}