use service account for GAM

guardian · Jun 10, 2024 · 5727328 · 5727328
1 parent 61786af
commit 5727328
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 8 deletions.
diff --git a/admin/app/conf/AdminConfiguration.scala b/admin/app/conf/AdminConfiguration.scala
@@ -3,6 +3,8 @@ package conf
 import common.GuardianConfiguration
 import conf.Configuration.{OAuthCredentialsWithMultipleCallbacks, OAuthCredentials}
 import pa.PaClientConfig
+import java.nio.file.Files
+import java.nio.file.Files.createTempFile
 
 case class OmnitureCredentials(userName: String, secret: String)
 
@@ -39,9 +41,13 @@ object AdminConfiguration {
   }
 
   object dfpApi {
-    lazy val clientId = configuration.getStringProperty("api.dfp.clientId")
-    lazy val clientSecret = configuration.getStringProperty("api.dfp.clientSecret")
-    lazy val refreshToken = configuration.getStringProperty("api.dfp.refreshToken")
+    lazy val serviceAccountKeyFile = configuration
+      .getStringProperty("api.dfp.serviceAccountJson")
+      .map(serviceAccountJson => {
+        val tempFile = createTempFile("dfpApiCredentials", ".json")
+        Files.writeString(tempFile, serviceAccountJson)
+        tempFile
+      })
     lazy val appName = configuration.getStringProperty("api.dfp.applicationName")
   }
 

diff --git a/admin/app/dfp/SessionWrapper.scala b/admin/app/dfp/SessionWrapper.scala
@@ -206,15 +206,12 @@ object SessionWrapper extends GuLogging {
     val dfpSession =
       try {
         for {
-          clientId <- AdminConfiguration.dfpApi.clientId
-          clientSecret <- AdminConfiguration.dfpApi.clientSecret
-          refreshToken <- AdminConfiguration.dfpApi.refreshToken
+          serviceAccountKeyFile <- AdminConfiguration.dfpApi.serviceAccountKeyFile
           appName <- AdminConfiguration.dfpApi.appName
         } yield {
           val credential = new OfflineCredentials.Builder()
             .forApi(Api.AD_MANAGER)
-            .withClientSecrets(clientId, clientSecret)
-            .withRefreshToken(refreshToken)
+            .withJsonKeyFilePath(serviceAccountKeyFile.toString())
             .build()
             .generateCredential()
           new AdManagerSession.Builder()

diff --git a/admin/app/model/AdminLifecycle.scala b/admin/app/model/AdminLifecycle.scala
@@ -1,6 +1,7 @@
 package model
 
 import java.util.TimeZone
+import java.nio.file.Files.deleteIfExists
 
 import app.LifecycleComponent
 import common._
@@ -13,6 +14,7 @@ import tools.{AssetMetricsCache, CloudWatch, LoadBalancer}
 
 import scala.concurrent.duration._
 import scala.concurrent.{ExecutionContext, Future}
+import conf.AdminConfiguration
 
 class AdminLifecycle(
     appLifecycle: ApplicationLifecycle,
@@ -32,6 +34,7 @@ class AdminLifecycle(
       descheduleJobs()
       CloudWatch.shutdown()
       emailService.shutdown()
+      deleteTmpFiles()
     }
   }
 
@@ -119,6 +122,8 @@ class AdminLifecycle(
     jobs.deschedule("AssetMetricsCache")
   }
 
+  private def deleteTmpFiles(): Unit = AdminConfiguration.dfpApi.serviceAccountKeyFile.map(deleteIfExists)
+
   override def start(): Unit = {
     descheduleJobs()
     scheduleJobs()