From 5727328242646dca3dd125402b176977e372e557 Mon Sep 17 00:00:00 2001
From: Jake Lee Kennedy <jlkennedy127@gmail.com>
Date: Mon, 10 Jun 2024 14:55:26 +0100
Subject: [PATCH] use service account for GAM

---
 admin/app/conf/AdminConfiguration.scala | 12 +++++++++---
 admin/app/dfp/SessionWrapper.scala      |  7 ++-----
 admin/app/model/AdminLifecycle.scala    |  5 +++++
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/admin/app/conf/AdminConfiguration.scala b/admin/app/conf/AdminConfiguration.scala
index 55fd0d16c3bf..10554b0bd3b1 100644
--- a/admin/app/conf/AdminConfiguration.scala
+++ b/admin/app/conf/AdminConfiguration.scala
@@ -3,6 +3,8 @@ package conf
 import common.GuardianConfiguration
 import conf.Configuration.{OAuthCredentialsWithMultipleCallbacks, OAuthCredentials}
 import pa.PaClientConfig
+import java.nio.file.Files
+import java.nio.file.Files.createTempFile
 
 case class OmnitureCredentials(userName: String, secret: String)
 
@@ -39,9 +41,13 @@ object AdminConfiguration {
   }
 
   object dfpApi {
-    lazy val clientId = configuration.getStringProperty("api.dfp.clientId")
-    lazy val clientSecret = configuration.getStringProperty("api.dfp.clientSecret")
-    lazy val refreshToken = configuration.getStringProperty("api.dfp.refreshToken")
+    lazy val serviceAccountKeyFile = configuration
+      .getStringProperty("api.dfp.serviceAccountJson")
+      .map(serviceAccountJson => {
+        val tempFile = createTempFile("dfpApiCredentials", ".json")
+        Files.writeString(tempFile, serviceAccountJson)
+        tempFile
+      })
     lazy val appName = configuration.getStringProperty("api.dfp.applicationName")
   }
 
diff --git a/admin/app/dfp/SessionWrapper.scala b/admin/app/dfp/SessionWrapper.scala
index a09c4618830f..42896ede872d 100644
--- a/admin/app/dfp/SessionWrapper.scala
+++ b/admin/app/dfp/SessionWrapper.scala
@@ -206,15 +206,12 @@ object SessionWrapper extends GuLogging {
     val dfpSession =
       try {
         for {
-          clientId <- AdminConfiguration.dfpApi.clientId
-          clientSecret <- AdminConfiguration.dfpApi.clientSecret
-          refreshToken <- AdminConfiguration.dfpApi.refreshToken
+          serviceAccountKeyFile <- AdminConfiguration.dfpApi.serviceAccountKeyFile
           appName <- AdminConfiguration.dfpApi.appName
         } yield {
           val credential = new OfflineCredentials.Builder()
             .forApi(Api.AD_MANAGER)
-            .withClientSecrets(clientId, clientSecret)
-            .withRefreshToken(refreshToken)
+            .withJsonKeyFilePath(serviceAccountKeyFile.toString())
             .build()
             .generateCredential()
           new AdManagerSession.Builder()
diff --git a/admin/app/model/AdminLifecycle.scala b/admin/app/model/AdminLifecycle.scala
index d6b815932c43..19bae62c6709 100644
--- a/admin/app/model/AdminLifecycle.scala
+++ b/admin/app/model/AdminLifecycle.scala
@@ -1,6 +1,7 @@
 package model
 
 import java.util.TimeZone
+import java.nio.file.Files.deleteIfExists
 
 import app.LifecycleComponent
 import common._
@@ -13,6 +14,7 @@ import tools.{AssetMetricsCache, CloudWatch, LoadBalancer}
 
 import scala.concurrent.duration._
 import scala.concurrent.{ExecutionContext, Future}
+import conf.AdminConfiguration
 
 class AdminLifecycle(
     appLifecycle: ApplicationLifecycle,
@@ -32,6 +34,7 @@ class AdminLifecycle(
       descheduleJobs()
       CloudWatch.shutdown()
       emailService.shutdown()
+      deleteTmpFiles()
     }
   }
 
@@ -119,6 +122,8 @@ class AdminLifecycle(
     jobs.deschedule("AssetMetricsCache")
   }
 
+  private def deleteTmpFiles(): Unit = AdminConfiguration.dfpApi.serviceAccountKeyFile.map(deleteIfExists)
+
   override def start(): Unit = {
     descheduleJobs()
     scheduleJobs()