Replace mem data store with file data store

Dockerfile

@@ -14,6 +14,7 @@ ENV CLOUD_IAM_AUTH_ENABLED "false"
 ENV JWT_REQUIRES_MEMBERSHIP_VERIFICATION "true"
 ENV KEYSTORE_PATH "keystore.jceks"
 ENV KEYSTORE_PASS "safe#passw0rd!"
+ENV CREDENTIAL_STORE_PATH "/var/lib/nexus-proxy"
 ENV NEXUS_DOCKER_HOST "containers.example.com"
 ENV NEXUS_HTTP_HOST "nexus.example.com"
 ENV NEXUS_RUT_HEADER "X-Forwarded-User"

src/main/java/com/travelaudience/nexus/proxy/CachingGoogleAuthCodeFlow.java

@@ -1,9 +1,5 @@
 package com.travelaudience.nexus.proxy;
 
-import static com.google.api.services.cloudresourcemanager.CloudResourceManagerScopes.CLOUD_PLATFORM_READ_ONLY;
-import static com.google.api.services.oauth2.Oauth2Scopes.USERINFO_EMAIL;
-import static java.util.concurrent.TimeUnit.MILLISECONDS;
-
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 import com.google.api.client.auth.oauth2.Credential;
@@ -13,8 +9,6 @@
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.jackson2.JacksonFactory;
-import com.google.api.client.util.store.DataStoreFactory;
-import com.google.api.client.util.store.MemoryDataStoreFactory;
 import com.google.api.services.cloudresourcemanager.CloudResourceManager;
 import com.google.api.services.cloudresourcemanager.model.Organization;
 import com.google.common.collect.ImmutableSet;
@@ -26,13 +20,16 @@
 import java.util.List;
 import java.util.Set;
 
+import static com.google.api.services.cloudresourcemanager.CloudResourceManagerScopes.CLOUD_PLATFORM_READ_ONLY;
+import static com.google.api.services.oauth2.Oauth2Scopes.USERINFO_EMAIL;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+
 /**
  * Wraps {@link GoogleAuthorizationCodeFlow} caching authorization results and providing unchecked methods.
  */
 public class CachingGoogleAuthCodeFlow {
     private static final Logger LOGGER = LoggerFactory.getLogger(CachingGoogleAuthCodeFlow.class);
 
-    private static final DataStoreFactory DATA_STORE_FACTORY = new MemoryDataStoreFactory();
     private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
     private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
     private static final Set<String> SCOPES = ImmutableSet.of(CLOUD_PLATFORM_READ_ONLY, USERINFO_EMAIL);
@@ -47,6 +44,7 @@ private CachingGoogleAuthCodeFlow(final int authCacheTtl,
                                       final String clientSecret,
                                       final String organizationId,
                                       final String redirectUri) throws IOException {
+
         this.authCache = Caffeine.newBuilder()
                 .maximumSize(4096)
                 .expireAfterWrite(authCacheTtl, MILLISECONDS)
@@ -58,7 +56,7 @@ private CachingGoogleAuthCodeFlow(final int authCacheTtl,
                 clientSecret,
                 SCOPES
         ).setDataStoreFactory(
-                DATA_STORE_FACTORY
+                ProxyDataStoreFactory.getDefaultInstance()
         ).setAccessType(
                 "offline"
         ).setApprovalPrompt(

src/main/java/com/travelaudience/nexus/proxy/ProxyDataStoreFactory.java

@@ -0,0 +1,33 @@
+package com.travelaudience.nexus.proxy;
+
+import com.google.api.client.util.store.DataStoreFactory;
+import com.google.api.client.util.store.FileDataStoreFactory;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * Provides a thread-safe way to get a singleton {@link DataStoreFactory} instance
+ */
+class ProxyDataStoreFactory {
+
+    private static final String CREDENTIAL_STORE_PATH = System.getenv("CREDENTIAL_STORE_PATH");
+
+    private static final Object mutex = new Object();
+    private static volatile DataStoreFactory instance;
+
+
+    static DataStoreFactory getDefaultInstance() throws IOException {
+        DataStoreFactory result = instance;
+        if (result == null) {
+            synchronized (mutex) {
+                result = instance;
+                if (result == null)
+                    instance = result = new FileDataStoreFactory(new File(CREDENTIAL_STORE_PATH));
+            }
+        }
+
+        return result;
+    }
+
+}

src/test/java/com/travelaudience/nexus/proxy/CloudIamAuthNexusProxyVerticleTests.java

@@ -29,7 +29,7 @@
 
 @RunWith(PowerMockRunner.class)
 @PowerMockRunnerDelegate(VertxUnitRunner.class)
-@PrepareForTest(CloudIamAuthNexusProxyVerticle.class)
+@PrepareForTest({CloudIamAuthNexusProxyVerticle.class, ProxyDataStoreFactory.class})
 public class CloudIamAuthNexusProxyVerticleTests {
     private static final String HOST = "localhost";
     private static final int PORT = findRandomUnusedPort();
@@ -47,6 +47,7 @@ public class CloudIamAuthNexusProxyVerticleTests {
             put("CLOUD_IAM_AUTH_ENABLED", "true");
             put("KEYSTORE_PATH", "keystore.jceks");
             put("KEYSTORE_PASS", "safe#passw0rd!");
+            put("CREDENTIAL_STORE_PATH", "build/temp");
             put("NEXUS_DOCKER_HOST", "containers.example.com");
             put("NEXUS_HTTP_HOST", "nexus.example.com");
             put("NEXUS_RUT_HEADER", "X-Forwarded-User");