using a build tag so we can use GAE std with auth/gcp

nytimes · Nov 5, 2018 · 9aa1786 · 9aa1786
1 parent ba3c663
commit 9aa1786
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 32 deletions.
diff --git a/auth/gcp/iam.go b/auth/gcp/iam.go
@@ -45,7 +45,7 @@ func NewDefaultIAMVerifier(ctx context.Context, cfg IAMConfig, clientFunc func(c
 		return nil, err
 	}
 
-	eml, err := GetDefaultEmail(ctx, IdentityConfig{Client: clientFunc(ctx)})
+	eml, err := GetDefaultEmail(ctx, "", clientFunc(ctx))
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to get default email")
 	}

diff --git a/auth/gcp/identity.go b/auth/gcp/identity.go
@@ -6,7 +6,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"time"
 
@@ -88,7 +87,7 @@ func (c *idTokenSource) Token() (*oauth2.Token, error) {
 	suffix := fmt.Sprintf("instance/service-accounts/default/identity?audience=%s&format=full",
 		c.cfg.Audience)
 
-	tkn, err := metadataGet(context.Background(), c.cfg, suffix)
+	tkn, err := metadataGet(context.Background(), c.cfg.MetadataAddress, c.cfg.Client, suffix)
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to get token")
 	}
@@ -170,32 +169,3 @@ func VerifyIdentityEmails(ctx context.Context, emails []string, audience string)
 		return emls[cs.Email]
 	})
 }
-
-// GetDefaultEmail is a helper method for users on GCE or the 2nd generation GAE
-// environment.
-func GetDefaultEmail(ctx context.Context, cfg IdentityConfig) (string, error) {
-	email, err := metadataGet(ctx, cfg, "instance/service-accounts/default/email")
-	return email, errors.Wrap(err, "unable to get default email from metadata")
-}
-
-func metadataGet(ctx context.Context, cfg IdentityConfig, suffix string) (string, error) {
-	req, err := http.NewRequest(http.MethodGet, cfg.MetadataAddress+suffix, nil)
-	if err != nil {
-		return "", errors.Wrap(err, "unable to create metadata request")
-	}
-	req.Header.Set("Metadata-Flavor", "Google")
-
-	resp, err := cfg.Client.Do(req)
-	if err != nil {
-		return "", errors.Wrap(err, "unable to send request to metadata")
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return "", errors.Errorf("metadata service returned a non-200 response: %d",
-			resp.StatusCode)
-	}
-
-	tkn, err := ioutil.ReadAll(resp.Body)
-	return string(tkn), errors.Wrap(err, "unable to read metadata response")
-}
diff --git a/auth/gcp/identity_test.go b/auth/gcp/identity_test.go
@@ -1,3 +1,5 @@
+// +build !appengine
+
 package gcp
 
 import (

diff --git a/auth/gcp/metadata.go b/auth/gcp/metadata.go
@@ -0,0 +1,41 @@
+package gcp
+
+import (
+	"context"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/pkg/errors"
+)
+
+// GetDefaultEmail is a helper method for users on GCE or the 2nd generation GAE
+// environment.
+func GetDefaultEmail(ctx context.Context, addr string, hc *http.Client) (string, error) {
+	email, err := metadataGet(ctx, addr, hc, "instance/service-accounts/default/email")
+	return email, errors.Wrap(err, "unable to get default email from metadata")
+}
+
+func metadataGet(ctx context.Context, addr string, hc *http.Client, suffix string) (string, error) {
+	if addr == "" {
+		addr = "http://metadata/computeMetadata/v1/"
+	}
+	req, err := http.NewRequest(http.MethodGet, addr+suffix, nil)
+	if err != nil {
+		return "", errors.Wrap(err, "unable to create metadata request")
+	}
+	req.Header.Set("Metadata-Flavor", "Google")
+
+	resp, err := hc.Do(req)
+	if err != nil {
+		return "", errors.Wrap(err, "unable to send request to metadata")
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return "", errors.Errorf("metadata service returned a non-200 response: %d",
+			resp.StatusCode)
+	}
+
+	tkn, err := ioutil.ReadAll(resp.Body)
+	return string(tkn), errors.Wrap(err, "unable to read metadata response")
+}