From 9aa1786d4304e7cbde4716c247be66f4e34070a0 Mon Sep 17 00:00:00 2001 From: JP Robinson Date: Mon, 5 Nov 2018 13:15:37 -0500 Subject: [PATCH] using a build tag so we can use GAE std with auth/gcp --- auth/gcp/iam.go | 2 +- auth/gcp/identity.go | 32 +----------------------------- auth/gcp/identity_test.go | 2 ++ auth/gcp/metadata.go | 41 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 45 insertions(+), 32 deletions(-) create mode 100644 auth/gcp/metadata.go diff --git a/auth/gcp/iam.go b/auth/gcp/iam.go index 650056d86..9d3037ca1 100644 --- a/auth/gcp/iam.go +++ b/auth/gcp/iam.go @@ -45,7 +45,7 @@ func NewDefaultIAMVerifier(ctx context.Context, cfg IAMConfig, clientFunc func(c return nil, err } - eml, err := GetDefaultEmail(ctx, IdentityConfig{Client: clientFunc(ctx)}) + eml, err := GetDefaultEmail(ctx, "", clientFunc(ctx)) if err != nil { return nil, errors.Wrap(err, "unable to get default email") } diff --git a/auth/gcp/identity.go b/auth/gcp/identity.go index b9e8d6e51..5f1c5704e 100644 --- a/auth/gcp/identity.go +++ b/auth/gcp/identity.go @@ -6,7 +6,6 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" "net/http" "time" @@ -88,7 +87,7 @@ func (c *idTokenSource) Token() (*oauth2.Token, error) { suffix := fmt.Sprintf("instance/service-accounts/default/identity?audience=%s&format=full", c.cfg.Audience) - tkn, err := metadataGet(context.Background(), c.cfg, suffix) + tkn, err := metadataGet(context.Background(), c.cfg.MetadataAddress, c.cfg.Client, suffix) if err != nil { return nil, errors.Wrap(err, "unable to get token") } @@ -170,32 +169,3 @@ func VerifyIdentityEmails(ctx context.Context, emails []string, audience string) return emls[cs.Email] }) } - -// GetDefaultEmail is a helper method for users on GCE or the 2nd generation GAE -// environment. -func GetDefaultEmail(ctx context.Context, cfg IdentityConfig) (string, error) { - email, err := metadataGet(ctx, cfg, "instance/service-accounts/default/email") - return email, errors.Wrap(err, "unable to get default email from metadata") -} - -func metadataGet(ctx context.Context, cfg IdentityConfig, suffix string) (string, error) { - req, err := http.NewRequest(http.MethodGet, cfg.MetadataAddress+suffix, nil) - if err != nil { - return "", errors.Wrap(err, "unable to create metadata request") - } - req.Header.Set("Metadata-Flavor", "Google") - - resp, err := cfg.Client.Do(req) - if err != nil { - return "", errors.Wrap(err, "unable to send request to metadata") - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return "", errors.Errorf("metadata service returned a non-200 response: %d", - resp.StatusCode) - } - - tkn, err := ioutil.ReadAll(resp.Body) - return string(tkn), errors.Wrap(err, "unable to read metadata response") -} diff --git a/auth/gcp/identity_test.go b/auth/gcp/identity_test.go index 70f0b9bb7..3af88d8e6 100644 --- a/auth/gcp/identity_test.go +++ b/auth/gcp/identity_test.go @@ -1,3 +1,5 @@ +// +build !appengine + package gcp import ( diff --git a/auth/gcp/metadata.go b/auth/gcp/metadata.go new file mode 100644 index 000000000..0886ab408 --- /dev/null +++ b/auth/gcp/metadata.go @@ -0,0 +1,41 @@ +package gcp + +import ( + "context" + "io/ioutil" + "net/http" + + "github.com/pkg/errors" +) + +// GetDefaultEmail is a helper method for users on GCE or the 2nd generation GAE +// environment. +func GetDefaultEmail(ctx context.Context, addr string, hc *http.Client) (string, error) { + email, err := metadataGet(ctx, addr, hc, "instance/service-accounts/default/email") + return email, errors.Wrap(err, "unable to get default email from metadata") +} + +func metadataGet(ctx context.Context, addr string, hc *http.Client, suffix string) (string, error) { + if addr == "" { + addr = "http://metadata/computeMetadata/v1/" + } + req, err := http.NewRequest(http.MethodGet, addr+suffix, nil) + if err != nil { + return "", errors.Wrap(err, "unable to create metadata request") + } + req.Header.Set("Metadata-Flavor", "Google") + + resp, err := hc.Do(req) + if err != nil { + return "", errors.Wrap(err, "unable to send request to metadata") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return "", errors.Errorf("metadata service returned a non-200 response: %d", + resp.StatusCode) + } + + tkn, err := ioutil.ReadAll(resp.Body) + return string(tkn), errors.Wrap(err, "unable to read metadata response") +}