README
¶
Various utilities around main, authz and common network protocols - mostly boilerplate to copy instead of adding a dependency.
Documentation
¶
Index ¶
- func FindConfig(base string, s string) []byte
- func Get(suffix string) (string, error)
- func GetString(key string) string
- func MainEnd()
- func MainStart(base string, out interface{}) error
- func Subscribe(suffix string, fn func(v string, ok bool) error) error
- type Error
- type MDS
- type MDSRoundTripper
- type Metadata
- type NotDefinedError
- type TokenResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindConfig ¶
FindConfig is a simple loader for a config file.
func GetString ¶
Main config helper - base implementation for minimal deps CLI.
Larger binaries should use viper - which provides support for: - ini, json, yaml, java properties - remote providers (with encryption) - built in etcd3, consul, firestore
func MainEnd ¶
func MainEnd()
MainEnd should be the last call in main(). The app is expected to get all the config from file or env variables - if the command line arguments are not empty: exec the remaining and wait to complete - else wait for a signal.
func MainStart ¶
MainStart is an opinionated startup - configures build in components. 'base' is the name of the config - for example 'mds' If it is set as an environment variable - it is expected to be a json config. Otherwise, a file /$base/$base.json or ./$base.json will be loaded. Other env variables of type string may be merged into the config.
- Will init slog with a json handler
Larger binaries should use viper - which provides support for: - ini, json, yaml, java properties - remote providers (with encryption) - built in etcd3, consul, firestore
Types ¶
type Error ¶
type Error struct {
// Code is the HTTP response status code.
Code int
// Message is the server response message.
Message string
}
Error contains an error response from the server.
type MDS ¶
type MDS struct {
MDSBase string
// contains filtered or unexported fields
}
MDS provides access to the metadata server, tokens and host info.
func NewMDSClient ¶
NewMDSClient returns a client for an GCP MDS-like server.
It can return JWT tokens for the 'primary' service account, as well as metadata.
func (*MDS) Get ¶
Get returns a value from the metadata service. The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
If the GCE_METADATA_HOST environment variable is not defined, a default of 169.254.169.254 will be used instead.
If the requested metadata is not defined, the returned error will be of type NotDefinedError.
func (*MDS) GetToken ¶
POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-<GCP project number>@gcp-sa-meshdataplane.iam.gserviceaccount.com:generateAccessToken Content-Type: application/json Authorization: Bearer <federated token>
{
"Delegates": [],
"Scope": [
https://www.googleapis.com/auth/cloud-platform
],
}
func (*MDS) Subscribe ¶
Subscribe subscribes to a value from the metadata service. The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/". The suffix may contain query parameters.
Subscribe calls fn with the latest metadata value indicated by the provided suffix. If the metadata value is deleted, fn is called with the empty string and ok false. Subscribe blocks until fn returns a non-nil error or the value is deleted. Subscribe returns the error value returned from the last call to fn, which may be nil when ok == false.
type MDSRoundTripper ¶
type MDSRoundTripper struct {
// contains filtered or unexported fields
}
type Metadata ¶
type Metadata struct {
Instance struct {
Attributes struct {
// Only GKE
ClusterLocation string
ClusterName string
ClusterUid string
// Only GCP
// Full authorized_hosts with \n separators
SSHKeys string
}
// "hostname": "gke-CLUSTER_NAME-pool-1-1b6cad60-1l3a.c.costin-asm1.internal",
// This is the FQDN hostname of the node !
Hostname string
ID int
// Local part of the hostname.
Name string
Zone string
// Default is present and the service account running the node/VM
ServiceAccounts map[string]struct {
Aliases []string // "default"
Email string // Based on annotation on the KSA
Scopes []string
}
NetworkInterfaces map[string]struct {
IPV6s string
// Only GCP
AccessConfigs struct {
ExternalIP string
Type string // ONE_TO_ONE_NAT
}
Gateway string
IP string
Mac string
Mtu string
Network string // projects/NUMBER/network/NAME
Subnetmask string
TargetInstanceIps []string
DNSServers []string
}
Tags []string
}
Project struct {
NumericProjectId int
ProjectId string
// Only on GCP
Attributes map[string]string
}
}
Metadata represents info about the current instance. Some info is only available on VMs or CloudRun.
type NotDefinedError ¶
type NotDefinedError string
func (NotDefinedError) Error ¶
func (suffix NotDefinedError) Error() string
type TokenResponse ¶
type TokenResponse struct {
// REQUIRED. The security token issued by the authorization server
// in response to the token exchange request.
AccessToken string `json:"access_token"`
// REQUIRED. An identifier, representation of the issued security token.
IssuedTokenType string `json:"issued_token_type"`
// REQUIRED. A case-insensitive value specifying the method of using the access
// token issued. It provides the client with information about how to utilize the
// access token to access protected resources.
TokenType string `json:"token_type"`
// RECOMMENDED. The validity lifetime, in seconds, of the token issued by the
// authorization server.
ExpiresIn int64 `json:"expires_in"`
// OPTIONAL, if the Scope of the issued security token is identical to the
// Scope requested by the client; otherwise, REQUIRED.
Scope string `json:"scope"`
// OPTIONAL. A refresh token will typically not be issued when the exchange is
// of one temporary credential (the subject_token) for a different temporary
// credential (the issued token) for use in some other context.
RefreshToken string `json:"refresh_token"`
}
TokenResponse stores all attributes sent as JSON in a successful STS response. These attributes are defined in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-2.2.1 Also returned by MDS and federated token.
Source Files