Documentation ¶
Index ¶
- func FindConfig(base string, s string) []byte
- func Get(suffix string) (string, error)
- func GetString(key string) string
- func MainEnd()
- func MainStart(base string, out interface{}) error
- func Subscribe(suffix string, fn func(v string, ok bool) error) error
- type Error
- type MDS
- type MDSRoundTripper
- type Metadata
- type NotDefinedError
- type TokenResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindConfig ¶
FindConfig is a simple loader for a config file.
func GetString ¶
Main config helper - base implementation for minimal deps CLI.
Larger binaries should use viper - which provides support for: - ini, json, yaml, java properties - remote providers (with encryption) - built in etcd3, consul, firestore
func MainEnd ¶
func MainEnd()
MainEnd should be the last call in main(). The app is expected to get all the config from file or env variables - if the command line arguments are not empty: exec the remaining and wait to complete - else wait for a signal.
func MainStart ¶
MainStart is an opinionated startup - configures build in components. 'base' is the name of the config - for example 'mds' If it is set as an environment variable - it is expected to be a json config. Otherwise, a file /$base/$base.json or ./$base.json will be loaded. Other env variables of type string may be merged into the config.
- Will init slog with a json handler
Larger binaries should use viper - which provides support for: - ini, json, yaml, java properties - remote providers (with encryption) - built in etcd3, consul, firestore
Types ¶
type Error ¶
type Error struct { // Code is the HTTP response status code. Code int // Message is the server response message. Message string }
Error contains an error response from the server.
type MDS ¶
type MDS struct { MDSBase string // contains filtered or unexported fields }
MDS provides access to the metadata server, tokens and host info.
func NewMDSClient ¶
NewMDSClient returns a client for an GCP MDS-like server.
It can return JWT tokens for the 'primary' service account, as well as metadata.
func (*MDS) Get ¶
Get returns a value from the metadata service. The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
If the GCE_METADATA_HOST environment variable is not defined, a default of 169.254.169.254 will be used instead.
If the requested metadata is not defined, the returned error will be of type NotDefinedError.
func (*MDS) GetToken ¶
POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-<GCP project number>@gcp-sa-meshdataplane.iam.gserviceaccount.com:generateAccessToken Content-Type: application/json Authorization: Bearer <federated token>
{ "Delegates": [], "Scope": [ https://www.googleapis.com/auth/cloud-platform ], }
func (*MDS) Subscribe ¶
Subscribe subscribes to a value from the metadata service. The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/". The suffix may contain query parameters.
Subscribe calls fn with the latest metadata value indicated by the provided suffix. If the metadata value is deleted, fn is called with the empty string and ok false. Subscribe blocks until fn returns a non-nil error or the value is deleted. Subscribe returns the error value returned from the last call to fn, which may be nil when ok == false.
type MDSRoundTripper ¶
type MDSRoundTripper struct {
// contains filtered or unexported fields
}
type Metadata ¶
type Metadata struct { Instance struct { Attributes struct { // Only GKE ClusterLocation string ClusterName string ClusterUid string // Only GCP // Full authorized_hosts with \n separators SSHKeys string } // "hostname": "gke-CLUSTER_NAME-pool-1-1b6cad60-1l3a.c.costin-asm1.internal", // This is the FQDN hostname of the node ! Hostname string ID int // Local part of the hostname. Name string Zone string // Default is present and the service account running the node/VM ServiceAccounts map[string]struct { Aliases []string // "default" Email string // Based on annotation on the KSA Scopes []string } NetworkInterfaces map[string]struct { IPV6s string // Only GCP AccessConfigs struct { ExternalIP string Type string // ONE_TO_ONE_NAT } Gateway string IP string Mac string Mtu string Network string // projects/NUMBER/network/NAME Subnetmask string TargetInstanceIps []string DNSServers []string } Tags []string } Project struct { NumericProjectId int ProjectId string // Only on GCP Attributes map[string]string } }
Metadata represents info about the current instance. Some info is only available on VMs or CloudRun.
type NotDefinedError ¶
type NotDefinedError string
func (NotDefinedError) Error ¶
func (suffix NotDefinedError) Error() string
type TokenResponse ¶
type TokenResponse struct { // REQUIRED. The security token issued by the authorization server // in response to the token exchange request. AccessToken string `json:"access_token"` // REQUIRED. An identifier, representation of the issued security token. IssuedTokenType string `json:"issued_token_type"` // REQUIRED. A case-insensitive value specifying the method of using the access // token issued. It provides the client with information about how to utilize the // access token to access protected resources. TokenType string `json:"token_type"` // RECOMMENDED. The validity lifetime, in seconds, of the token issued by the // authorization server. ExpiresIn int64 `json:"expires_in"` // OPTIONAL, if the Scope of the issued security token is identical to the // Scope requested by the client; otherwise, REQUIRED. Scope string `json:"scope"` // OPTIONAL. A refresh token will typically not be issued when the exchange is // of one temporary credential (the subject_token) for a different temporary // credential (the issued token) for use in some other context. RefreshToken string `json:"refresh_token"` }
TokenResponse stores all attributes sent as JSON in a successful STS response. These attributes are defined in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-2.2.1 Also returned by MDS and federated token.