README
¶
Google Cloud Metadata Emulator
Provides (part of) the functionality of the Compute Engine instance metadata server. The server wraps around the Google Cloud SDK.
Supports functionality:
- Getting service account ID tokens (see caveats)
- Active account email
- Project ID
Supported endpoints:
computeMetadata/v1/instance/service-accounts/default/identitycomputeMetadata/v1/instance/service-accounts/<service account>/identitycomputeMetadata/v1/instance/service-accounts/default/emailcomputeMetadata/v1/instance/service-accounts/<service account>/emailcomputeMetadata/v1/project/project-id
Dependencies
gcloudcommand line tool- Go (1.13 and up)
Run the Server
Start a server with default options:
make run
To see all available command line options:
go run local/server.go -help
Use the Server
From the Command Line
curl http://localhost:9000/computeEngine/v1/project/project-id
Using Google Client Libraries
The Google client libraries can also be 'tricked' into using this emulator. Results might vary as it has been partially reverse-engineered and only tested for a limited set of languages (Go, Python) and libraries (Pubsub, Firestore).
The following environment variables need to be set to achieve desired
functionality. Both GCE_METADATA_HOST and GCE_METADATA_IP should point to
server authority (host & port), i.e. localhost:9000. Do not include the
protocol (aka http://).
Using the Included Library
import github.com/HayoVanLoon/metadataemu
...
client := metadata.NewClient("http://localhost:9000", "my-api-key", false, "my-service-account")
projectId, err := client.ProjectID()
Caveats
- The GCP instance metadata runs in a private network. This server might not. Hence an apiKey query parameter must be added in calls to this server. It is printed to the console on server start-up and refreshes on server restart.
- When no service account is set and no audience is added, the users default identity token is used and the audience is not limited. Never, ever send this token to an untrusted source or over an untrusted medium.
License
Copyright 2021 Hayo van Loon
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Documentation
¶
Overview ¶
Package metadataemu provides a (limited) emulator for the Google Cloud Compute metadata servers.
Index ¶
- Constants
- func BadRequest(w http.ResponseWriter, s string)
- func GetGcloudOutput(gcloudPath string, params []string) ([]byte, error)
- func GetProjectID(gcloudPath string) (string, error)
- func InternalServerError(w http.ResponseWriter, bs []byte)
- func Ok(w http.ResponseWriter, contentType string, bs []byte)
- func OkJson(w http.ResponseWriter, bs []byte)
- func OkPlainText(w http.ResponseWriter, bs []byte)
- type AccessToken
- type Client
- type GcloudIdToken
- type Server
- type ServerConfig
Constants ¶
const ( ComputeMetadataPrefix = "/computeMetadata/v1" EndPointServiceAccounts = ComputeMetadataPrefix + "/instance/service-accounts" EndPointProjectId = ComputeMetadataPrefix + "/project/project-id" )
Use 'real' metadata paths Source: https://cloud.google.com/compute/docs/storing-retrieving-metadata
const ( HeaderMetadataFlavour = "metadata-flavor" HeaderValueMetadataFlavour = "Google" HeaderContentType = "content-type" HeaderValueTextPlain = "text/plain" HeaderValueApplicationJson = "application/json" )
Variables ¶
This section is empty.
Functions ¶
func BadRequest ¶
func BadRequest(w http.ResponseWriter, s string)
func GetProjectID ¶
func InternalServerError ¶
func InternalServerError(w http.ResponseWriter, bs []byte)
func OkJson ¶
func OkJson(w http.ResponseWriter, bs []byte)
func OkPlainText ¶
func OkPlainText(w http.ResponseWriter, bs []byte)
Types ¶
type AccessToken ¶
type AccessToken struct {
AccessToken string `json:"access_token"`
ExpiresInSec int `json:"expires_in"`
TokenType string `json:"token_type"`
}
func GetGcloudAccessToken ¶
func GetGcloudAccessToken(gcloudPath, sa, audience string) (*AccessToken, error)
type Client ¶
type GcloudIdToken ¶
type GcloudIdToken struct {
AccessToken string `json:"access_token"`
IdToken string `json:"id_token"`
TokenExpiry time.Time `json:"token_expiry"`
}
func GetGcloudIdToken ¶
func GetGcloudIdToken(gcloudPath, sa, audience string) (*GcloudIdToken, error)
type Server ¶
type Server interface {
Run() error
}
func NewServerFromConfig ¶
func NewServerFromConfig(conf *ServerConfig) Server
NewServerFromConfig creates a new metadata server from a ServerConfig.
func NewServerFromConfigFile ¶
NewServerFromConfigFile creates a new metadata server from a ServerConfig.
type ServerConfig ¶
type ServerConfig struct {
Port string `json:"port"`
GcloudPath string `json:"gcloudPath,omitempty"`
NoKey bool `json:"noKey,omitempty"`
ProjectId string `json:"projectId,omitempty"`
ServiceAccount string `json:"serviceAccount,omitempty"`
ServiceAccountId string `json:"serviceAccountId,omitempty"`
}
Source Files