feat(main): Add fetching of tokens from metadata server
This commit is contained in:
parent
2541d25fba
commit
2d8e057118
1 changed files with 39 additions and 0 deletions
39
src/main.rs
39
src/main.rs
|
@ -14,10 +14,17 @@ mod stackdriver;
|
||||||
|
|
||||||
use std::env;
|
use std::env;
|
||||||
use std::mem;
|
use std::mem;
|
||||||
|
use std::ops::Add;
|
||||||
use std::process;
|
use std::process;
|
||||||
use std::time::{Duration, Instant};
|
use std::time::{Duration, Instant};
|
||||||
use systemd::journal::*;
|
use systemd::journal::*;
|
||||||
|
|
||||||
|
const METADATA_TOKEN_URL: &str = "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token";
|
||||||
|
|
||||||
|
header! { (MetadataFlavor, "Metadata-Flavor") => [String] }
|
||||||
|
|
||||||
|
type Result<T> = std::result::Result<T, failure::Error>;
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
struct Record {
|
struct Record {
|
||||||
message: Option<String>,
|
message: Option<String>,
|
||||||
|
@ -90,6 +97,38 @@ fn flush(records: Vec<Record>) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Retrieves an access token from the GCP metadata service.
|
||||||
|
#[derive(Deserialize)]
|
||||||
|
struct TokenResponse {
|
||||||
|
#[serde(rename = "type")]
|
||||||
|
expires_in: u64,
|
||||||
|
access_token: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Struct used to store a token together with a sensible
|
||||||
|
/// representation of when it expires.
|
||||||
|
struct Token {
|
||||||
|
token: String,
|
||||||
|
renew_at: Instant,
|
||||||
|
}
|
||||||
|
|
||||||
|
fn get_metadata_token(client: &reqwest::Client) -> Result<Token> {
|
||||||
|
let now = Instant::now();
|
||||||
|
|
||||||
|
let token: TokenResponse = client.get(METADATA_TOKEN_URL)
|
||||||
|
.header(MetadataFlavor("Google".into()))
|
||||||
|
.send()?.json()?;
|
||||||
|
|
||||||
|
debug!("Fetched new token from metadata service");
|
||||||
|
|
||||||
|
let renew_at = now.add(Duration::from_secs(token.expires_in / 2));
|
||||||
|
|
||||||
|
Ok(Token {
|
||||||
|
renew_at,
|
||||||
|
token: token.access_token,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
fn main () {
|
fn main () {
|
||||||
env_logger::init();
|
env_logger::init();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue