feat(main): Add fetching of tokens from metadata server
This commit is contained in:
parent
2541d25fba
commit
2d8e057118
1 changed files with 39 additions and 0 deletions
39
src/main.rs
39
src/main.rs
|
@ -14,10 +14,17 @@ mod stackdriver;
|
|||
|
||||
use std::env;
|
||||
use std::mem;
|
||||
use std::ops::Add;
|
||||
use std::process;
|
||||
use std::time::{Duration, Instant};
|
||||
use systemd::journal::*;
|
||||
|
||||
const METADATA_TOKEN_URL: &str = "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token";
|
||||
|
||||
header! { (MetadataFlavor, "Metadata-Flavor") => [String] }
|
||||
|
||||
type Result<T> = std::result::Result<T, failure::Error>;
|
||||
|
||||
#[derive(Debug)]
|
||||
struct Record {
|
||||
message: Option<String>,
|
||||
|
@ -90,6 +97,38 @@ fn flush(records: Vec<Record>) {
|
|||
}
|
||||
}
|
||||
|
||||
/// Retrieves an access token from the GCP metadata service.
|
||||
#[derive(Deserialize)]
|
||||
struct TokenResponse {
|
||||
#[serde(rename = "type")]
|
||||
expires_in: u64,
|
||||
access_token: String,
|
||||
}
|
||||
|
||||
/// Struct used to store a token together with a sensible
|
||||
/// representation of when it expires.
|
||||
struct Token {
|
||||
token: String,
|
||||
renew_at: Instant,
|
||||
}
|
||||
|
||||
fn get_metadata_token(client: &reqwest::Client) -> Result<Token> {
|
||||
let now = Instant::now();
|
||||
|
||||
let token: TokenResponse = client.get(METADATA_TOKEN_URL)
|
||||
.header(MetadataFlavor("Google".into()))
|
||||
.send()?.json()?;
|
||||
|
||||
debug!("Fetched new token from metadata service");
|
||||
|
||||
let renew_at = now.add(Duration::from_secs(token.expires_in / 2));
|
||||
|
||||
Ok(Token {
|
||||
renew_at,
|
||||
token: token.access_token,
|
||||
})
|
||||
}
|
||||
|
||||
fn main () {
|
||||
env_logger::init();
|
||||
|
||||
|
|
Loading…
Reference in a new issue