-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtest.go
78 lines (72 loc) · 3.04 KB
/
test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package main
import (
"context"
"net/http"
"os"
log "github.com/sirupsen/logrus"
oauth2 "golang.org/x/oauth2"
oauth2google "golang.org/x/oauth2/google"
"google.golang.org/api/compute/v1"
"google.golang.org/api/iam/v1"
"google.golang.org/api/option"
jaspergoogle "github.com/jbrekelmans/go-lib/auth/google"
jaspercompute "github.com/jbrekelmans/go-lib/auth/google/compute"
)
var jwtToken = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImMxNzcxODE0YmE2YTcwNjkzZmI5NDEyZGEzYzZlOTBjMmJmNWI5MjciLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJo" +
"dHRwczovL2V4YW1wbGUuY29tLyIsImF6cCI6IjExNTU4NjE3NDA5MDY2MDcxNzQ3NSIsImVtYWlsIjoiMTk4Mjg1NjE2NjgxLWNvbXB1dGVAZGV2ZWx" +
"vcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZXhwIjoxNTg5NzE3Mjk4LCJnb29nbGUiOnsiY29tcHV0ZV9lbm" +
"dpbmUiOnsiaW5zdGFuY2VfY3JlYXRpb25fdGltZXN0YW1wIjoxNTg5NjA4NjY0LCJpbnN0YW5jZV9pZCI6Ijc0ODM5Mjc5MTQ5NjQyMDUxMTIiLCJpb" +
"nN0YW5jZV9uYW1lIjoiaW5zdGFuY2UtMSIsInByb2plY3RfaWQiOiJzY3JhdGNoLXBsYXlncm91bmQiLCJwcm9qZWN0X251bWJlciI6MTk4Mjg1NjE2" +
"NjgxLCJ6b25lIjoiYXVzdHJhbGlhLXNvdXRoZWFzdDEtYiJ9fSwiaWF0IjoxNTg5NzEzNjk4LCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5" +
"jb20iLCJzdWIiOiIxMTU1ODYxNzQwOTA2NjA3MTc0NzUifQ.hZU05LXG2YR-ggXwvLy1by4MXFh2dJD6oXSRtrkGcxhmpuvDbjnOSIH4-rfjAlQJ0Ku" +
"Cbdb3HEvRVYiQXHNgny5ZbptFGbvHDl8UITvgQBKJR31wDFSNXXW2Lk1s2_siufcjDLbkL5PadWCXp5KBYqVg-BBv19Phn7oI5dDaCvaJI_6NHc3zXI" +
"5l8uouDVxsvZmruQKqVPYfK3n6m7-cUZ_dm64FKguAAXpwdSLrLe4ccOuxHXd3QNeom1dnodF0rREexk6qZEkwE_493xgAPzVEyWLa3jyVhjwmcu9hB" +
"XTfzVsVRRqF0yxtEqpHVPicluBqzSEhaIL94qahv67LEw"
func main() {
log.SetLevel(log.TraceLevel)
log.SetOutput(os.Stdout)
if err := mainCore(); err != nil {
log.Fatal(err)
}
}
func mainCore() error {
ctx := context.Background()
httpClient := http.DefaultClient
credentials, err := oauth2google.FindDefaultCredentials(ctx, "https://www.googleapis.com/auth/cloud-platform")
if err != nil {
return err
}
googleHTTPClient := oauth2.NewClient(ctx, credentials.TokenSource)
computeService, err := compute.NewService(ctx, option.WithHTTPClient(googleHTTPClient))
if err != nil {
return err
}
iamService, err := iam.NewService(ctx, option.WithHTTPClient(googleHTTPClient))
if err != nil {
return err
}
keySetProvider := jaspergoogle.CachingKeySetProvider(
jaspergoogle.DefaultCachingKeySetProviderTimeToLive,
jaspergoogle.HTTPSKeySetProvider(httpClient),
)
idVerifier, err := jaspercompute.NewInstanceIdentityVerifier(
"https://example.com/",
jaspercompute.WithAllowNonUserManagedServiceAccounts(true),
jaspercompute.WithInstanceGetter(func(ctx context.Context, project, zone, name string) (*compute.Instance, error) {
return computeService.Instances.Get(project, zone, name).Context(ctx).Do()
}),
jaspercompute.WithKeySetProvider(keySetProvider),
jaspercompute.WithServiceAccountGetter(func(ctx context.Context, name string) (*iam.ServiceAccount, error) {
return iamService.Projects.ServiceAccounts.Get(name).Context(ctx).Do()
}),
)
if err != nil {
return err
}
ret, err := idVerifier.Verify(ctx, jwtToken)
if err != nil {
return err
}
log.Infof("%+v", ret)
return nil
}