diff --git a/README.md b/README.md index 8dd9093..44f7fa1 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,6 @@ r.Handle("/") - [Extending the sample](#extending-the-sample) - [Using link-local address](#using-link-local-address) - [Using domain sockets](#using-domain-sockets) -- [Running GCP ops-agent](#running-gcp-ops-agent) - [Building with Bazel](#building-with-bazel) - [Building with Kaniko](#building-with-kaniko) * [Testing](#testing) @@ -698,6 +697,7 @@ This metadata server will hash the value for the body to return and use that as Note `wait-for-change` value is not supported currently so while you can poll for etag changes, you cannot listen and hold. +Finally, since the etag is just a hash of the node, if you change a value then back again, the same etag will get returned for that node. ### Static environment variables @@ -822,81 +822,6 @@ anyway, just for fun, you can pipe a tcp socket to domain using `socat` (or vice socat TCP-LISTEN:8080,fork,reuseaddr UNIX-CONNECT:/tmp/metadata.sock ``` -#### Running GCP Ops Agent - -This emulator can also be configured to get called by the [GCP ops-agent](https://cloud.google.com/monitoring/agent/ops-agent) (see [pr/30](https://github.com/salrashid123/gce_metadata_server/pull/30)) which would otherwise only run on GCP VMs. - -Note: running the ops-agent on any other platform is really not supported (by definition) and can return unexpected data. Use with a lot of caution. - -One of the main issues with running the ops-agent off GCP is that it is by default expecting to emit data for [resource.type=gce_instance](https://cloud.google.com/monitoring/api/resources#tag_gce_instance) ([here](https://github.com/GoogleCloudPlatform/ops-agent/blob/master/confgenerator/resourcedetector/detector.go#L54)]). For true support of on-prem instances, it should emit with support for [resource.type=generic_node](https://cloud.google.com/monitoring/api/resources#tag_generic_node) and [resource.type=generice_task](https://cloud.google.com/monitoring/api/resources#tag_generic_task). Those two resource types indicate arbitrary computing environments. For background on those types, see [Writing Developer logs with Google Cloud Logging](https://blog.salrashid.dev/articles/2019/writing_developer_logs/) (again, that article is dated and probably doens't work anymore but the metrics resource types are valid). It maybe possible with the ops-agent to configure overrides it to define the `resource.type` and `labels` but i have not looked into it... - -Anyway, if you are still interested in testing, the following setup demonstrates its usage. I used qemu and debian 12 as a setup; you can use vagrant, vmware or anything else to create the vm on your laptop - -Running ops agent on local VM will require creating a service account key. - -Assign the service account the project you want to use and the iam permissions listed [here](https://cloud.google.com/logging/docs/agent/ops-agent/authorization#create-service-account). Copy the service account key into the vm. - -```bash -## i used debian12 image -wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso - -## create the disk and VM itself -qemu-img create -f qcow2 boot.img 40G -qemu-system-x86_64 -hda boot.img -net nic -net user,hostfwd=tcp::10022-:22 \ - -cpu host -smp `nproc` -cdrom debian-12.5.0-amd64-netinst.iso \ - --enable-kvm -m 2048 --vga vmware - -## ssh in; i created a user called 'sal' so i logged in with that: -ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no sal@127.0.0.1 -p 10022 - -# once on the VM, -su - -apt-get update -apt-get install curl git - -vi /etc/hosts -## set 169.254.169.254 metadata metadata.google.internal - -# create the link-local interface (note that this should not be necessary but i could not get it to work without this) -ifconfig lo:0 169.254.169.254 up - -## download the metadata server -git clone https://github.com/salrashid123/gce_metadata_server.git -cd gce_metadata_server - -# edit config.json and set service account, projectID,number - -## copy the service account key created earlier and save to /path/to/svcaccount.json - -## then start the emulator -/path/to/gce_metadata_server -logtostderr -alsologtostderr -v 40 \ - -port :80 --interface=169.254.169.254 --configFile=`pwd`/config.json \ - --serviceAccountFile=/path/to/svcaccount.json - -### now install the ops agent -# https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/installation - -# install ops-agent -curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh -sudo bash add-google-cloud-ops-agent-repo.sh --also-install - -## restart -systemctl restart google-cloud-ops-agent"*" - -systemctl status google-cloud-ops-agent"*" -``` - -note, you should be able to run the emulator on default `127.0.0.1:8080` if each service has the following env-var in its config set but i could not get it to work: - -```bash -#export SYSTEMD_EDITOR=/bin/vi -#systemctl edit google-cloud-ops-agent"*" - -# set -[Service] -Environment="GCE_METADATA_HOST=localhost:8080" -``` - #### Building with Bazel If you want to build the server using bazel (eg, [deterministic](https://github.com/salrashid123/go-grpc-bazel-docker)), diff --git a/go.mod b/go.mod index 01ecf9d..418eeed 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,8 @@ require ( github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.4.3 github.com/gorilla/mux v1.8.1 - github.com/salrashid123/golang-jwt-tpm v1.1.2 + github.com/salrashid123/golang-jwt-tpm v1.2.0 + github.com/salrashid123/oauth2/tpm v0.0.0-20240401112313-82162ccb793e golang.org/x/net v0.20.0 golang.org/x/oauth2 v0.16.0 google.golang.org/api v0.157.0 @@ -35,7 +36,6 @@ require ( github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/salrashid123/oauth2/tpm v0.0.0-20240327144837-141d9054501b // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect diff --git a/go.sum b/go.sum index cf3f254..24c5962 100644 --- a/go.sum +++ b/go.sum @@ -93,20 +93,10 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/salrashid123/golang-jwt-tpm v1.1.2 h1:Arsj8FKUb8TiNFC1bOEqfssSSWkWoNccyDsdAKG2vOg= -github.com/salrashid123/golang-jwt-tpm v1.1.2/go.mod h1:yipaLDdIYPikIhVhp4PD4x01dxTGYQFBIN3+DwHNESE= -github.com/salrashid123/oauth2/tpm v0.0.0-20231212134021-bddaa5868c39 h1:9YN49H7zMcaT/OSmDT1s6Wd/DvWro8ZSMh7dS7TXGAM= -github.com/salrashid123/oauth2/tpm v0.0.0-20231212134021-bddaa5868c39/go.mod h1:/6D4hD7O7jQA85CnIaH9Ol0eZT7oN+nLS7K6y6K6w7w= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327104110-15131c35bf9d h1:/virey7fY5tFxFFom3KHUAhhtLOnCeH2uNTjl8Gudxo= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327104110-15131c35bf9d/go.mod h1:/6D4hD7O7jQA85CnIaH9Ol0eZT7oN+nLS7K6y6K6w7w= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327122313-2a4ca40ece9c h1:HxHfwfeX1N/lOV1/Dfl4TQ7F15d5x8aELsx7LOf7jr8= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327122313-2a4ca40ece9c/go.mod h1:/6D4hD7O7jQA85CnIaH9Ol0eZT7oN+nLS7K6y6K6w7w= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327123626-f9ef3cd652dc h1:8D8jpHaqEsMpz/1m/qXPg3058cTu/tuyfV0P3zV4mM0= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327123626-f9ef3cd652dc/go.mod h1:/6D4hD7O7jQA85CnIaH9Ol0eZT7oN+nLS7K6y6K6w7w= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327124659-ff42cbc3ff0d h1:qSFT/L1rZ5GRmc/8CWeEOEyxFDXGlvGJIJXT1COEinY= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327124659-ff42cbc3ff0d/go.mod h1:/6D4hD7O7jQA85CnIaH9Ol0eZT7oN+nLS7K6y6K6w7w= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327144837-141d9054501b h1:ys/1Qirzigaw+Wl2i7Ymx1y5P7AJGfZdfbbtQPT3Vac= -github.com/salrashid123/oauth2/tpm v0.0.0-20240327144837-141d9054501b/go.mod h1:/6D4hD7O7jQA85CnIaH9Ol0eZT7oN+nLS7K6y6K6w7w= +github.com/salrashid123/golang-jwt-tpm v1.2.0 h1:TpcApZXT8ntHid9ty0wyZjkBkih+yymzSpCTDwniKB0= +github.com/salrashid123/golang-jwt-tpm v1.2.0/go.mod h1:yipaLDdIYPikIhVhp4PD4x01dxTGYQFBIN3+DwHNESE= +github.com/salrashid123/oauth2/tpm v0.0.0-20240401112313-82162ccb793e h1:4jYltQnxQQ5cNSnnU6sVsTriCkBB44zFg2uHpWnpCDw= +github.com/salrashid123/oauth2/tpm v0.0.0-20240401112313-82162ccb793e/go.mod h1:c3eO1LqrEUENBBc15rWfOveqm/sQhkMtKwgSUcNg+8c= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= diff --git a/repositories.bzl b/repositories.bzl index 8ae6605..79cb736 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -73,7 +73,7 @@ def go_repositories(): sum = "h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=", version = "v1.7.0", ) - + go_repository( name = "com_github_go_logr_logr", importpath = "github.com/go-logr/logr", @@ -246,14 +246,14 @@ def go_repositories(): go_repository( name = "com_github_salrashid123_golang_jwt_tpm", importpath = "github.com/salrashid123/golang-jwt-tpm", - sum = "h1:Arsj8FKUb8TiNFC1bOEqfssSSWkWoNccyDsdAKG2vOg=", - version = "v1.1.2", + sum = "h1:TpcApZXT8ntHid9ty0wyZjkBkih+yymzSpCTDwniKB0=", + version = "v1.2.0", ) go_repository( name = "com_github_salrashid123_oauth2_tpm", importpath = "github.com/salrashid123/oauth2/tpm", - sum = "h1:ys/1Qirzigaw+Wl2i7Ymx1y5P7AJGfZdfbbtQPT3Vac=", - version = "v0.0.0-20240327144837-141d9054501b", + sum = "h1:4jYltQnxQQ5cNSnnU6sVsTriCkBB44zFg2uHpWnpCDw=", + version = "v0.0.0-20240401112313-82162ccb793e", ) go_repository( name = "com_github_stretchr_objx", @@ -1154,4 +1154,4 @@ def go_repositories(): importpath = "go.uber.org/multierr", sum = "h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=", version = "v1.11.0", - ) + ) \ No newline at end of file