Package gcemeta implements a subset of GCE metadata server protocol.

It can be used to "trick" Go and Python libraries that use Application Default Credentials into believing they run on GCE so that they request OAuth2 tokens via GCE metadata server (which is implemented by us here).

The implemented subset of the protocol is very limited. Only a few endpoints commonly used to bootstrap GCE auth are supported, and their response format is not tweakable (i.e. alt=json or alt=text have no effect).



This section is empty.


This section is empty.


This section is empty.


type Server

type Server struct {
	// Generator is used to obtain OAuth2 and ID tokens.
	Generator TokenGenerator
	// Email is the email associated with generated tokens.
	Email string
	// Scopes is a list of scopes to put into generated OAuth2 tokens.
	Scopes []string
	// MinTokenLifetime is a minimum lifetime left in returned tokens.
	MinTokenLifetime time.Duration
	// Port is a local TCP port to bind to or 0 to allow the OS to pick one.
	Port int
	// contains filtered or unexported fields

Server runs a local fake GCE metadata server.

func (*Server) Start

func (s *Server) Start(ctx context.Context) (string, error)

Start launches background goroutine with the serving loop.

The provided context is used as base context for request handlers and for logging. The server must be eventually stopped with Stop().

Returns "host:port" address of the launched metadata server.

func (*Server) Stop

func (s *Server) Stop(ctx context.Context) error

Stop closes the listening socket, notifies pending requests to abort and stops the internal serving goroutine.

Safe to call multiple times. Once stopped, the server cannot be started again (make a new instance of Server instead).

Uses the given context for the deadline when waiting for the serving loop to stop.

type TokenGenerator

type TokenGenerator interface {
	// GenerateOAuthToken returns an access token for a combination of scopes.
	GenerateOAuthToken(ctx context.Context, scopes []string, lifetime time.Duration) (*oauth2.Token, error)
	// GenerateIDToken returns an ID token with the given audience in `aud` claim.
	GenerateIDToken(ctx context.Context, audience string, lifetime time.Duration) (*oauth2.Token, error)

TokenGenerator produces access and ID tokens.

The canonical implementation is &auth.TokenGenerator{}.

Source Files