// doRequest makes an authenticated request to the GitHub API.
func doRequest(method, url string, body io.Reader) ([]byte, error) {
req, err := http.NewRequest(method, url, body)
if err != nil {
return nil, err
}
// These values are cached, so we can fetch them every time.
userpass, err := metadata.ProjectAttributeValue(authMetadataKey)
if err != nil {
return nil, err
}
p := strings.SplitN(userpass, ":", 2)
if len(p) != 2 {
return nil, errors.New("bad authentication data")
}
req.SetBasicAuth(p[0], p[1])
resp, err := http.DefaultClient.Do(req)
if err != nil {
return nil, err
}
respBody, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
return nil, err
}
if resp.StatusCode/100 != 2 {
return respBody, fmt.Errorf("Bad response: %v\nBody:\n%s", resp.Status, respBody)
}
return respBody, nil
}
func NewGceCloudConfig() *GceCloudConfig {
userData, err := metadata.InstanceAttributeValue("user-data")
if err != nil {
log.Errorf("Could not retrieve user-data: %s", err)
}
projectSSHKeys, err := metadata.ProjectAttributeValue("sshKeys")
if err != nil {
log.Errorf("Could not retrieve project SSH Keys: %s", err)
}
instanceSSHKeys, err := metadata.InstanceAttributeValue("sshKeys")
if err != nil {
log.Errorf("Could not retrieve instance SSH Keys: %s", err)
}
nonUserDataSSHKeysRaw := projectSSHKeys + "\n" + instanceSSHKeys
nonUserDataSSHKeys := gceSshKeyFormatter(nonUserDataSSHKeysRaw)
gceCC := &GceCloudConfig{
FileName: gceCloudConfigFile,
UserData: userData,
NonUserDataSSHKeys: nonUserDataSSHKeys,
}
return gceCC
}
func gceAttr(name string) string {
s, err := metadata.ProjectAttributeValue(name)
if err != nil {
log.Printf("error querying metadata for %q: %s", name, err)
return ""
}
return s
}
func loadMirrorCred() {
cred, err := metadata.ProjectAttributeValue("mirror-credentials")
if err != nil {
log.Printf("No mirror credentials available: %v", err)
return
}
p := strings.SplitN(strings.TrimSpace(cred), ":", 2)
if len(p) != 2 {
log.Fatalf("Bad mirror credentials: %q", cred)
}
mirrorCredCache.username, mirrorCredCache.password = p[0], p[1]
}
func checkTryBuildDeps() error {
if !hasStorageScope() {
return errors.New("coordinator's GCE instance lacks the storage service scope")
}
wr := storage.NewWriter(serviceCtx, buildLogBucket(), "hello.txt")
fmt.Fprintf(wr, "Hello, world! Coordinator start-up at %v", time.Now())
if err := wr.Close(); err != nil {
return fmt.Errorf("test write of a GCS object to bucket %q failed: %v", buildLogBucket(), err)
}
gobotPass, err := metadata.ProjectAttributeValue("gobot-password")
if err != nil {
return fmt.Errorf("failed to get project metadata 'gobot-password': %v", err)
}
gerritClient = gerrit.NewClient("https://go-review.googlesource.com",
gerrit.BasicAuth("git-gobot.golang.org", strings.TrimSpace(string(gobotPass))))
return nil
}
func loadKey() {
if *masterKeyFile != "" {
b, err := ioutil.ReadFile(*masterKeyFile)
if err != nil {
log.Fatal(err)
}
masterKeyCache = bytes.TrimSpace(b)
return
}
if *mode == "dev" {
masterKeyCache = []byte("gophers rule")
return
}
masterKey, err := metadata.ProjectAttributeValue("builder-master-key")
if err != nil {
log.Fatalf("No builder master key available: %v", err)
}
masterKeyCache = []byte(strings.TrimSpace(masterKey))
}
// validate compares the signature in the request header with the body.
func validate(r *http.Request) (body []byte, err error) {
// Decode signature header.
sigHeader := r.Header.Get("X-Hub-Signature")
sigParts := strings.SplitN(sigHeader, "=", 2)
if len(sigParts) != 2 {
return nil, fmt.Errorf("Bad signature header: %q", sigHeader)
}
var h func() hash.Hash
switch alg := sigParts[0]; alg {
case "sha1":
h = sha1.New
case "sha256":
h = sha256.New
default:
return nil, fmt.Errorf("Unsupported hash algorithm: %q", alg)
}
gotSig, err := hex.DecodeString(sigParts[1])
if err != nil {
return nil, err
}
// Compute expected signature.
key, err := metadata.ProjectAttributeValue(secretMetadataKey)
if err != nil {
return nil, err
}
body, err = ioutil.ReadAll(r.Body)
if err != nil {
return nil, err
}
mac := hmac.New(h, []byte(key))
mac.Write(body)
expectSig := mac.Sum(nil)
if !hmac.Equal(gotSig, expectSig) {
return nil, fmt.Errorf("Invalid signature %X, want %x", gotSig, expectSig)
}
return body, nil
}
func init() {
builderKey, _ = metadata.ProjectAttributeValue("builder-key")
}