func checkFlags(onGCE bool) error {
if !onGCE {
if *instanceSrc != "" {
return errors.New("-instances_metadata unsupported outside of Google Compute Engine")
}
return nil
}
if *token != "" || *tokenFile != "" || os.Getenv("GOOGLE_APPLICATION_CREDENTIALS") != "" {
return nil
}
scopes, err := metadata.Scopes("default")
if err != nil {
if _, ok := err.(metadata.NotDefinedError); ok {
return errors.New("no service account found for this Compute Engine VM. " + accountErrorSuffix)
}
return fmt.Errorf("error checking scopes: %T %v | %+v", err, err, err)
}
ok := false
for _, sc := range scopes {
if sc == SQLScope || sc == "https://www.googleapis.com/auth/cloud-platform" {
ok = true
break
}
}
if !ok {
return errors.New(`the default Compute Engine service account is not configured with sufficient permissions to access the Cloud SQL API from this VM. ` + accountErrorSuffix)
}
return nil
}
// LogWriter returns an environment-specific io.Writer suitable for passing
// to log.SetOutput. It will also include writing to os.Stderr as well.
func LogWriter() (w io.Writer) {
w = os.Stderr
if !env.OnGCE() {
return
}
projID, err := metadata.ProjectID()
if projID == "" {
log.Printf("Error getting project ID: %v", err)
return
}
scopes, _ := metadata.Scopes("default")
haveScope := func(scope string) bool {
for _, x := range scopes {
if x == scope {
return true
}
}
return false
}
if !haveScope(logging.Scope) {
log.Printf("when this Google Compute Engine VM instance was created, it wasn't granted enough access to use Google Cloud Logging (Scope URL: %v).", logging.Scope)
return
}
logc, err := logging.NewClient(context.Background(), projID, "camlistored-stderr")
if err != nil {
log.Printf("Error creating Google logging client: %v", err)
return
}
return io.MultiWriter(w, logc.Writer(logging.Debug))
}
// NewServiceClient returns a Client for use when running on Google
// Compute Engine. This client can access buckets owned by the same
// project ID as the VM.
func NewServiceClient() (*Client, error) {
if !metadata.OnGCE() {
return nil, errors.New("not running on Google Compute Engine")
}
scopes, _ := metadata.Scopes("default")
haveScope := func(scope string) bool {
for _, x := range scopes {
if x == scope {
return true
}
}
return false
}
if !haveScope("https://www.googleapis.com/auth/devstorage.full_control") &&
!haveScope("https://www.googleapis.com/auth/devstorage.read_write") {
return nil, errors.New("when this Google Compute Engine VM instance was created, it wasn't granted access to Cloud Storage")
}
client := oauth2.NewClient(context.Background(), google.ComputeTokenSource(""))
service, _ := api.New(client)
return &Client{client: client, service: service}, nil
}