// doRequest makes an authenticated request to the GitHub API. func doRequest(method, url string, body io.Reader) ([]byte, error) { req, err := http.NewRequest(method, url, body) if err != nil { return nil, err } // These values are cached, so we can fetch them every time. userpass, err := metadata.ProjectAttributeValue(authMetadataKey) if err != nil { return nil, err } p := strings.SplitN(userpass, ":", 2) if len(p) != 2 { return nil, errors.New("bad authentication data") } req.SetBasicAuth(p[0], p[1]) resp, err := http.DefaultClient.Do(req) if err != nil { return nil, err } respBody, err := ioutil.ReadAll(resp.Body) resp.Body.Close() if err != nil { return nil, err } if resp.StatusCode/100 != 2 { return respBody, fmt.Errorf("Bad response: %v\nBody:\n%s", resp.Status, respBody) } return respBody, nil }
func NewGceCloudConfig() *GceCloudConfig { userData, err := metadata.InstanceAttributeValue("user-data") if err != nil { log.Errorf("Could not retrieve user-data: %s", err) } projectSSHKeys, err := metadata.ProjectAttributeValue("sshKeys") if err != nil { log.Errorf("Could not retrieve project SSH Keys: %s", err) } instanceSSHKeys, err := metadata.InstanceAttributeValue("sshKeys") if err != nil { log.Errorf("Could not retrieve instance SSH Keys: %s", err) } nonUserDataSSHKeysRaw := projectSSHKeys + "\n" + instanceSSHKeys nonUserDataSSHKeys := gceSshKeyFormatter(nonUserDataSSHKeysRaw) gceCC := &GceCloudConfig{ FileName: gceCloudConfigFile, UserData: userData, NonUserDataSSHKeys: nonUserDataSSHKeys, } return gceCC }
func gceAttr(name string) string { s, err := metadata.ProjectAttributeValue(name) if err != nil { log.Printf("error querying metadata for %q: %s", name, err) return "" } return s }
func loadMirrorCred() { cred, err := metadata.ProjectAttributeValue("mirror-credentials") if err != nil { log.Printf("No mirror credentials available: %v", err) return } p := strings.SplitN(strings.TrimSpace(cred), ":", 2) if len(p) != 2 { log.Fatalf("Bad mirror credentials: %q", cred) } mirrorCredCache.username, mirrorCredCache.password = p[0], p[1] }
func checkTryBuildDeps() error { if !hasStorageScope() { return errors.New("coordinator's GCE instance lacks the storage service scope") } wr := storage.NewWriter(serviceCtx, buildLogBucket(), "hello.txt") fmt.Fprintf(wr, "Hello, world! Coordinator start-up at %v", time.Now()) if err := wr.Close(); err != nil { return fmt.Errorf("test write of a GCS object to bucket %q failed: %v", buildLogBucket(), err) } gobotPass, err := metadata.ProjectAttributeValue("gobot-password") if err != nil { return fmt.Errorf("failed to get project metadata 'gobot-password': %v", err) } gerritClient = gerrit.NewClient("https://go-review.googlesource.com", gerrit.BasicAuth("git-gobot.golang.org", strings.TrimSpace(string(gobotPass)))) return nil }
func loadKey() { if *masterKeyFile != "" { b, err := ioutil.ReadFile(*masterKeyFile) if err != nil { log.Fatal(err) } masterKeyCache = bytes.TrimSpace(b) return } if *mode == "dev" { masterKeyCache = []byte("gophers rule") return } masterKey, err := metadata.ProjectAttributeValue("builder-master-key") if err != nil { log.Fatalf("No builder master key available: %v", err) } masterKeyCache = []byte(strings.TrimSpace(masterKey)) }
// validate compares the signature in the request header with the body. func validate(r *http.Request) (body []byte, err error) { // Decode signature header. sigHeader := r.Header.Get("X-Hub-Signature") sigParts := strings.SplitN(sigHeader, "=", 2) if len(sigParts) != 2 { return nil, fmt.Errorf("Bad signature header: %q", sigHeader) } var h func() hash.Hash switch alg := sigParts[0]; alg { case "sha1": h = sha1.New case "sha256": h = sha256.New default: return nil, fmt.Errorf("Unsupported hash algorithm: %q", alg) } gotSig, err := hex.DecodeString(sigParts[1]) if err != nil { return nil, err } // Compute expected signature. key, err := metadata.ProjectAttributeValue(secretMetadataKey) if err != nil { return nil, err } body, err = ioutil.ReadAll(r.Body) if err != nil { return nil, err } mac := hmac.New(h, []byte(key)) mac.Write(body) expectSig := mac.Sum(nil) if !hmac.Equal(gotSig, expectSig) { return nil, fmt.Errorf("Invalid signature %X, want %x", gotSig, expectSig) } return body, nil }
func init() { builderKey, _ = metadata.ProjectAttributeValue("builder-key") }