// LogWriter returns an environment-specific io.Writer suitable for passing
// to log.SetOutput. It will also include writing to os.Stderr as well.
func LogWriter() (w io.Writer) {
w = os.Stderr
if !env.OnGCE() {
return
}
projID, err := metadata.ProjectID()
if projID == "" {
log.Printf("Error getting project ID: %v", err)
return
}
scopes, _ := metadata.Scopes("default")
haveScope := func(scope string) bool {
for _, x := range scopes {
if x == scope {
return true
}
}
return false
}
if !haveScope(logging.Scope) {
log.Printf("when this Google Compute Engine VM instance was created, it wasn't granted enough access to use Google Cloud Logging (Scope URL: %v).", logging.Scope)
return
}
logc, err := logging.NewClient(context.Background(), projID, "camlistored-stderr")
if err != nil {
log.Printf("Error creating Google logging client: %v", err)
return
}
return io.MultiWriter(w, logc.Writer(logging.Debug))
}
// NewGCETokenProvider returns TokenProvider that knows how to use GCE metadata server.
func NewGCETokenProvider(account string, scopes []string) (TokenProvider, error) {
// Ensure account has requested scopes.
availableScopes, err := metadata.Scopes(account)
if err != nil {
return nil, err
}
for requested := range scopes {
ok := false
for available := range availableScopes {
if requested == available {
ok = true
break
}
}
if !ok {
return nil, ErrInsufficientAccess
}
}
return &gceTokenProvider{
oauthTokenProvider: oauthTokenProvider{
interactive: false,
tokenFlavor: "gce",
},
account: account,
}, nil
}
func hasScope(want string) bool {
if !metadata.OnGCE() {
return false
}
scopes, err := metadata.Scopes("default")
if err != nil {
log.Printf("failed to query metadata default scopes: %v", err)
return false
}
for _, v := range scopes {
if v == want {
return true
}
}
return false
}
// NewServiceClient returns a Client for use when running on Google
// Compute Engine. This client can access buckets owned by the same
// project ID as the VM.
func NewServiceClient() (*Client, error) {
if !metadata.OnGCE() {
return nil, errors.New("not running on Google Compute Engine")
}
scopes, _ := metadata.Scopes("default")
haveScope := func(scope string) bool {
for _, x := range scopes {
if x == scope {
return true
}
}
return false
}
if !haveScope("https://www.googleapis.com/auth/devstorage.full_control") &&
!haveScope("https://www.googleapis.com/auth/devstorage.read_write") {
return nil, errors.New("when this Google Compute Engine VM instance was created, it wasn't granted access to Cloud Storage")
}
client := oauth2.NewClient(context.Background(), google.ComputeTokenSource(""))
service, _ := api.New(client)
return &Client{client: client, service: service}, nil
}