github.com/grailbio/base@v0.0.11/cmd/grail-access/ec2.go

github.com/grailbio/base@v0.0.11/cmd/grail-access/ec2.go (about)

     1  // Copyright 2018 GRAIL, Inc. All rights reserved.
     2  // Use of this source code is governed by the Apache-2.0
     3  // license that can be found in the LICENSE file.
     4  
     5  package main
     6  
     7  import (
     8  	"io/ioutil"
     9  	"net/http"
    10  	"time"
    11  
    12  	"github.com/grailbio/base/errors"
    13  	"github.com/grailbio/base/log"
    14  	"github.com/grailbio/base/security/identity"
    15  	"v.io/v23/context"
    16  	"v.io/v23/security"
    17  )
    18  
    19  const defaultEc2BlesserFlag = "/ticket-server.eng.grail.com:8102/blesser/ec2"
    20  
    21  func fetchEC2Blessings(ctx *context.T) (security.Blessings, error) {
    22  	if blesserFlag == "" {
    23  		blesserFlag = defaultEc2BlesserFlag
    24  	}
    25  	stub := identity.Ec2BlesserClient(blesserFlag)
    26  	client := http.Client{
    27  		Timeout: 5 * time.Second,
    28  	}
    29  	resp, err := client.Get(ec2InstanceIdentityFlag)
    30  	if err != nil {
    31  		return security.Blessings{}, errors.E("unable to talk to the EC2 metadata server (not an EC2 instance?)", err)
    32  	}
    33  	identityDocument, err := ioutil.ReadAll(resp.Body)
    34  	if err2 := resp.Body.Close(); err2 != nil {
    35  		log.Print("warning: ", err2)
    36  	}
    37  	log.Debug.Printf("pkcs7: %d bytes", len(identityDocument))
    38  	if err != nil {
    39  		return security.Blessings{}, err
    40  	}
    41  	return stub.BlessEc2(ctx, string(identityDocument))
    42  }