Skip to content

amlweems/local-gce-metadata

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
env.sh
env.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

local gce metadata

This tool runs a simple mirror of the GCE instance metadata server to convince the gcloud command line tool it is running in GCE. You can use this tool to pass an arbitrary bearer token to gcloud without too much trouble.

Setup

There are a few small configuration changes you'll need to make before running the metadata server. If you'd like, you can simply source env.sh before running gcloud, but the individual changes are explained below.

  1. gcloud caches its GCE detection in ~/.config/gcloud/gce. You can override this by simply writing True to that file.
$ echo -n True > ~/.config/gcloud/gce
  1. gcloud uses the metadata.google.internal hostname to access the metadata service. You can either set up DNS for this host, or simply set the GCE_METADATA_ROOT environment variable.
$ export GCE_METADATA_ROOT=127.0.0.1
  1. If you want to avoid polluting your existing config, you can set the gcloud config directory to a new temporary directory. Alternatively, you can use the --account local flag in gcloud to specify this tool's service account.
$ export CLOUDSDK_CONFIG=`mktemp -d`

Usage

$ docker build -t local-gce-metadata .
$ docker run --rm -p 80:80 local-gce-metadata -h
Usage of /local-gce-metadata:
  -account string
    	name of service account to advertise (default "local")
  -token string
    	service account bearer token

As shown above, in order to use this tool, you'll need a bearer token to serve. If you want to test this and have already authenticated to Google via gcloud auth login, you can get your own token via the following command:

$ sqlite3 ~/.config/gcloud/access_tokens.db 'SELECT access_token FROM access_tokens LIMIT 1;'
ya29.xyz...

Assuming you have such a token, you can run the server as follows:

$ docker run --rm -p 80:80 local-gce-metadata -token ya29.xyz...
2020/04/02 20:37:57 172.17.0.1:48950 GET /computeMetadata/v1/instance/service-accounts/ - Python-urllib/2.7
2020/04/02 20:37:57 172.17.0.1:48954 GET /computeMetadata/v1/instance/service-accounts/local/?recursive=True - gcloud/272.0.0...
2020/04/02 20:37:57 172.17.0.1:48954 GET /computeMetadata/v1/instance/service-accounts/local/token - gcloud/272.0.0...
$ gcloud --account local projects list
PROJECT_ID      NAME            PROJECT_NUMBER
wizardly_knuth  wizardly_knuth  1234567890

About

local facade for the gce instance metadata service

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages