From 2d8e057118c527cc1697327db00d4006d8530b91 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 14 Jun 2018 16:48:43 +0200
Subject: feat(main): Add fetching of tokens from metadata server

---
 src/main.rs | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'src')

diff --git a/src/main.rs b/src/main.rs
index 007dd6e629b2..c6cfa8df1e76 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -14,10 +14,17 @@ mod stackdriver;
 
 use std::env;
 use std::mem;
+use std::ops::Add;
 use std::process;
 use std::time::{Duration, Instant};
 use systemd::journal::*;
 
+const METADATA_TOKEN_URL: &str = "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token";
+
+header! { (MetadataFlavor, "Metadata-Flavor") => [String] }
+
+type Result<T> = std::result::Result<T, failure::Error>;
+
 #[derive(Debug)]
 struct Record {
     message: Option<String>,
@@ -90,6 +97,38 @@ fn flush(records: Vec<Record>) {
     }
 }
 
+/// Retrieves an access token from the GCP metadata service.
+#[derive(Deserialize)]
+struct TokenResponse {
+    #[serde(rename = "type")]
+    expires_in: u64,
+    access_token: String,
+}
+
+/// Struct used to store a token together with a sensible
+/// representation of when it expires.
+struct Token {
+    token: String,
+    renew_at: Instant,
+}
+
+fn get_metadata_token(client: &reqwest::Client) -> Result<Token> {
+    let now = Instant::now();
+
+    let token: TokenResponse  = client.get(METADATA_TOKEN_URL)
+        .header(MetadataFlavor("Google".into()))
+        .send()?.json()?;
+
+    debug!("Fetched new token from metadata service");
+
+    let renew_at = now.add(Duration::from_secs(token.expires_in / 2));
+
+    Ok(Token {
+        renew_at,
+        token: token.access_token,
+    })
+}
+
 fn main () {
     env_logger::init();
 
-- 
cgit 1.4.1