Skip to content

Apply suggested changes #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kelsk merged 3 commits into from
Apr 3, 2020
Merged

Apply suggested changes #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
64ab35f
Add service-to-service Node.js sample
kelsk Apr 3, 2020
86b0635
Update sample to address suggested changes
kelsk Apr 3, 2020
5132e26
Merge branch 'master' into auth
kelsk Apr 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 18 additions & 9 deletions run/authentication/auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,21 @@
// See the License for the specific language governing permissions and
// limitations under the License.

function main(receivingServiceURL = 'YOUR_RECEIVING_SERVICE_URL') {
// [START run_service_to_service_auth]
// Make sure to `npm install gcp-metadata` and `npm install got` or add the dependencies to your package.json

// Import the Metadata API
const gcpMetadata = require('gcp-metadata')
const got = require('got');

// TODO(developer): Add the URL of your receiving service
// const receivingServiceURL = 'YOUR_RECEIVING_SERVICE_URL''

const requestServiceToken = async () => {
try {

// Add the URL of your receiving service
const receivingServiceURL = ...

// Set up the metadata server request options
// See https://cloud.google.com/compute/docs/instances/verifying-instance-identity#request_signature

const metadataServerTokenPath = 'service-accounts/default/identity?audience=' + receivingServiceURL;
const tokenRequestOptions = {
headers: {
Expand All @@ -33,20 +35,27 @@ const requestServiceToken = async () => {
};

// Fetch the token and then provide it in the request to the receiving service
const tokenResponse = await gcpMetadata.instance(metadataServerTokenPath, tokenRequestOptions);
const token = await gcpMetadata.instance(metadataServerTokenPath, tokenRequestOptions);
const serviceRequestOptions = {
headers: {
'Authorization': 'bearer ' + tokenResponse
'Authorization': 'bearer ' + token

}
};

const serviceResponse = await got(receivingServiceURL, serviceRequestOptions);
res.send(serviceResponse.body);
return serviceResponse;

} catch (error) {
console.log('Metadata server could not respond to query ', error);
res.send(error);
return error;

}
};

// [END run_service_to_service_auth]

requestServiceToken();
};
main();

21 changes: 21 additions & 0 deletions run/authentication/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"name": "nodejs-auth",
"version": "1.0.0",
"description": "Cloud Run service-to-service authentication",
"main": "index.js",
"private": true,
"scripts": {
"start": "node index.js",
"test": "test"
},
"author": "krippaehne",
"license": "Apache-2.0",
"dependencies": {
"express": "^4.16.4",
"gcp-metadata": "^4.0.0",
"got": "^10.7.0"
},
"devDependencies": {
"mocha": "^7.0.0"
}
}