devtools: add script to curl worker
Add curl_worker.sh, which handles auth to use curl on the vuln worker.
Change-Id: I8690b62dcdfcbc5b948d52928199b52db1fa7304
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/371598
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
diff --git a/devtools/curl_worker.sh b/devtools/curl_worker.sh
new file mode 100755
index 0000000..6ee39ac
--- /dev/null
+++ b/devtools/curl_worker.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2021 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# Visit a URL on the vuln worker.
+
+set -e
+
+source devtools/lib.sh || { echo "Are you at repo root?"; exit 1; }
+
+env=$1
+path=$2
+
+case $env in
+ dev)
+ svc_acct=impersonate-for-iap@go-discovery-exp.iam.gserviceaccount.com
+ oauth_client_id=55665122702-tk2rogkaalgru7pqibvbltqs7geev8j5.apps.googleusercontent.com
+ url=https://dev-vuln-worker-ku6ias4ydq-uc.a.run.app
+ ;;
+ prod)
+ svc_acct=impersonate-for-iap@go-discovery.iam.gserviceaccount.com
+ oauth_client_id=117187402928-nl3u0qo5l2c2hhsuf2qj8irsfb3l6hfc.apps.googleusercontent.com
+ url=TDB
+ ;;
+ *) die "usage: $0 (dev | prod)"
+esac
+
+tok=$(gcloud --impersonate-service-account $svc_acct auth print-identity-token --audiences $oauth_client_id --include-email)
+
+curl -H "Authorization: Bearer $tok" $url/$path
