devtools: add command for Cloud Run proxy
Add proxy_worker.sh to make it easy to start the Cloud Run
proxy for the vuln worker.
Change-Id: Idb102568bba1c86cd8f0e028d99e1c5ec4a0fe49
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/395655
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
diff --git a/devtools/curl_worker.sh b/devtools/curl_worker.sh
index f9d6181..c5cd927 100755
--- a/devtools/curl_worker.sh
+++ b/devtools/curl_worker.sh
@@ -13,24 +13,8 @@
env=$1
path=$2
-case $env in
- dev)
- svc_acct=impersonate-for-iap@go-discovery-exp.iam.gserviceaccount.com
- url=https://dev-vuln-worker-ku6ias4ydq-uc.a.run.app
- ;;
- prod)
- svc_acct=impersonate@go-vuln.iam.gserviceaccount.com
- url=https://prod-vuln-worker-cf7lo3kiaq-uc.a.run.app
- ;;
- *) die "usage: $0 (dev | prod)"
-esac
-oauth_client_id=$(tfvar ${env}_client_id)
-
-if [[ $oauth_client_id = '' ]]; then
- die "${env}_client_id is missing from your terraform.tfvars file"
-fi
-
-tok=$(gcloud --impersonate-service-account $svc_acct auth print-identity-token --audiences $oauth_client_id --include-email)
+url=$(worker_url $env)
+tok=$(impersonation_token $env)
if [[ $path = update* || $path = issue* ]]; then
args="-X POST"
diff --git a/devtools/lib.sh b/devtools/lib.sh
index 1304d3a..a71ade3 100644
--- a/devtools/lib.sh
+++ b/devtools/lib.sh
@@ -52,3 +52,34 @@
local name=$1
awk '$1 == "'$name'" { print substr($3, 2, length($3)-2) }' terraform/terraform.tfvars
}
+
+worker_url() {
+ local env=$1
+ case $env in
+ dev) echo https://dev-vuln-worker-ku6ias4ydq-uc.a.run.app;;
+ prod) echo https://prod-vuln-worker-cf7lo3kiaq-uc.a.run.app;;
+ *) die "usage: $0 (dev | prod)";;
+ esac
+}
+
+impersonation_service_account() {
+ local env=$1
+ case $env in
+ dev) echo impersonate-for-iap@go-discovery-exp.iam.gserviceaccount.com;;
+ prod) echo impersonate@go-vuln.iam.gserviceaccount.com;;
+ *) die "usage: $0 (dev | prod)";;
+ esac
+}
+
+impersonation_token() {
+ local env=$1
+ local oauth_client_id=$(tfvar ${env}_client_id)
+
+ if [[ $oauth_client_id = '' ]]; then
+ die "${env}_client_id is missing from your terraform.tfvars file"
+ fi
+ gcloud --impersonate-service-account $(impersonation_service_account $env) \
+ auth print-identity-token \
+ --audiences $oauth_client_id \
+ --include-email
+}
diff --git a/devtools/proxy_worker.sh b/devtools/proxy_worker.sh
new file mode 100755
index 0000000..ed6764a
--- /dev/null
+++ b/devtools/proxy_worker.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Copyright 2022 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# Start the cloud run proxy pointing at a worker.
+
+# To install the proxy:
+# go install github.com/GoogleCloudPlatform/cloud-run-proxy@latest
+
+set -e
+
+source devtools/lib.sh || { echo "Are you at repo root?"; exit 1; }
+
+env=$1
+
+cloud-run-proxy -host $(worker_url $env) -token $(impersonation_token $env)
