mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
get-kube-binaries: use GCE token to fetch artifacts from GCS
Change-Id: Ibbb61470d6a6bcd70b33cc326d425e3c382317cf
This commit is contained in:
parent
4f29960cb2
commit
da05effe4b
@ -143,13 +143,35 @@ function sha1sum_file() {
|
||||
fi
|
||||
}
|
||||
|
||||
# Get default service account credentials of the VM.
|
||||
GCE_METADATA_INTERNAL="http://metadata.google.internal/computeMetadata/v1/instance"
|
||||
function get-credentials {
|
||||
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/token" -H "Metadata-Flavor: Google" -s | python -c \
|
||||
'import sys; import json; print(json.loads(sys.stdin.read())["access_token"])'
|
||||
}
|
||||
|
||||
function valid-storage-scope {
|
||||
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -q "auth/devstorage"
|
||||
}
|
||||
|
||||
function download_tarball() {
|
||||
local -r download_path="$1"
|
||||
local -r file="$2"
|
||||
local trace_on="off"
|
||||
if [[ -o xtrace ]]; then
|
||||
trace_on="on"
|
||||
set +x
|
||||
fi
|
||||
url="${DOWNLOAD_URL_PREFIX}/${file}"
|
||||
mkdir -p "${download_path}"
|
||||
if [[ $(which curl) ]]; then
|
||||
curl -fL --retry 3 --keepalive-time 2 "${url}" -o "${download_path}/${file}"
|
||||
# if the url belongs to GCS API we should use oauth2_token in the headers
|
||||
local curl_headers=""
|
||||
if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } &&
|
||||
[[ "$url" =~ ^https://storage.googleapis.com.* ]] && valid-storage-scope ; then
|
||||
curl_headers="Authorization: Bearer $(get-credentials)"
|
||||
fi
|
||||
curl ${curl_headers:+-H "${curl_headers}"} -fL --retry 3 --keepalive-time 2 "${url}" -o "${download_path}/${file}"
|
||||
elif [[ $(which wget) ]]; then
|
||||
wget "${url}" -O "${download_path}/${file}"
|
||||
else
|
||||
@ -164,6 +186,9 @@ function download_tarball() {
|
||||
echo "sha1sum(${file})=${sha1sum}"
|
||||
echo
|
||||
# TODO: add actual verification
|
||||
if [[ "${trace_on}" == "on" ]]; then
|
||||
set -x
|
||||
fi
|
||||
}
|
||||
|
||||
function extract_arch_tarball() {
|
||||
|
Loading…
Reference in New Issue
Block a user