vcs-test: fix deployment and systemd socket association

Quoting https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances
under "Best Practices":

> Grant the instance the https://www.googleapis.com/auth/cloud-platform
> scope to allow full access to all Google Cloud APIs, so that the IAM
> permissions of the instance are completely determined by the IAM roles
> of the service account.

Updates golang/go#27127

Change-Id: Icceb3b17a12223199efd67d27f6bca2b71f8fadc
Reviewed-on: https://go-review.googlesource.com/130475
Reviewed-by: Andrew Bonventre <[email protected]>
Reviewed-by: Brad Fitzpatrick <[email protected]>

Author: FiloSottile

vcs-test/rebuild-server.sh

@@ -11,6 +11,7 @@ gcloud compute instances create vcs-test --zone=us-central1-a \
 	--image-project debian-cloud --image-family debian-9 \
 	--machine-type n1-standard-1 \
 	--service-account=vcs-test@symbolic-datum-552.iam.gserviceaccount.com \
+	--scopes cloud-platform \
 	--tags=allow-ssh,http-server,https-server
 
 while sleep 5 && ! gcloud compute ssh vcs-test -- date; do
@@ -20,7 +21,7 @@ done
 gcloud compute ssh vcs-test -- sudo -n bash -c \''
 	mkdir -p /home/vcweb/svn
 	chown -R uucp:uucp /home/vcweb
-	chown -R 777 /home/vcweb
+	chmod -R 777 /home/vcweb
 	apt-get update
 	apt-get install -y mercurial fossil bzr git apache2 ed subversion libapache2-mod-svn
 	perl -pie 's/80/8888/' /etc/apache2/ports.conf

vcs-test/redeploy-vcweb.sh

@@ -6,13 +6,14 @@
 set -e
 
 info="$USER $(date)"
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build "-ldflags=\"-X=main.buildInfo=$info\"" -o vcweb.exe ./vcweb
+GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build "-ldflags=\"-X=main.buildInfo=$info\"" -o vcweb.exe ./vcweb
 trap "rm -f vcweb.exe" EXIT
 
 gcloud beta compute scp vcweb.exe vcs-test:
 
 gcloud compute ssh vcs-test -- sudo -n bash -c \''
 	mv vcweb.exe /usr/bin/vcweb
+	chmod a+rx /usr/bin/vcweb
 	systemctl restart vcweb.service
 	systemctl status -l vcweb.service
 '\'

vcs-test/vcweb/main.go

@@ -69,17 +69,12 @@ func main() {
 	handler := logger(http.HandlerFunc(loadAndHandle))
 
 	// If running under systemd, listen on 80 and 443 and serve TLS.
-	if listeners, _ := activation.Listeners(); len(listeners) == 2 {
-		// Want listeners[0] is port 80, listeners[1] is port 443.
-		// There's no guaranteed order of the listeners!
-		// Sometimes we get 80, 443; other times we get 443, 80.
-		names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")
-		if strings.Contains(names[0], "https") {
-			listeners[0], listeners[1] = listeners[1], listeners[0]
-		}
+	if listeners, _ := activation.ListenersWithNames(); len(listeners) == 2 {
+		httpListener := listeners["vcweb-http.socket"][0]
+		httpsListener := listeners["vcweb-https.socket"][0]
 
 		go func() {
-			log.Fatal(http.Serve(listeners[0], handler))
+			log.Fatal(http.Serve(httpListener, handler))
 		}()
 		dir := acme.LetsEncryptURL
 		if *staging {
@@ -115,7 +110,7 @@ func main() {
 				daemon.SdNotify(false, "WATCHDOG=1")
 			}
 		}()
-		log.Fatal(s.ServeTLS(listeners[1], "", ""))
+		log.Fatal(s.ServeTLS(httpsListener, "", ""))
 	}
 
 	// Local development on :8088.