Support bearer tokens for talking to GCP projects (#139)

transparency-dev · May 20, 2024 · 7754f4c · 7754f4c
1 parent c45bbe7
commit 7754f4c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/hammer/clients.go b/hammer/clients.go
@@ -211,7 +211,15 @@ func (w *LogWriter) Run(ctx context.Context) {
 		}
 		newLeaf := w.gen()
 
-		resp, err := w.hc.Post(w.u.String(), "application/octet-stream", bytes.NewReader(newLeaf))
+		req, err := http.NewRequest(http.MethodPost, w.u.String(), bytes.NewReader(newLeaf))
+		if err != nil {
+			w.errchan <- fmt.Errorf("failed to create request: %v", err)
+			continue
+		}
+		if len(*bearerToken) > 0 {
+			req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", *bearerToken))
+		}
+		resp, err := hc.Do(req.WithContext(ctx))
 		if err != nil {
 			w.errchan <- fmt.Errorf("failed to write leaf: %v", err)
 			continue

diff --git a/hammer/hammer.go b/hammer/hammer.go
@@ -38,6 +38,7 @@ import (
 
 var (
 	logURL        = flag.String("log_url", "", "Log storage root URL, e.g. https://log.server/and/path/")
+	bearerToken   = flag.String("bearer_token", "", "The bearer token for auth. For GCP this is the result of `gcloud auth print-identity-token`")
 	logPubKeyFile = flag.String("log_public_key", "", "Location of log public key file. If unset, uses the contents of the SERVERLESS_LOG_PUBLIC_KEY environment variable")
 	origin        = flag.String("origin", "", "Expected first line of checkpoints from log")
 
@@ -403,6 +404,9 @@ func readHTTP(ctx context.Context, u *url.URL) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if len(*bearerToken) > 0 {
+		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", *bearerToken))
+	}
 	resp, err := hc.Do(req.WithContext(ctx))
 	if err != nil {
 		return nil, err