From 6172cc679a71826349b603382cb18a441f16438f Mon Sep 17 00:00:00 2001
From: Greg Steuck <greg@nest.cx>
Date: Sat, 10 Jul 2021 08:51:25 -0700
Subject: dashboard/dashapi: implement client-side JWT token authorization

---
 dashboard/dashapi/dashapi.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'dashboard/dashapi/dashapi.go')

diff --git a/dashboard/dashapi/dashapi.go b/dashboard/dashapi/dashapi.go
index cdd557994..d36adaa68 100644
--- a/dashboard/dashapi/dashapi.go
+++ b/dashboard/dashapi/dashapi.go
@@ -40,8 +40,17 @@ type (
 	RequestLogger func(msg string, args ...interface{})
 )
 
+// key == "" indicates that the ambient GCE service account authority
+// should be used as a bearer token.
 func NewCustom(client, addr, key string, ctor RequestCtor, doer RequestDoer,
 	logger RequestLogger, errorHandler func(error)) (*Dashboard, error) {
+	if key == "" {
+		token, err := retrieveJwtToken(ctor, doer)
+		if err != nil {
+			return nil, err
+		}
+		doer = atachJwtToken(ctor, doer, token)
+	}
 	return &Dashboard{
 		Client:       client,
 		Addr:         addr,
-- 
cgit mrf-deployment