joyent/node-triton#58: `triton --act-as=ACCOUNT ...` for operator accounts

2015-12-02 10:52:47 -08:00 · 2015-12-02 10:52:47 -08:00 · 4576918909
parent 5c3a4adee3
commit 4576918909
3 changed files with 17 additions and 3 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,7 +1,10 @@
 # node-triton changelog

-## 3.1.1 (not yet released)
+## 3.2.0 (not yet released)

+- #58 `triton --act-as=ACCOUNT ...` for an operator account to auth as
+  themself, but operator on another account's resources. Note that operator
+  accesses like this are audited on the CloudAPI server side.
 - `triton --accept-version VER` hidden top-level option for development. This
  allows calling the target cloudapi with the given value for the
  "Accept-Version" header -- which is how CloudAPI does API versioning.
--- a/lib/cli.js
+++ b/lib/cli.js
@ -84,6 +84,15 @@ var OPTIONS = [
            'or SDC_ACCOUNT=ACCOUNT.',
        helpArg: 'ACCOUNT'
    },
+    {
+        names: ['act-as'],
+        type: 'string',
+        help: 'Masquerade as the given account login name. This can only ' +
+            'succeed for operator accounts. Note that accesses like these ' +
+            'audited on the CloudAPI server side.',
+        helpArg: 'ACCOUNT',
+        hidden: true
+    },
    {
        names: ['user', 'u'],
        type: 'string',
@ -271,7 +280,8 @@ CLI.prototype._applyProfileOverrides =
        {oname: 'url', pname: 'url'},
        {oname: 'keyId', pname: 'keyId'},
        {oname: 'insecure', pname: 'insecure'},
-        {oname: 'accept_version', pname: 'acceptVersion'}
+        {oname: 'accept_version', pname: 'acceptVersion'},
+        {oname: 'act_as', pname: 'actAsAccount'}
    ].forEach(function (field) {
        // We need to check `opts._order` to know if boolean opts
        // were specified.
--- a/lib/tritonapi.js
+++ b/lib/tritonapi.js
@ -117,6 +117,7 @@ TritonApi.prototype._cloudapiFromProfile =
 {
    assert.object(profile, 'profile');
    assert.string(profile.account, 'profile.account');
+    assert.optionalString(profile.actAsAccount, 'profile.actAsAccount');
    assert.string(profile.keyId, 'profile.keyId');
    assert.string(profile.url, 'profile.url');
    assert.optionalString(profile.user, 'profile.user');
@ -145,7 +146,7 @@ TritonApi.prototype._cloudapiFromProfile =
    }
    var client = cloudapi.createClient({
        url: profile.url,
-        account: profile.account,
+        account: profile.actAsAccount || profile.account,
        user: profile.user,
        version: acceptVersion,
        rejectUnauthorized: rejectUnauthorized,