From 4576918909eb2e658680d24e45ee4eba53acc770 Mon Sep 17 00:00:00 2001
From: Trent Mick <trentm@gmail.com>
Date: Wed, 2 Dec 2015 10:52:47 -0800
Subject: [PATCH] joyent/node-triton#58: `triton --act-as=ACCOUNT ...` for
 operator accounts

---
 CHANGES.md       |  5 ++++-
 lib/cli.js       | 12 +++++++++++-
 lib/tritonapi.js |  3 ++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 545bceb..c274b19 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,7 +1,10 @@
 # node-triton changelog
 
-## 3.1.1 (not yet released)
+## 3.2.0 (not yet released)
 
+- #58 `triton --act-as=ACCOUNT ...` for an operator account to auth as
+  themself, but operator on another account's resources. Note that operator
+  accesses like this are audited on the CloudAPI server side.
 - `triton --accept-version VER` hidden top-level option for development. This
   allows calling the target cloudapi with the given value for the
   "Accept-Version" header -- which is how CloudAPI does API versioning.
diff --git a/lib/cli.js b/lib/cli.js
index 5f4d401..78aad82 100644
--- a/lib/cli.js
+++ b/lib/cli.js
@@ -84,6 +84,15 @@ var OPTIONS = [
             'or SDC_ACCOUNT=ACCOUNT.',
         helpArg: 'ACCOUNT'
     },
+    {
+        names: ['act-as'],
+        type: 'string',
+        help: 'Masquerade as the given account login name. This can only ' +
+            'succeed for operator accounts. Note that accesses like these ' +
+            'audited on the CloudAPI server side.',
+        helpArg: 'ACCOUNT',
+        hidden: true
+    },
     {
         names: ['user', 'u'],
         type: 'string',
@@ -271,7 +280,8 @@ CLI.prototype._applyProfileOverrides =
         {oname: 'url', pname: 'url'},
         {oname: 'keyId', pname: 'keyId'},
         {oname: 'insecure', pname: 'insecure'},
-        {oname: 'accept_version', pname: 'acceptVersion'}
+        {oname: 'accept_version', pname: 'acceptVersion'},
+        {oname: 'act_as', pname: 'actAsAccount'}
     ].forEach(function (field) {
         // We need to check `opts._order` to know if boolean opts
         // were specified.
diff --git a/lib/tritonapi.js b/lib/tritonapi.js
index 4340aa6..1a41c99 100644
--- a/lib/tritonapi.js
+++ b/lib/tritonapi.js
@@ -117,6 +117,7 @@ TritonApi.prototype._cloudapiFromProfile =
 {
     assert.object(profile, 'profile');
     assert.string(profile.account, 'profile.account');
+    assert.optionalString(profile.actAsAccount, 'profile.actAsAccount');
     assert.string(profile.keyId, 'profile.keyId');
     assert.string(profile.url, 'profile.url');
     assert.optionalString(profile.user, 'profile.user');
@@ -145,7 +146,7 @@ TritonApi.prototype._cloudapiFromProfile =
     }
     var client = cloudapi.createClient({
         url: profile.url,
-        account: profile.account,
+        account: profile.actAsAccount || profile.account,
         user: profile.user,
         version: acceptVersion,
         rejectUnauthorized: rejectUnauthorized,