joyent/node-triton#58: triton --act-as=ACCOUNT ... for operator accounts

This commit is contained in:
Trent Mick 2015-12-02 10:52:47 -08:00
parent 5c3a4adee3
commit 4576918909
3 changed files with 17 additions and 3 deletions

View File

@ -1,7 +1,10 @@
# node-triton changelog
## 3.1.1 (not yet released)
## 3.2.0 (not yet released)
- #58 `triton --act-as=ACCOUNT ...` for an operator account to auth as
themself, but operator on another account's resources. Note that operator
accesses like this are audited on the CloudAPI server side.
- `triton --accept-version VER` hidden top-level option for development. This
allows calling the target cloudapi with the given value for the
"Accept-Version" header -- which is how CloudAPI does API versioning.

View File

@ -84,6 +84,15 @@ var OPTIONS = [
'or SDC_ACCOUNT=ACCOUNT.',
helpArg: 'ACCOUNT'
},
{
names: ['act-as'],
type: 'string',
help: 'Masquerade as the given account login name. This can only ' +
'succeed for operator accounts. Note that accesses like these ' +
'audited on the CloudAPI server side.',
helpArg: 'ACCOUNT',
hidden: true
},
{
names: ['user', 'u'],
type: 'string',
@ -271,7 +280,8 @@ CLI.prototype._applyProfileOverrides =
{oname: 'url', pname: 'url'},
{oname: 'keyId', pname: 'keyId'},
{oname: 'insecure', pname: 'insecure'},
{oname: 'accept_version', pname: 'acceptVersion'}
{oname: 'accept_version', pname: 'acceptVersion'},
{oname: 'act_as', pname: 'actAsAccount'}
].forEach(function (field) {
// We need to check `opts._order` to know if boolean opts
// were specified.

View File

@ -117,6 +117,7 @@ TritonApi.prototype._cloudapiFromProfile =
{
assert.object(profile, 'profile');
assert.string(profile.account, 'profile.account');
assert.optionalString(profile.actAsAccount, 'profile.actAsAccount');
assert.string(profile.keyId, 'profile.keyId');
assert.string(profile.url, 'profile.url');
assert.optionalString(profile.user, 'profile.user');
@ -145,7 +146,7 @@ TritonApi.prototype._cloudapiFromProfile =
}
var client = cloudapi.createClient({
url: profile.url,
account: profile.account,
account: profile.actAsAccount || profile.account,
user: profile.user,
version: acceptVersion,
rejectUnauthorized: rejectUnauthorized,