From ad203603062f12b4565098fd41477c3d224d491e Mon Sep 17 00:00:00 2001 From: Trent Mick Date: Tue, 7 Jun 2016 14:19:06 -0700 Subject: [PATCH] joyent/node-triton#120 `triton -r,--role ROLE ...` to be able to take up an RBAC role --- CHANGES.md | 4 ++-- lib/cli.js | 16 ++++++++-------- lib/cloudapi2.js | 11 +++++++++++ lib/tritonapi.js | 2 ++ package.json | 2 +- 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index bfd1f45..867c827 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -5,9 +5,9 @@ Known issues: - `triton ssh ...` disables ssh ControlMaster to avoid issue #52. -## 4.11.1 (not yet released) +## 4.12.0 (not yet released) -(nothing yet) +- [#120] `triton -r,--role ROLE ...` option to take up an RBAC role(s). ## 4.11.0 diff --git a/lib/cli.js b/lib/cli.js index 0499760..d5533b8 100644 --- a/lib/cli.js +++ b/lib/cli.js @@ -115,14 +115,13 @@ var OPTIONS = [ 'or SDC_USER=USER.', helpArg: 'USER' }, - // TODO: full rbac support - //{ - // names: ['role'], - // type: 'arrayOfString', - // env: 'MANTA_ROLE', - // help: 'Assume a role. Use multiple times or once with a list', - // helpArg: 'ROLE,ROLE,...' - //}, + { + names: ['role', 'r'], + type: 'arrayOfCommaSepString', + env: 'MANTA_ROLE', + help: 'Assume an RBAC role. Use multiple times or once with a list', + helpArg: 'ROLE,ROLE,...' + }, { names: ['keyId', 'k'], type: 'string', @@ -562,6 +561,7 @@ CLI.prototype._applyProfileOverrides = [ {oname: 'account', pname: 'account'}, {oname: 'user', pname: 'user'}, + {oname: 'role', pname: 'roles'}, {oname: 'url', pname: 'url'}, {oname: 'keyId', pname: 'keyId'}, {oname: 'insecure', pname: 'insecure'}, diff --git a/lib/cloudapi2.js b/lib/cloudapi2.js index 2a26eb4..6949e56 100644 --- a/lib/cloudapi2.js +++ b/lib/cloudapi2.js @@ -67,6 +67,7 @@ var OS_PLATFORM = os.platform(); * - {String} account (required) The account login name. * - {Function} sign (required) An http-signature auth signing function * - {String} user (optional) The RBAC user login name. + * - {Array of String} roles (optional) RBAC role(s) to take up. * - {String} version (optional) Used for the accept-version header. This * defaults to '*', meaning that over time you could experience breaking * changes. Specifying a value is strongly recommended. E.g. '~7.1'. @@ -91,12 +92,14 @@ function CloudApi(options) { assert.string(options.account, 'options.account'); assert.func(options.sign, 'options.sign'); assert.optionalString(options.user, 'options.user'); + assert.optionalArrayOfString(options.roles, 'options.roles'); assert.optionalString(options.version, 'options.version'); assert.optionalObject(options.log, 'options.log'); this.url = options.url; this.account = options.account; this.user = options.user; // optional RBAC subuser + this.roles = options.roles; this.sign = options.sign; this.log = options.log || new bunyannoop.BunyanNoopLogger(); if (!options.version) { @@ -228,6 +231,14 @@ CloudApi.prototype._request = function _request(opts, cb) { break; } + if (self.roles && self.roles.length > 0) { + if (opts.path.indexOf('?') !== -1) { + opts.path += '&as-role=' + self.roles.join(','); + } else { + opts.path += '?as-role=' + self.roles.join(','); + } + } + self._getAuthHeaders(function (err, headers) { if (err) { cb(err); diff --git a/lib/tritonapi.js b/lib/tritonapi.js index e9df679..83ea8f3 100644 --- a/lib/tritonapi.js +++ b/lib/tritonapi.js @@ -177,6 +177,7 @@ TritonApi.prototype._cloudapiFromProfile = assert.string(profile.keyId, 'profile.keyId'); assert.string(profile.url, 'profile.url'); assert.optionalString(profile.user, 'profile.user'); + assert.optionalArrayOfString(profile.roles, 'profile.roles'); assert.optionalString(profile.privKey, 'profile.privKey'); assert.optionalBool(profile.insecure, 'profile.insecure'); assert.optionalString(profile.acceptVersion, 'profile.acceptVersion'); @@ -204,6 +205,7 @@ TritonApi.prototype._cloudapiFromProfile = url: profile.url, account: profile.actAsAccount || profile.account, user: profile.user, + roles: profile.roles, version: acceptVersion, rejectUnauthorized: rejectUnauthorized, sign: sign, diff --git a/package.json b/package.json index 1948f46..ee687bf 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "triton", "description": "Joyent Triton CLI and client (https://www.joyent.com/triton)", - "version": "4.11.1", + "version": "4.12.0", "author": "Joyent (joyent.com)", "dependencies": { "assert-plus": "0.2.0",