joyent/node-triton#120 triton -r,--role ROLE ... to be able to take up an RBAC role

This commit is contained in:
Trent Mick 2016-06-07 14:19:06 -07:00
parent 9b099a91e9
commit ad20360306
5 changed files with 24 additions and 11 deletions

View File

@ -5,9 +5,9 @@ Known issues:
- `triton ssh ...` disables ssh ControlMaster to avoid issue #52.
## 4.11.1 (not yet released)
## 4.12.0 (not yet released)
(nothing yet)
- [#120] `triton -r,--role ROLE ...` option to take up an RBAC role(s).
## 4.11.0

View File

@ -115,14 +115,13 @@ var OPTIONS = [
'or SDC_USER=USER.',
helpArg: 'USER'
},
// TODO: full rbac support
//{
// names: ['role'],
// type: 'arrayOfString',
// env: 'MANTA_ROLE',
// help: 'Assume a role. Use multiple times or once with a list',
// helpArg: 'ROLE,ROLE,...'
//},
{
names: ['role', 'r'],
type: 'arrayOfCommaSepString',
env: 'MANTA_ROLE',
help: 'Assume an RBAC role. Use multiple times or once with a list',
helpArg: 'ROLE,ROLE,...'
},
{
names: ['keyId', 'k'],
type: 'string',
@ -562,6 +561,7 @@ CLI.prototype._applyProfileOverrides =
[
{oname: 'account', pname: 'account'},
{oname: 'user', pname: 'user'},
{oname: 'role', pname: 'roles'},
{oname: 'url', pname: 'url'},
{oname: 'keyId', pname: 'keyId'},
{oname: 'insecure', pname: 'insecure'},

View File

@ -67,6 +67,7 @@ var OS_PLATFORM = os.platform();
* - {String} account (required) The account login name.
* - {Function} sign (required) An http-signature auth signing function
* - {String} user (optional) The RBAC user login name.
* - {Array of String} roles (optional) RBAC role(s) to take up.
* - {String} version (optional) Used for the accept-version header. This
* defaults to '*', meaning that over time you could experience breaking
* changes. Specifying a value is strongly recommended. E.g. '~7.1'.
@ -91,12 +92,14 @@ function CloudApi(options) {
assert.string(options.account, 'options.account');
assert.func(options.sign, 'options.sign');
assert.optionalString(options.user, 'options.user');
assert.optionalArrayOfString(options.roles, 'options.roles');
assert.optionalString(options.version, 'options.version');
assert.optionalObject(options.log, 'options.log');
this.url = options.url;
this.account = options.account;
this.user = options.user; // optional RBAC subuser
this.roles = options.roles;
this.sign = options.sign;
this.log = options.log || new bunyannoop.BunyanNoopLogger();
if (!options.version) {
@ -228,6 +231,14 @@ CloudApi.prototype._request = function _request(opts, cb) {
break;
}
if (self.roles && self.roles.length > 0) {
if (opts.path.indexOf('?') !== -1) {
opts.path += '&as-role=' + self.roles.join(',');
} else {
opts.path += '?as-role=' + self.roles.join(',');
}
}
self._getAuthHeaders(function (err, headers) {
if (err) {
cb(err);

View File

@ -177,6 +177,7 @@ TritonApi.prototype._cloudapiFromProfile =
assert.string(profile.keyId, 'profile.keyId');
assert.string(profile.url, 'profile.url');
assert.optionalString(profile.user, 'profile.user');
assert.optionalArrayOfString(profile.roles, 'profile.roles');
assert.optionalString(profile.privKey, 'profile.privKey');
assert.optionalBool(profile.insecure, 'profile.insecure');
assert.optionalString(profile.acceptVersion, 'profile.acceptVersion');
@ -204,6 +205,7 @@ TritonApi.prototype._cloudapiFromProfile =
url: profile.url,
account: profile.actAsAccount || profile.account,
user: profile.user,
roles: profile.roles,
version: acceptVersion,
rejectUnauthorized: rejectUnauthorized,
sign: sign,

View File

@ -1,7 +1,7 @@
{
"name": "triton",
"description": "Joyent Triton CLI and client (https://www.joyent.com/triton)",
"version": "4.11.1",
"version": "4.12.0",
"author": "Joyent (joyent.com)",
"dependencies": {
"assert-plus": "0.2.0",