Add support for specifying a sudo token user (!23) · Merge requests · Warren Gifford / src-cli

Warren Gifford requested to merge github/fork/mdaniel/issue-3 into master Oct 05, 2018

Created by: mdaniel

Adds another top-level field to the src-config.json entitled "runAs" that serves as both the username as whom the request will run, and therefore also marks the access token as a sudo token. Currently, if "runAs" is provided but the token is not actually a sudo token, it will end pretty much as poorly as one might expect

I didn't add any additional sanity checking because the original code didn't have any, but I am cognizant that it appears the cli is currently using the deserialized string as is, surfacing header injection attacks if the config payload is untrusted.

fixes: #3

cc: @nicksnyder (less code than #22 but this one is an actual feature, and (heh) was requested, so that might help you more)

Add support for specifying a sudo token user

Merge request reports