From fa06062dcd9f90db2c71e99e42bcda07cb07f8f8 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 27 Dec 2024 09:04:18 +0100
Subject: [PATCH] cas-curl to support assume

---
 bin/cas-curl | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/bin/cas-curl b/bin/cas-curl
index 41427a41..6bf351e0 100755
--- a/bin/cas-curl
+++ b/bin/cas-curl
@@ -11,13 +11,23 @@ EOF
   exit
 fi
 
+export HSADMINNG_CAS_ASSUME_HEADER
+if [ -f ~/.cas-curl-assume ]; then
+  HSADMINNG_CAS_ASSUME="$(cat ~/.cas-curl-assume)"
+else
+  HSADMINNG_CAS_ASSUME=
+fi
+
 if [ "$1" == "--trace" ]; then
   function trace() {
     echo "$*" >&2
   }
   function doCurl() {
     set -x
-    curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
+    curl --fail-with-body \
+        --header "Authorization: $HSADMINNG_CAS_TICKET" \
+        --header "assumed-roles: $HSADMINNG_CAS_ASSUME" \
+        "$@"
     set +x
   }
   shift
@@ -76,6 +86,7 @@ function casLogin() {
   if [ -z "$HSADMINNG_CAS_TGT" ]; then
     echo "ERROR: could not get ticket granting ticket" >&2
     cat ~/.cas-login-tgt.response >&2
+    exit 1
   fi
   echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
   trace "$HSADMINNG_CAS_TGT"
@@ -121,6 +132,14 @@ case "${1,,}" in
     export HSADMINNG_CAS_PASSWORD=
     casLogin
     ;;
+  "assume") # assumes the given comma-separated roles
+    shift
+    if [ -z "$1" ]; then
+      rm ~/.cas-curl-assume
+    else
+      echo "$1" >~/.cas-curl-assume
+    fi
+    ;;
   "logout") # logout, deleting ticket granting ticket
     casLogout
     ;;