bin/cas-curl

@@ -11,13 +11,23 @@ EOF
   exit
 fi
 
+export HSADMINNG_CAS_ASSUME_HEADER
+if [ -f ~/.cas-curl-assume ]; then
+  HSADMINNG_CAS_ASSUME="$(cat ~/.cas-curl-assume)"
+else
+  HSADMINNG_CAS_ASSUME=
+fi
+
 if [ "$1" == "--trace" ]; then
   function trace() {
     echo "$*" >&2
   }
   function doCurl() {
     set -x
-    curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
+    curl --fail-with-body \
+        --header "Authorization: $HSADMINNG_CAS_TICKET" \
+        --header "assumed-roles: $HSADMINNG_CAS_ASSUME" \
+        "$@"
     set +x
   }
   shift
@@ -76,6 +86,7 @@ function casLogin() {
   if [ -z "$HSADMINNG_CAS_TGT" ]; then
     echo "ERROR: could not get ticket granting ticket" >&2
     cat ~/.cas-login-tgt.response >&2
+    exit 1
   fi
   echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
   trace "$HSADMINNG_CAS_TGT"
@@ -121,6 +132,14 @@ case "${1,,}" in
     export HSADMINNG_CAS_PASSWORD=
     casLogin
     ;;
+  "assume") # assumes the given comma-separated roles
+    shift
+    if [ -z "$1" ]; then
+      rm ~/.cas-curl-assume
+    else
+      echo "$1" >~/.cas-curl-assume
+    fi
+    ;;
   "logout") # logout, deleting ticket granting ticket
     casLogout
     ;;