Allow authentication with client credentials.

cloudfoundry-community · Apr 27, 2018 · 5cf2286 · 5cf2286
1 parent 79636b6
commit 5cf2286
Show file tree

Hide file tree

Showing 6 changed files with 65 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -5,10 +5,14 @@ Cloud Foundry deployment.
 
 ## Source Configuration
 
+Note: you must provide either `username` and `password` or `client_id` and `client_secret`.
+
 * `api`: *Required.* The address of the Cloud Controller in the Cloud Foundry
   deployment.
-* `username`: *Required.* The username used to authenticate.
-* `password`: *Required.* The password used to authenticate.
+* `username`: *Optional.* The username used to authenticate.
+* `password`: *Optional.* The password used to authenticate.
+* `client_id`: *Optional.* The client id used to authenticate.
+* `client_secret`: *Optional.* The client secret used to authenticate.
 * `organization`: *Required.* The organization to push the application to.
 * `space`: *Required.* The space to push the application to.
 * `skip_cert_check`: *Optional.* Check the validity of the CF SSL cert.

diff --git a/models.go b/models.go
@@ -6,6 +6,8 @@ type Source struct {
 	API           string `json:"api"`
 	Username      string `json:"username"`
 	Password      string `json:"password"`
+	ClientID      string `json:"client_id"`
+	ClientSecret  string `json:"client_secret"`
 	Organization  string `json:"organization"`
 	Space         string `json:"space"`
 	SkipCertCheck bool   `json:"skip_cert_check"`

diff --git a/out/cloud_foundry.go b/out/cloud_foundry.go
@@ -7,7 +7,7 @@ import (
 
 //go:generate counterfeiter . PAAS
 type PAAS interface {
-	Login(api string, username string, password string, insecure bool) error
+	Login(api string, username string, password string, clientID string, clientSecret string, insecure bool) error
 	Target(organization string, space string) error
 	PushApp(manifest string, path string, currentAppName string, dockerUser string, showLogs bool) error
 }
@@ -20,7 +20,7 @@ func NewCloudFoundry(verbose bool) *CloudFoundry {
 	return &CloudFoundry{verbose}
 }
 
-func (cf *CloudFoundry) Login(api string, username string, password string, insecure bool) error {
+func (cf *CloudFoundry) Login(api string, username string, password string, clientID string, clientSecret string, insecure bool) error {
 	args := []string{"api", api}
 	if insecure {
 		args = append(args, "--skip-ssl-validation")
@@ -31,6 +31,9 @@ func (cf *CloudFoundry) Login(api string, username string, password string, inse
 		return err
 	}
 
+	if clientID != "" && clientSecret != "" {
+		return cf.cf("auth", "--client-credentials", clientID, clientSecret).Run()
+	}
 	return cf.cf("auth", username, password).Run()
 }
 

diff --git a/out/command.go b/out/command.go
@@ -25,6 +25,8 @@ func (command *Command) Run(request Request) (Response, error) {
 		request.Source.API,
 		request.Source.Username,
 		request.Source.Password,
+		request.Source.ClientID,
+		request.Source.ClientSecret,
 		request.Source.SkipCertCheck,
 	)
 	if err != nil {

diff --git a/out/command_test.go b/out/command_test.go
@@ -63,10 +63,12 @@ var _ = Describe("Out Command", func() {
 			By("logging in")
 			Expect(cloudFoundry.LoginCallCount()).To(Equal(1))
 
-			api, username, password, insecure := cloudFoundry.LoginArgsForCall(0)
+			api, username, password, clientID, clientSecret, insecure := cloudFoundry.LoginArgsForCall(0)
 			Expect(api).To(Equal("https://api.run.pivotal.io"))
 			Expect(username).To(Equal("awesome@example.com"))
 			Expect(password).To(Equal("hunter2"))
+			Expect(clientID).To(Equal(""))
+			Expect(clientSecret).To(Equal(""))
 			Expect(insecure).To(Equal(false))
 
 			By("targetting the organization and space")
@@ -197,10 +199,37 @@ var _ = Describe("Out Command", func() {
 			By("logging in")
 			Expect(cloudFoundry.LoginCallCount()).To(Equal(1))
 
-			_, _, _, insecure := cloudFoundry.LoginArgsForCall(0)
+			_, _, _, _, _, insecure := cloudFoundry.LoginArgsForCall(0)
 			Expect(insecure).To(Equal(true))
 		})
 
+		It("lets users authenticate with client credentials", func() {
+			request = out.Request{
+				Source: resource.Source{
+					API:          "https://api.run.pivotal.io",
+					ClientID:     "awesome",
+					ClientSecret: "hunter2",
+					Organization: "secret",
+					Space:        "volcano-base",
+				},
+				Params: out.Params{
+					ManifestPath: "a/path/to/a/manifest.yml",
+				},
+			}
+
+			_, err := command.Run(request)
+			Expect(err).NotTo(HaveOccurred())
+
+			By("logging in")
+			Expect(cloudFoundry.LoginCallCount()).To(Equal(1))
+
+			_, username, password, clientID, clientSecret, _ := cloudFoundry.LoginArgsForCall(0)
+			Expect(username).To(Equal(""))
+			Expect(password).To(Equal(""))
+			Expect(clientID).To(Equal("awesome"))
+			Expect(clientSecret).To(Equal("hunter2"))
+		})
+
 		It("lets people do a zero downtime deploy", func() {
 			request = out.Request{
 				Source: resource.Source{

diff --git a/out/outfakes/fake_paas.go b/out/outfakes/fake_paas.go