Fix oauth2 service by removing old uaa client lib

Change-Id: Ifd915b653a8aeddfb3e3a26b03056ecae9a96f8a

oauth2/Gemfile

@@ -6,12 +6,11 @@ gem 'vcap_logging', :require => ['vcap/logging'], :git => 'git://github.com/clou
 gem 'vcap_services_base', :git => 'git://github.com/cloudfoundry/vcap-services-base.git', :ref => 'ae094cb53'
 gem 'warden-client', :require => ['warden/client'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => 'fe6cb51'
 gem 'warden-protocol', :require => ['warden/protocol'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => 'fe6cb51'
-gem 'cf-uaa-client', :git => 'git://github.com/cloudfoundry/uaa.git', :ref => 'master'
+gem 'cf-uaa-lib', '>= 1.3.4', "<= 1.3.4"
 
 group :test do
   gem "rake"
   gem "rspec"
-  gem "rcov"
   gem "simplecov"
   gem "simplecov-rcov"
   gem "ci_reporter"

oauth2/Gemfile.lock

@@ -13,19 +13,6 @@ GIT
   specs:
     eventmachine (0.12.11.cloudfoundry.3)
 
-GIT
-  remote: git://github.com/cloudfoundry/uaa.git
-  revision: 2bdf250144723ab572626d4b6c3535a16fb5470a
-  ref: master
-  specs:
-    cf-uaa-client (1.2.5)
-      em-http-request (>= 1.0.0.beta.3)
-      eventmachine
-      highline
-      launchy
-      rest-client
-      yajl-ruby
-
 GIT
   remote: git://github.com/cloudfoundry/vcap-common.git
   revision: fd6b6d91b19c551cf5091c8469595df923dd2612
@@ -86,10 +73,10 @@ GEM
     addressable (2.2.8)
     bcrypt-ruby (2.1.4)
     beefcake (0.3.7)
-    builder (3.1.3)
+    builder (3.1.4)
     cf-uaa-lib (1.3.4)
       multi_json
-    ci_reporter (1.7.2)
+    ci_reporter (1.8.3)
       builder (>= 2.1.2)
     curb (0.7.18)
     daemons (1.1.9)
@@ -142,28 +129,24 @@ GEM
       eventmachine
     eventmachine_httpserver (0.2.1)
     fastercsv (1.5.5)
-    highline (1.6.15)
     http_parser.rb (0.5.3)
-    httpclient (2.3.0.1)
+    httpclient (2.3.2)
     json (1.4.6)
-    json_pure (1.7.5)
-    launchy (2.1.0)
-      addressable (~> 2.2.6)
+    json_pure (1.7.6)
     macaddr (1.6.1)
       systemu (~> 2.5.0)
     membrane (0.0.2)
     mime-types (1.19)
-    multi_json (1.3.7)
+    multi_json (1.5.0)
     multipart-post (1.1.5)
     nats (0.4.24)
       daemons (>= 1.1.5)
       eventmachine (>= 0.12.10)
       json_pure (>= 1.7.3)
       thin (>= 1.3.1)
     posix-spawn (0.3.6)
-    rack (1.4.1)
-    rake (0.9.2.2)
-    rcov (0.9.9)
+    rack (1.4.4)
+    rake (10.0.3)
     redis (3.0.2)
     redis-namespace (1.2.1)
       redis (~> 3.0.0)
@@ -179,22 +162,20 @@ GEM
       redisk (>= 0.2.1)
       resque (~> 1.19)
       uuid (~> 2.3)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    rspec (2.10.0)
-      rspec-core (~> 2.10.0)
-      rspec-expectations (~> 2.10.0)
-      rspec-mocks (~> 2.10.0)
-    rspec-core (2.10.1)
-    rspec-expectations (2.10.0)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.2)
+    rspec-expectations (2.12.1)
       diff-lcs (~> 1.1.3)
-    rspec-mocks (2.10.1)
+    rspec-mocks (2.12.1)
     ruby-hmac (0.4.0)
     rubyzip (0.9.9)
-    simplecov (0.6.4)
+    simplecov (0.7.1)
       multi_json (~> 1.0)
-      simplecov-html (~> 0.5.3)
-    simplecov-html (0.5.3)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
     simplecov-rcov (0.2.3)
       simplecov (>= 0.4.1)
     sinatra (1.2.8)
@@ -218,11 +199,10 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  cf-uaa-client!
+  cf-uaa-lib (>= 1.3.4, <= 1.3.4)
   ci_reporter
   eventmachine!
   rake
-  rcov
   rspec
   simplecov
   simplecov-rcov

oauth2/README.md

@@ -121,17 +121,30 @@ The standard `uaa.yml` would have:
 
 A BOSH manifest would have something like this:
 
-    clients:
-      oauth2service:
-        secret: oauth2servicesecret
-        scope: openid,cloud_controller.read,cloud_controller.write
-        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
-        authorized-grant-types: client_credentials,implicit
-        redirect-uri: http://uaa.cloudfoundry.com/redirect/oauth2service # can be anything
-        override: true
-    client:
-      autoapprove:
-        - vmc
-        - dashboard
-        - oauth2service
-        # ... others
+    - name: oauth2_gateway
+      template: oauth2_gateway
+      instances: 1
+      resource_pool: infrastructure
+      networks:
+      - name: default
+
+and properties like this:
+
+      oauth2_gateway:
+        token: 3735928559
+
+      uaa:
+        # ...
+        clients:
+          oauth2service:
+            secret: oauth2servicesecret
+            scope: openid,cloud_controller.read,cloud_controller.write
+            authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+            authorized-grant-types: client_credentials,implicit
+            redirect-uri: http://uaa.cloudfoundry.com/redirect/oauth2service # can be anything
+            override: true
+        autoapprove:
+          - vmc
+          - dashboard
+          - oauth2service
+          # ... others

oauth2/lib/service/provisioner.rb

@@ -12,13 +12,15 @@
 #++
 
 require 'uaa/token_issuer'
-require 'uaa/client_reg'
+require 'uaa/scim'
 
 module CF::UAA::OAuth2Service
 end
 
 class CF::UAA::OAuth2Service::Provisioner < VCAP::Services::Base::Provisioner
 
+  include CF::UAA::Http
+
   DEFAULT_UAA_URL = "http://uaa.vcap.me"
   DEFAULT_LOGIN_URL = "http://uaa.vcap.me"
   DEFAULT_CLOUD_CONTROLLER_URL = "http://api.vcap.me"
@@ -38,7 +40,6 @@ def initialize(options)
     @redirect_uri =  options[:service][:redirect_uri] || "#{@uaa_url}/redirect/#{@client_id}"
     @logger.debug("Initializing: #{options}")
     @logger.info("UAA: #{@uaa_url}, Login: #{@login_url}")
-    @async = options[:service][:async].nil? ? true : options[:service][:async]
   end
 
   def provision_service(request, prov_handle=nil, &blk)
@@ -78,8 +79,8 @@ def unprovision_service(instance_id, &blk)
     @logger.debug("[#{service_description}] Attempting to unprovision instance (instance id=#{instance_id})")
     svc = @prov_svcs[instance_id]
     raise ServiceError.new(ServiceError::NOT_FOUND, "instance_id #{instance_id}") if svc == nil
-    async do
-      client.delete(instance_id)
+    attempt do
+      client.delete(:client, instance_id)
     end
     bindings = find_all_bindings(instance_id)
     @prov_svcs.delete(instance_id)
@@ -150,20 +151,20 @@ def unbind_instance(instance_id, handle_id, binding_options, &blk)
 
   def update_redirect_uri(credentials, config)
 
-    async do
+    attempt do
 
       @logger.debug("Updating redirect uris, credentials=#{credentials}, config=#{config}")
 
       client_id = credentials["client_id"]
-      details = client.get(client_id)
+      details = client.get(:client, client_id)
       if details.nil?
         @logger.warn("No client details for: #{client_id}")
         return
       end
 
       @logger.debug("Found client details: #{details}")
-      owner = config["email"] || details[:owner]
-      name = config["name"]
+      owner = config[:email] || config["email"] || details[:owner] || details["owner"]
+      name = config[:name] || config["name"]
 
       unless owner.nil?
 
@@ -176,29 +177,31 @@ def update_redirect_uri(credentials, config)
           username: owner}
 
         request_headers = {
-          content_type: "application/x-www-form-urlencoded",
-          accept: "application/json",
-          authorization: @auth_header }
+          "content-type" => "application/x-www-form-urlencoded",
+          "accept" => "application/json",
+          "authorization" => @auth_header }
 
-        status, body, headers = client.request(@uaa_url, :post, "/oauth/authorize", URI.encode_www_form(credentials), request_headers)
-        reply_uri = URI.parse(headers[:location])
-        params = CF::UAA::Util.decode_form_to_hash(reply_uri.fragment)
+        status, body, headers = http_post(@uaa_url, "/oauth/authorize", URI.encode_www_form(credentials), request_headers)
+        reply_uri = URI.parse(headers["location"])
+        params = CF::UAA::Util.decode_form(reply_uri.fragment)
 
-        apps = client.json_get(@cloud_controller_uri, "/apps", "bearer #{params[:access_token]}", request_headers)
+        request_headers = {
+          "accept" => "application/json",
+          "authorization" => "bearer #{params['access_token']}" }
+        apps = json_get(@cloud_controller_uri, "/apps", :sym, request_headers)
         @logger.debug("Apps from cloud controller: #{apps}")
 
         redirect_uri = ["#{@uaa_url}/redirect/#{client_id}"]
         apps.each do |app|
-          next if app[:uris].nil? or app[:services].nil? or app[:services].empty?
-          next if name and !app[:services].include?(name)
+          next if app[:uris].nil?
           app[:uris].each do |uri|
             redirect_uri << "#{@redirect_protocol}#{uri}"
           end
         end
-        details[:redirect_uri] = redirect_uri
+        details["redirect_uri"] = redirect_uri
         @logger.debug("Updating client details with redirects: #{redirect_uri}")
         begin
-          client.update(details)
+          client.put(:client, details)
         rescue CF::UAA::NotFound
           @logger.debug("Not found (already deleted?)")
         end
@@ -214,37 +217,30 @@ def client
     token = CF::UAA::TokenIssuer.new(@uaa_url, @client_id, @client_secret).client_credentials_grant
     @logger.info("Client token: #{token}")
     @auth_header = token.auth_header
-    @client = CF::UAA::ClientReg.new(@uaa_url, @auth_header)
-    @client.async = @async
+    @client = CF::UAA::Scim.new(@uaa_url, @auth_header)
     @client
   end
 
-  def async(&blk)
+  def attempt(&blk)
     attempts = 0
     begin
-      if @async
-        Fiber.new {
-          blk.call()
-        }.resume
-      else
-        blk.call()
-      end
+      blk.call()
     rescue => e
       attempts = attempts + 1
       if attempts < 2
-        @logger.info("Failed. Retrying.")
+        @logger.info("Failed (#{e}). Retrying.")
         retry
       else
-        @logger.info("Failed last attempt.")
+        @logger.info("Failed last attempt (#{e}) .")
         raise e
       end
     end
   end
 
   def gen_credentials(name, owner)
     client_secret = UUIDTools::UUID.random_create.to_s
-    async do
-      client.create(:client_id=>name, :client_secret=>client_secret,
+    attempt do
+      client.add(:client, :client_id=>name, :client_secret=>client_secret,
                    :scope => ["cloud_controller.read", "cloud_controller.write", "openid"],
                    :authorized_grant_types => ["authorization_code", "refresh_token"],
                    :access_token_validity => 10*60,