Add support for UAA authentication

[#131726841]

Signed-off-by: Jatin Naik <[email protected]>

artifact/instance_metadata.go

@@ -21,4 +21,3 @@ func (m instanceMetadata) ID() string {
 func (m instanceMetadata) IsNamed() bool {
 	return false
 }
-

bosh/client.go

@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 
 	"github.com/cloudfoundry/bosh-cli/director"
+	boshuaa "github.com/cloudfoundry/bosh-cli/uaa"
 	boshlog "github.com/cloudfoundry/bosh-utils/logger"
 	"github.com/cloudfoundry/bosh-utils/uuid"
 	"github.com/pivotal-cf/bosh-backup-and-restore/instance"
@@ -23,9 +24,6 @@ func BuildClient(targetUrl, username, password, caCert string, logger boshlog.Lo
 		return nil, fmt.Errorf("Target director URL is malformed - %s", err.Error())
 	}
 
-	config.Client = username
-	config.ClientSecret = password
-
 	if caCert != "" {
 		cert, err := ioutil.ReadFile(caCert)
 		if err != nil {
@@ -35,6 +33,41 @@ func BuildClient(targetUrl, username, password, caCert string, logger boshlog.Lo
 	}
 
 	factory := director.NewFactory(logger)
+	infoDirector, err := factory.New(config, director.NewNoopTaskReporter(), director.NewNoopFileReporter())
+
+	info, _ := infoDirector.Info()
+
+	if info.Auth.Type == "uaa" {
+		uaaURL := info.Auth.Options["url"]
+
+		uaaURLStr, ok := uaaURL.(string)
+		if !ok {
+			return nil, fmt.Errorf("Expected URL '%s' to be a string", uaaURL)
+		}
+
+		uaaConfig, err := boshuaa.NewConfigFromURL(uaaURLStr)
+		if err != nil {
+			return nil, err
+		}
+
+		if caCert != "" {
+			cert, err := ioutil.ReadFile(caCert)
+			if err != nil {
+				return nil, err
+			}
+			uaaConfig.CACert = string(cert)
+		}
+
+		uaaConfig.Client = username
+		uaaConfig.ClientSecret = password
+
+		uaa, _ := boshuaa.NewFactory(logger).New(uaaConfig)
+
+		config.TokenFunc = boshuaa.NewClientTokenSession(uaa).TokenFunc
+	} else {
+		config.Client = username
+		config.ClientSecret = password
+	}
 
 	boshDirector, err := factory.New(config, director.NewNoopTaskReporter(), director.NewNoopFileReporter())
 	if err != nil {
@@ -48,7 +81,7 @@ func NewClient(boshDirector director.Director,
 	sshOptsGenerator ssh.SSHOptsGenerator,
 	connectionFactory ssh.SSHConnectionFactory,
 	logger Logger,
-	jobFinder instance.JobFinder) orchestrator.BoshClient {
+	jobFinder instance.JobFinder) Client {
 	return Client{
 		Director:             boshDirector,
 		SSHOptsGenerator:     sshOptsGenerator,

bosh/client_integration_test.go

@@ -27,7 +27,7 @@ var _ = Describe("BuildClient", func() {
 		Expect(err.Error()).To(ContainSubstring("Director responded with non-successful status code '404'"))
 	})
 
-	XIt("builds a Client that authenticates with UAA", func() {
+	It("builds a Client that authenticates with UAA", func() {
 		username := MustHaveEnv("BOSH_CLIENT")
 		password := MustHaveEnv("UAA_BOSH_CLIENT_SECRET")
 		caCertPath := MustHaveEnv("UAA_BOSH_CERT_PATH")

instance/blob_test.go

@@ -12,8 +12,8 @@ import (
 	"github.com/onsi/gomega/gbytes"
 	"github.com/pivotal-cf/bosh-backup-and-restore/instance"
 	"github.com/pivotal-cf/bosh-backup-and-restore/instance/fakes"
-	backuperfakes "github.com/pivotal-cf/bosh-backup-and-restore/orchestrator/fakes"
 	"github.com/pivotal-cf/bosh-backup-and-restore/orchestrator"
+	backuperfakes "github.com/pivotal-cf/bosh-backup-and-restore/orchestrator/fakes"
 )
 
 var _ = Describe("blob", func() {

integration/backup_test.go

@@ -81,6 +81,7 @@ printf "backupcontent2" > $ARTIFACT_DIRECTORY/backupdump2
 `)
 
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					DownloadManifest(deploymentName, "this is a totally valid yaml"),
@@ -322,6 +323,7 @@ exit 1`)
 			BeforeEach(func() {
 				instance1 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					ManifestIsNotDownloaded(),
@@ -350,6 +352,7 @@ exit 1`)
 			BeforeEach(func() {
 				instance1 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					DownloadManifest(deploymentName, "this is a totally valid yaml"),
@@ -370,6 +373,7 @@ exit 1`)
 			BeforeEach(func() {
 				instance1 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					DownloadManifest(deploymentName, "this is a totally valid yaml"),
@@ -398,6 +402,7 @@ exit 1`)
 			BeforeEach(func() {
 				instance1 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					DownloadManifest(deploymentName, "this is a totally valid yaml"),
@@ -438,6 +443,7 @@ echo "not valid yaml
 "`)
 
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					ManifestIsNotDownloaded(),
@@ -457,6 +463,7 @@ echo "not valid yaml
 
 		Context("when the artifact exists locally", func() {
 			BeforeEach(func() {
+				director.VerifyAndMock(mockbosh.Info().WithAuthTypeBasic())
 				deploymentName = "already-backed-up-deployment"
 				err := os.Mkdir(path.Join(backupWorkspace, deploymentName), 0777)
 				Expect(err).ToNot(HaveOccurred())
@@ -499,6 +506,7 @@ echo "not valid yaml
 				backupableInstance = testcluster.NewInstance()
 				nonBackupableInstance = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, twoInstancesResponse("redis-dedicated-node", "redis-broker")),
 					append(SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, backupableInstance),
 						SetupSSH(deploymentName, "redis-broker", "fake-uuid-2", 0, nonBackupableInstance)...),
@@ -533,6 +541,7 @@ echo "not valid yaml
 				backupableInstance1 = testcluster.NewInstance()
 				backupableInstance2 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, twoInstancesResponse("redis-dedicated-node", "redis-broker")),
 					append(SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, backupableInstance1),
 						SetupSSH(deploymentName, "redis-broker", "fake-uuid-2", 0, backupableInstance2)...),
@@ -587,6 +596,7 @@ echo "not valid yaml
 				backupableInstance1 = testcluster.NewInstance()
 				backupableInstance2 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, twoInstancesResponse("redis-dedicated-node", "redis-broker")),
 					append(SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, backupableInstance1),
 						SetupSSH(deploymentName, "redis-broker", "fake-uuid-2", 0, backupableInstance2)...),
@@ -637,7 +647,10 @@ backup_name: duplicate_name
 	Context("When deployment does not exist", func() {
 		BeforeEach(func() {
 			deploymentName = "my-non-existent-deployment"
-			director.VerifyAndMock(mockbosh.VMsForDeployment(deploymentName).NotFound())
+			director.VerifyAndMock(
+				mockbosh.Info().WithAuthTypeBasic(),
+				mockbosh.VMsForDeployment(deploymentName).NotFound(),
+			)
 		})
 
 		It("returns exit code 1", func() {

integration/cli_test.go

@@ -32,7 +32,10 @@ var _ = Describe("CLI Interface", func() {
 	AssertCLIBehaviour := func(cmd string) {
 		Context("params", func() {
 			It("can invoke command with short names", func() {
-				director.VerifyAndMock(mockbosh.VMsForDeployment("my-new-deployment").NotFound())
+				director.VerifyAndMock(
+					mockbosh.Info().WithAuthTypeBasic(),
+					mockbosh.VMsForDeployment("my-new-deployment").NotFound(),
+				)
 
 				runBinary(backupWorkspace,
 					[]string{},
@@ -46,7 +49,10 @@ var _ = Describe("CLI Interface", func() {
 				director.VerifyMocks()
 			})
 			It("can invoke command with long names", func() {
-				director.VerifyAndMock(mockbosh.VMsForDeployment("my-new-deployment").NotFound())
+				director.VerifyAndMock(
+					mockbosh.Info().WithAuthTypeBasic(),
+					mockbosh.VMsForDeployment("my-new-deployment").NotFound(),
+				)
 
 				runBinary(backupWorkspace,
 					[]string{},
@@ -63,7 +69,10 @@ var _ = Describe("CLI Interface", func() {
 
 		Context("password is supported from env", func() {
 			It("can invoke command with long names", func() {
-				director.VerifyAndMock(mockbosh.VMsForDeployment("my-new-deployment").NotFound())
+				director.VerifyAndMock(
+					mockbosh.Info().WithAuthTypeBasic(),
+					mockbosh.VMsForDeployment("my-new-deployment").NotFound(),
+				)
 
 				runBinary(backupWorkspace, []string{"BOSH_CLIENT_SECRET=admin"}, "--ca-cert", sslCertPath, "--username", "admin", "--target", director.URL, "--deployment", "my-new-deployment", cmd)
 
@@ -196,7 +205,10 @@ var _ = Describe("CLI Interface", func() {
 		})
 		Context("with debug flag set", func() {
 			It("outputs verbose HTTP logs", func() {
-				director.VerifyAndMock(mockbosh.VMsForDeployment("my-new-deployment").NotFound())
+				director.VerifyAndMock(
+					mockbosh.Info().WithAuthTypeBasic(),
+					mockbosh.VMsForDeployment("my-new-deployment").NotFound(),
+				)
 
 				session := runBinary(backupWorkspace, []string{}, "--debug", "--ca-cert", sslCertPath, "--username", "admin", "--password", "admin", "--target", director.URL, "--deployment", "my-new-deployment", cmd)
 

integration/pre_backup_check_test.go

@@ -64,6 +64,7 @@ var _ = Describe("Pre-backup checks", func() {
 				By("creating a dummy backup script")
 
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					ManifestIsNotDownloaded(),
@@ -91,6 +92,7 @@ printf "backupcontent2" > $ARTIFACT_DIRECTORY/backupdump2
 			BeforeEach(func() {
 				instance1 = testcluster.NewInstance()
 				mockDirectorWith(director,
+					mockbosh.Info().WithAuthTypeBasic(),
 					VmsForDeployment(deploymentName, singleInstanceResponse("redis-dedicated-node")),
 					SetupSSH(deploymentName, "redis-dedicated-node", "fake-uuid", 0, instance1),
 					ManifestIsNotDownloaded(),
@@ -120,7 +122,10 @@ printf "backupcontent2" > $ARTIFACT_DIRECTORY/backupdump2
 	Context("When deployment does not exist", func() {
 		BeforeEach(func() {
 			deploymentName = "my-non-existent-deployment"
-			director.VerifyAndMock(mockbosh.VMsForDeployment(deploymentName).NotFound())
+			director.VerifyAndMock(
+				mockbosh.Info().WithAuthTypeBasic(),
+				mockbosh.VMsForDeployment(deploymentName).NotFound(),
+			)
 		})
 
 		It("returns exit code 1", func() {
@@ -137,7 +142,12 @@ printf "backupcontent2" > $ARTIFACT_DIRECTORY/backupdump2
 	Context("When the director is unreachable", func() {
 		BeforeEach(func() {
 			deploymentName = "my-director-is-broken"
-			director.VerifyAndMock(VmsForDeploymentFails(deploymentName)...)
+			director.VerifyAndMock(
+				AppendBuilders(
+					InfoWithBasicAuth(),
+					VmsForDeploymentFails(deploymentName),
+				)...,
+			)
 		})
 
 		It("returns exit code 1", func() {