Add support for using om client credentials

- `om` uses client credentials over username/password if both are set,
`hammer om` does not do anything to avoid this behaviour

README.md

@@ -25,6 +25,8 @@ In order to run the `hammer` tool against a given environment you need to have a
   "name": "ENVIRONMENT-NAME",
   "ops_manager": {
     "url": "OPSMAN-URL",
+    "client_id": "OPSMAN-CLIENT-ID",
+    "client_secret": "OPSMAN-CLIENT-SECRET",
     "username": "OPSMAN-USERNAME",
     "password": "OPSMAN-PASSWORD"
   },
@@ -41,6 +43,8 @@ Or the equivalent in yaml:
 ```yaml
 name: ENVIRONMENT-NAME
 ops_manager:
+  client_id: OPSMAN-CLIENT-ID
+  client_secret: OPSMAN-CLIENT-SECRET
   password: OPSMAN-PASSWORD
   url: OPSMAN-URL
   username: OPSMAN-USERNAME
@@ -56,6 +60,10 @@ This file can then be passed into the tool via `hammer -t path-to-env-config <co
 `ops_manager_ssh_user` is an optional field and if not set then `hammer -t path-to-env-config ssh opsman` will use
 `ubuntu` to ssh to the OpsManager VM, if users need to ssh via a different username they should set this as appropriate.
 
+Only one set of `ops_manager.client_id` and `ops_manager.client_secret` or `ops_manager.username` and `ops_manager.password`
+need to be specified in order to use `hammer om`, if both sets are specified then in line with `om` the client details
+will be used.
+
 NB: `sys_domain` and `pks_api.url` are only needed for using `hammer cf-login` and `hammer pks-login` respectively.
 
 ## Development

environment/config.go

@@ -23,12 +23,14 @@ import (
 const defaultSSHUser = "ubuntu"
 
 type OpsManager struct {
-	Username   string
-	Password   string
-	URL        url.URL
-	IP         net.IP
-	PrivateKey string
-	SshUser    string
+	Username     string
+	Password     string
+	ClientID     string
+	ClientSecret string
+	URL          url.URL
+	IP           net.IP
+	PrivateKey   string
+	SshUser      string
 }
 
 type PKSApi struct {
@@ -61,9 +63,11 @@ type environmentReader struct {
 	ServiceSubnet string   `yaml:"service_subnet_name"`
 	AZs           []string `yaml:"azs"`
 	OpsManager    struct {
-		URL      string `yaml:"url"`
-		Username string `yaml:"username"`
-		Password string `yaml:"password"`
+		URL          string `yaml:"url"`
+		Username     string `yaml:"username"`
+		Password     string `yaml:"password"`
+		ClientID     string `yaml:"client_id"`
+		ClientSecret string `yaml:"client_secret"`
 	} `yaml:"ops_manager"`
 	PKSApi struct {
 		Username string `yaml:"uaa_admin_user"`
@@ -127,12 +131,14 @@ func newLockfile(data environmentReader) (Config, error) {
 		ServiceSubnet: data.ServiceSubnet,
 		AZs:           data.AZs,
 		OpsManager: OpsManager{
-			Username:   data.OpsManager.Username,
-			Password:   data.OpsManager.Password,
-			URL:        *parsedOpsManagerURL,
-			IP:         opsManagerIp,
-			PrivateKey: data.PrivateKey,
-			SshUser:    sshUser,
+			Username:     data.OpsManager.Username,
+			Password:     data.OpsManager.Password,
+			ClientID:     data.OpsManager.ClientID,
+			ClientSecret: data.OpsManager.ClientSecret,
+			URL:          *parsedOpsManagerURL,
+			IP:           opsManagerIp,
+			PrivateKey:   data.PrivateKey,
+			SshUser:      sshUser,
 		},
 		PKSApi: PKSApi{
 			Username: data.PKSApi.Username,

environment/config_test.go

@@ -76,12 +76,14 @@ func checkMatchLemon(e Config) {
 			"URL":      Equal(mustParseURL("https://api.pks.lemon-lemon.cf-app.com")),
 		}),
 		"OpsManager": MatchAllFields(Fields{
-			"Username":   Equal("pivotalcf"),
-			"Password":   Equal("fakePassword"),
-			"URL":        Equal(mustParseURL("https://pcf.lemon.cf-app.com")),
-			"IP":         Equal(net.ParseIP("35.225.148.133")),
-			"SshUser":    Equal("ubuntu"),
-			"PrivateKey": ContainSubstring("BEGIN RSA"),
+			"Username":     Equal("pivotalcf"),
+			"Password":     Equal("fakePassword"),
+			"ClientID":     Equal("fakeClientID"),
+			"ClientSecret": Equal("fakeClientSecret"),
+			"URL":          Equal(mustParseURL("https://pcf.lemon.cf-app.com")),
+			"IP":           Equal(net.ParseIP("35.225.148.133")),
+			"SshUser":      Equal("ubuntu"),
+			"PrivateKey":   ContainSubstring("BEGIN RSA"),
 		}),
 	}))
 }

environment/fixtures/lemon.json

@@ -22,6 +22,8 @@
   "ops_manager": {
     "password": "fakePassword",
     "url": "https://pcf.lemon.cf-app.com",
+    "client_id": "fakeClientID",
+    "client_secret": "fakeClientSecret",
     "username": "pivotalcf"
   },
   "ops_manager_cidr": "10.0.0.0/24",

environment/fixtures/lemon.yaml

@@ -20,6 +20,8 @@ name: lemon
 ops_manager:
   password: fakePassword
   url: https://pcf.lemon.cf-app.com
+  client_id: "fakeClientID"
+  client_secret: "fakeClientSecret"
   username: pivotalcf
 ops_manager_cidr: 10.0.0.0/24
 ops_manager_dns: pcf.lemon.cf-app.com

integration/fixtures/claim_manatee_response.json

@@ -22,6 +22,8 @@
   "ops_manager": {
     "password": "fakePassword",
     "url": "https://pcf.manatee.cf-app.com",
+    "client_id": "fakeClientID",
+    "client_secret": "fakeClientSecret",
     "username": "pivotalcf"
   },
   "ops_manager_cidr": "10.0.0.0/24",

integration/fixtures/om_script.sh

@@ -1 +1 @@
-om -t 'https://pcf.manatee.cf-app.com' -k -u 'pivotalcf' -p 'fakePassword' 'foo'
+OM_CLIENT_ID='fakeClientID' OM_CLIENT_SECRET='fakeClientSecret' OM_USERNAME='pivotalcf' OM_PASSWORD='fakePassword' om -t 'https://pcf.manatee.cf-app.com' -k 'foo'

integration/fixtures/om_script_json.sh

@@ -1 +1 @@
-om -t 'https://pcf.manatee.cf-app.com' -k -u 'pivotalcf' -p 'fakePassword' 'configure-product' '--product-name' 'p-rabbitmq' '--product-properties' '{".rabbitmq-server.server_admin_credentials":{"value":{"identity":"admin","password":"admin"}}}'
+OM_CLIENT_ID='fakeClientID' OM_CLIENT_SECRET='fakeClientSecret' OM_USERNAME='pivotalcf' OM_PASSWORD='fakePassword' om -t 'https://pcf.manatee.cf-app.com' -k 'configure-product' '--product-name' 'p-rabbitmq' '--product-properties' '{".rabbitmq-server.server_admin_credentials":{"value":{"identity":"admin","password":"admin"}}}'

integration/om_command_test.go

@@ -67,7 +67,7 @@ var _ = Describe("OM", func() {
 
 			Eventually(session).Should(Exit(0))
 			Eventually(string(session.Err.Contents())).Should(Equal(""))
-			Eventually(string(session.Out.Contents())).Should(Equal("# om\nexport OM_TARGET=https://pcf.manatee.cf-app.com\nexport OM_USERNAME=pivotalcf\nexport OM_PASSWORD=fakePassword\n"))
+			Eventually(string(session.Out.Contents())).Should(Equal("# om\nexport OM_TARGET='https://pcf.manatee.cf-app.com'\nexport OM_CLIENT_ID='fakeClientID'\nexport OM_CLIENT_SECRET='fakeClientSecret'\nexport OM_USERNAME='pivotalcf'\nexport OM_PASSWORD='fakePassword'\n"))
 		})
 	})
 })

om/runner.go

@@ -28,14 +28,22 @@ func (r Runner) Run(data environment.Config, dryRun bool, omArgs ...string) erro
 
 	if len(omArgs) > 0 {
 		omCommandLines = []string{
-			fmt.Sprintf(`om -t '%s' -k -u '%s' -p '%s' %s`, data.OpsManager.URL.String(), data.OpsManager.Username, data.OpsManager.Password, quoteArgs(omArgs)),
+			fmt.Sprintf(`OM_CLIENT_ID='%s' OM_CLIENT_SECRET='%s' OM_USERNAME='%s' OM_PASSWORD='%s' om -t '%s' -k %s`,
+				data.OpsManager.ClientID,
+				data.OpsManager.ClientSecret,
+				data.OpsManager.Username,
+				data.OpsManager.Password,
+				data.OpsManager.URL.String(),
+				quoteArgs(omArgs)),
 		}
 		omPrereqs = []string{"om"}
 	} else {
 		omCommandLines = []string{
-			fmt.Sprintf(`echo "export OM_TARGET=%s"`, data.OpsManager.URL.String()),
-			fmt.Sprintf(`echo "export OM_USERNAME=%s"`, data.OpsManager.Username),
-			fmt.Sprintf(`echo "export OM_PASSWORD=%s"`, data.OpsManager.Password),
+			fmt.Sprintf(`echo "export OM_TARGET='%s'"`, data.OpsManager.URL.String()),
+			fmt.Sprintf(`echo "export OM_CLIENT_ID='%s'"`, data.OpsManager.ClientID),
+			fmt.Sprintf(`echo "export OM_CLIENT_SECRET='%s'"`, data.OpsManager.ClientSecret),
+			fmt.Sprintf(`echo "export OM_USERNAME='%s'"`, data.OpsManager.Username),
+			fmt.Sprintf(`echo "export OM_PASSWORD='%s'"`, data.OpsManager.Password),
 		}
 	}
 

om/runner_test.go

@@ -39,9 +39,11 @@ var _ = Describe("om runner", func() {
 		url, _ := url.Parse("https://www.test-url.io")
 		data = environment.Config{
 			OpsManager: environment.OpsManager{
-				URL:      *url,
-				Username: "username",
-				Password: "password",
+				URL:          *url,
+				Username:     "username",
+				Password:     "password",
+				ClientID:     "client_id",
+				ClientSecret: "client_secret",
 			},
 		}
 
@@ -64,9 +66,11 @@ var _ = Describe("om runner", func() {
 
 			lines, prereqs, _ := scriptRunner.RunScriptArgsForCall(0)
 			Expect(lines).To(Equal([]string{
-				`echo "export OM_TARGET=https://www.test-url.io"`,
-				`echo "export OM_USERNAME=username"`,
-				`echo "export OM_PASSWORD=password"`,
+				`echo "export OM_TARGET='https://www.test-url.io'"`,
+				`echo "export OM_CLIENT_ID='client_id'"`,
+				`echo "export OM_CLIENT_SECRET='client_secret'"`,
+				`echo "export OM_USERNAME='username'"`,
+				`echo "export OM_PASSWORD='password'"`,
 			}))
 			Expect(prereqs).To(HaveLen(0))
 		})
@@ -86,7 +90,7 @@ var _ = Describe("om runner", func() {
 
 			lines, prereqs, _ := scriptRunner.RunScriptArgsForCall(0)
 			Expect(lines).To(Equal([]string{
-				`om -t 'https://www.test-url.io' -k -u 'username' -p 'password' 'arg1' 'arg2' 'arg3'`,
+				`OM_CLIENT_ID='client_id' OM_CLIENT_SECRET='client_secret' OM_USERNAME='username' OM_PASSWORD='password' om -t 'https://www.test-url.io' -k 'arg1' 'arg2' 'arg3'`,
 			}))
 			Expect(prereqs).To(ConsistOf("om"))
 		})