APIGOV-26527 - add client_credentials auth flow for agent (#175)

* add client_credentials auth flow for agent

* docs

build/mulesoft_discovery_agent.yml

@@ -40,4 +40,6 @@ mulesoft:
   auth:
     username: <USERNAME>
     password: <PASSWORD>
+    clientID: <CLIENTID>
+    clientSecret: <CLIENTSECRET>
 

build/mulesoft_traceability_agent.yml

@@ -47,6 +47,8 @@ mulesoft_traceability_agent:
     auth:
       username: "${MULESOFT_AUTH_USERNAME}"
       password: "${MULESOFT_AUTH_PASSWORD}"
+      clientID: "${MULESOFT_AUTH_CLIENTID}"
+      clientSecret: "${MULESOFT_AUTH_CLIENTSECRET}"
   agentFeatures:
     persistCache: ${AGENTFEATURES_PERSISTCACHE}
     marketplaceProvisioning: ${AGENTFEATURES_MARKETPLACEPROVISIONING}

pkg/anypoint/client.go

@@ -65,14 +65,16 @@ type ListAssetClient interface {
 
 // AnypointClient is the client for interacting with Mulesoft Anypoint.
 type AnypointClient struct {
-	baseURL     string
-	username    string
-	password    string
-	lifetime    time.Duration
-	apiClient   coreapi.Client
-	auth        Auth
-	environment *Environment
-	orgName     string
+	baseURL      string
+	username     string
+	password     string
+	clientID     string
+	clientSecret string
+	lifetime     time.Duration
+	apiClient    coreapi.Client
+	auth         Auth
+	environment  *Environment
+	orgName      string
 }
 
 type ClientOptions func(*AnypointClient)
@@ -101,6 +103,8 @@ func (c *AnypointClient) OnConfigChange(mulesoftConfig *config.MulesoftConfig) {
 	c.baseURL = mulesoftConfig.AnypointExchangeURL
 	c.username = mulesoftConfig.Username
 	c.password = mulesoftConfig.Password
+	c.clientID = mulesoftConfig.ClientID
+	c.clientSecret = mulesoftConfig.ClientSecret
 	c.orgName = mulesoftConfig.OrgName
 	c.lifetime = mulesoftConfig.SessionLifetime
 
@@ -143,10 +147,19 @@ func (c *AnypointClient) healthcheck(name string) (status *hc.Status) {
 
 // GetAccessToken retrieves a token
 func (c *AnypointClient) GetAccessToken() (string, *User, time.Duration, error) {
+	url := c.baseURL + "/accounts/login"
 	body := map[string]string{
 		"username": c.username,
 		"password": c.password,
 	}
+	if c.clientID != "" {
+		url = c.baseURL + "/accounts/oauth2/token"
+		body = map[string]string{
+			"grant_type":    "client_credentials",
+			"client_id":     c.clientID,
+			"client_secret": c.clientSecret,
+		}
+	}
 	buffer, err := json.Marshal(body)
 	if err != nil {
 		return "", nil, 0, agenterrors.Wrap(ErrMarshallingBody, err.Error())
@@ -158,7 +171,7 @@ func (c *AnypointClient) GetAccessToken() (string, *User, time.Duration, error)
 
 	request := coreapi.Request{
 		Method:  coreapi.POST,
-		URL:     c.baseURL + "/accounts/login",
+		URL:     url,
 		Headers: headers,
 		Body:    buffer,
 	}

pkg/config/config.go

@@ -21,6 +21,8 @@ const (
 	pathDiscoveryIgnoreTags   = "mulesoft.discoveryIgnoreTags"
 	pathAuthUsername          = "mulesoft.auth.username"
 	pathAuthPassword          = "mulesoft.auth.password"
+	pathAuthClientID          = "mulesoft.auth.clientID"
+	pathAuthClientSecret      = "mulesoft.auth.clientSecret"
 	pathAuthLifetime          = "mulesoft.auth.lifetime"
 	pathSSLNextProtos         = "mulesoft.ssl.nextProtos"
 	pathSSLInsecureSkipVerify = "mulesoft.ssl.insecureSkipVerify"
@@ -63,6 +65,8 @@ type MulesoftConfig struct {
 	SessionLifetime     time.Duration     `config:"auth.lifetime"`
 	TLS                 corecfg.TLSConfig `config:"ssl"`
 	Username            string            `config:"auth.username"`
+	ClientID            string            `config:"auth.clientID"`
+	ClientSecret        string            `config:"auth.clientSecret"`
 }
 
 // ValidateCfg - Validates the gateway config
@@ -71,14 +75,22 @@ func (c *MulesoftConfig) ValidateCfg() (err error) {
 		return errors.New("invalid mulesoft configuration: anypointExchangeUrl is not configured")
 	}
 
-	if c.Username == "" {
-		return errors.New("invalid mulesoft configuration: username is not configured")
+	if c.Username == "" && c.ClientID == "" {
+		return errors.New("invalid mulesoft configuration: username or client id must be configured")
 	}
 
-	if c.Password == "" {
+	if c.Username != "" && c.ClientID != "" {
+		return errors.New("invalid mulesoft configuration: both username or client id can not be configured")
+	}
+
+	if c.Username != "" && c.Password == "" {
 		return errors.New("invalid mulesoft configuration: password is not configured")
 	}
 
+	if c.ClientID != "" && c.ClientSecret == "" {
+		return errors.New("invalid mulesoft configuration: client secret is not configured")
+	}
+
 	if c.Environment == "" {
 		return errors.New("invalid mulesoft configuration: environment is not configured")
 	}
@@ -105,6 +117,8 @@ func AddConfigProperties(props properties.Properties) {
 	props.AddStringProperty(pathOrgName, "", "Mulesoft Anypoint Business Group.")
 	props.AddStringProperty(pathAuthUsername, "", "Mulesoft username.")
 	props.AddStringProperty(pathAuthPassword, "", "Mulesoft password.")
+	props.AddStringProperty(pathAuthClientID, "", "Mulesoft client id.")
+	props.AddStringProperty(pathAuthClientSecret, "", "Mulesoft client secret.")
 	props.AddDurationProperty(pathAuthLifetime, 60*time.Minute, "Mulesoft session lifetime.")
 	props.AddStringProperty(pathDiscoveryTags, "", "APIs containing any of these tags are selected for discovery.")
 	props.AddStringProperty(pathDiscoveryIgnoreTags, "", "APIs containing any of these tags are ignored. Takes precedence over "+pathDiscoveryIgnoreTags+".")
@@ -134,6 +148,8 @@ func NewMulesoftConfig(props properties.Properties) *MulesoftConfig {
 		ProxyURL:            props.StringPropertyValue(pathProxyURL),
 		SessionLifetime:     props.DurationPropertyValue(pathAuthLifetime),
 		Username:            props.StringPropertyValue(pathAuthUsername),
+		ClientID:            props.StringPropertyValue(pathAuthClientID),
+		ClientSecret:        props.StringPropertyValue(pathAuthClientSecret),
 		TLS: &corecfg.TLSConfiguration{
 			NextProtos:         props.StringSlicePropertyValue(pathSSLNextProtos),
 			InsecureSkipVerify: props.BoolPropertyValue(pathSSLInsecureSkipVerify),