vcloud-core 0.6.0 → 0.7.0

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+## 0.7.0 (2014-07-28)
+
+Features:
+
+  - New vcloud-login tool for fetching session tokens without the need to
+    store your password in a plaintext FOG_RC file.
+
+Deprecated:
+
+  - Deprecate the use of :vcloud_director_password in a plaintext FOG_RC
+    file. A warning will be printed to STDERR at load time. Please use
+    vcloud-login instead.
+
 ## 0.6.0 (2014-07-14)
 
 API changes:

data/README.md

@@ -20,41 +20,7 @@ Or install it yourself as:
 
 ## Credentials
 
-vCloud Core is based around [fog](http://fog.io/). To use it you'll need to give it
-credentials that allow it to talk to a vCloud Director environment.
-
-1. Create a '.fog' file in your home directory.
-
-  For example:
-
-      test_credentials:
-        vcloud_director_host: 'host.api.example.com'
-        vcloud_director_username: 'username@org_name'
-        vcloud_director_password: ''
-
-2. Obtain a session token. First, curl the API:
-
-        curl -D- -d '' \
-            -H 'Accept: application/*+xml;version=5.1' -u '<username>@<org_name>' \
-            https://<host.api.example.com>/api/sessions
-
-  This will prompt for your password.
-
-  From the headers returned, the value of the `x-vcloud-authorization` header is your
-  session token, and this will be valid for 30 minutes idle - any activity will extend
-  its life by another 30 minutes.
-
-3. Specify your credentials and session token at the beginning of the command. For example:
-
-        FOG_CREDENTIAL=test_credentials \
-            FOG_VCLOUD_TOKEN=AAAABBBBBCCCCCCDDDDDDEEEEEEFFFFF= \
-            vcloud-query
-
-  You may find it easier to export one or both of the values as environment variables.
-
-  **NB** It is also possible to sidestep the need for the session token by saving your
-  password in the fog file. This is **not recommended**.
-
+Please see the [vcloud-tools usage documentation](http://gds-operations.github.io/vcloud-tools/usage/).
 
 ## vCloud Query
 

data/bin/vcloud-login

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'vcloud/core'
+
+Vcloud::Core::LoginCli.new(ARGV).run

data/jenkins.sh

@@ -1,14 +1,5 @@
-#!/bin/bash -x
+#!/bin/bash
 set -e
 
-git clean -ffdx
-bundle install --path "${HOME}/bundles/${JOB_NAME}"
-
-# Obtain the integration test parameters
-git clone git@github.gds:gds/vcloud-tools-testing-config.git
-mv vcloud-tools-testing-config/vcloud_tools_testing_config.yaml spec/integration/
-rm -rf vcloud-tools-testing-config
-
-bundle exec rake
-RUBYOPT="-r ./tools/fog_credentials" bundle exec rake integration
+./jenkins_tests.sh
 bundle exec rake publish_gem

data/jenkins_integration_tests.sh

@@ -1,12 +1,5 @@
-#!/bin/bash -x
+#!/bin/bash
 set -e
 
-git clean -ffdx
-bundle install --path "${HOME}/bundles/${JOB_NAME}"
-
-# Obtain the integration test parameters
-git clone git@github.gds:gds/vcloud-tools-testing-config.git
-mv vcloud-tools-testing-config/vcloud_tools_testing_config.yaml spec/integration/
-rm -rf vcloud-tools-testing-config
-
-RUBYOPT="-r ./tools/fog_credentials" bundle exec rake integration
+# FIXME: Change the Carrenza job to use the following script directly.
+./jenkins_tests.sh

data/jenkins_tests.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+set -eu
+
+function cleanup {
+  rm $FOG_RC
+}
+
+# Override default of ~/.fog and delete afterwards.
+export FOG_RC=$(mktemp /tmp/vcloud_fog_rc.XXXXXXXXXX)
+trap cleanup EXIT
+
+cat <<EOF >${FOG_RC}
+${FOG_CREDENTIAL}:
+  vcloud_director_host: '${API_HOST}'
+  vcloud_director_username: '${API_USERNAME}'
+  vcloud_director_password: ''
+EOF
+
+git clean -ffdx
+
+# We wish to force using a version of ruby installed with rbenv, because the version of ruby shipped with
+# Ubuntu 12.04 has a bug we hit in Psych when loading YAML files.
+export RBENV_VERSION="1.9.3"
+
+bundle install --path "${HOME}/bundles/${JOB_NAME}" --shebang="/usr/bin/env ruby"
+
+# Obtain the integration test parameters
+git clone git@github.gds:gds/vcloud-tools-testing-config.git
+mv vcloud-tools-testing-config/vcloud_tools_testing_config.yaml spec/integration/
+rm -rf vcloud-tools-testing-config
+
+# Never log token to STDOUT.
+set +x
+eval $(printenv API_PASSWORD | bundle exec vcloud-login)
+
+bundle exec rake
+bundle exec rake integration

data/lib/vcloud/core.rb

@@ -11,6 +11,7 @@ require 'vcloud/core/compute_metadata'
 require 'vcloud/core/vdc'
 require 'vcloud/core/edge_gateway'
 require 'vcloud/core/edge_gateway_interface'
+require 'vcloud/core/login_cli'
 require 'vcloud/core/vm'
 require 'vcloud/core/vapp'
 require 'vcloud/core/vapp_template'

data/lib/vcloud/core/login_cli.rb

@@ -0,0 +1,84 @@
+require 'optparse'
+require 'highline'
+
+module Vcloud
+  module Core
+    class LoginCli
+      def initialize(argv_array)
+        @usage_text = nil
+
+        parse(argv_array)
+      end
+
+      def run
+        begin
+          pass = read_pass
+          puts Vcloud::Fog::Login.token_export(pass)
+        rescue => e
+          $stderr.puts(e)
+          exit 1
+        end
+      end
+
+      private
+
+      def parse(args)
+        opt_parser = OptionParser.new do |opts|
+          opts.banner = <<-EOS
+Usage: #{$0} [options]
+
+Utility for obtaining a Fog vCloud Director session token. It will output a
+shell `export` command that can be consumed with:
+
+    eval $(FOG_CREDENTIAL=example #{$0})
+
+It requires a Fog credentials file (e.g. `~/.fog`) with the host and user
+set, but the password set to an empty string. The password can either be
+entered interactively or piped in, for example from an environment variable:
+
+    printenv PASSWORD_VAR | FOG_CREDENTIAL=example #{$0}
+
+          EOS
+
+          opts.on("-h", "--help", "Print usage and exit") do
+            $stderr.puts opts
+            exit
+          end
+
+          opts.on("--version", "Display version and exit") do
+            puts Vcloud::Core::VERSION
+            exit
+          end
+        end
+
+        @usage_text = opt_parser.to_s
+        begin
+          opt_parser.parse!(args)
+        rescue OptionParser::InvalidOption => e
+          exit_error_usage(e)
+        end
+
+        if args.size > 0
+          exit_error_usage("too many arguments")
+        elsif args.size == 1
+          @type = args.first
+        end
+      end
+
+      def read_pass
+        hl = HighLine.new($stdin, $stderr)
+        if STDIN.tty?
+          hl.ask("vCloud password: ") { |q| q.echo = "*" }
+        else
+          hl.ask("Reading password from pipe..")
+        end
+      end
+
+      def exit_error_usage(error)
+        $stderr.puts "#{$0}: #{error}"
+        $stderr.puts @usage_text
+        exit 2
+      end
+    end
+  end
+end

data/lib/vcloud/core/version.rb

@@ -1,5 +1,5 @@
 module Vcloud
   module Core
-    VERSION = '0.6.0'
+    VERSION = '0.7.0'
   end
 end

data/lib/vcloud/fog.rb

@@ -1,5 +1,39 @@
 require 'fog'
 require 'vcloud/fog/content_types'
+require 'vcloud/fog/login'
 require 'vcloud/fog/relation'
 require 'vcloud/fog/service_interface'
 require 'vcloud/fog/model_interface'
+
+module Vcloud
+  module Fog
+    TOKEN_ENV_VAR_NAME = 'FOG_VCLOUD_TOKEN'
+    FOG_CREDS_PASS_NAME = :vcloud_director_password
+
+    def self.check_credentials
+      pass = fog_credentials_pass
+      unless pass.nil? or pass.empty?
+        warn <<EOF
+[WARNING] Storing :vcloud_director_password in your plaintext FOG_RC file is
+          insecure. Future releases of vcloud-core (and tools that depend on
+          it) will prevent you from doing this. Please use vcloud-login to
+          get a session token instead.
+EOF
+      end
+    end
+
+    def self.fog_credentials_pass
+      begin
+        pass = ::Fog.credentials[FOG_CREDS_PASS_NAME]
+      rescue ::Fog::Errors::LoadError
+        # Assume no password if Fog has been unable to load creds.
+        # Suppresses a noisy error about missing credentials.
+        pass = nil
+      end
+
+      pass
+    end
+  end
+end
+
+Vcloud::Fog.check_credentials

data/lib/vcloud/fog/login.rb

@@ -0,0 +1,38 @@
+require 'fog'
+
+module Vcloud
+  module Fog
+    module Login
+      class << self
+        def token(pass)
+          check_plaintext_pass
+          token = get_token(pass)
+
+          return token
+        end
+
+        def token_export(*args)
+          return "export #{Vcloud::Fog::TOKEN_ENV_VAR_NAME}=#{token(*args)}"
+        end
+
+        private
+
+        def check_plaintext_pass
+          pass = Vcloud::Fog::fog_credentials_pass
+          unless pass.nil? || pass.empty?
+            raise "Found plaintext #{Vcloud::Fog::FOG_CREDS_PASS_NAME} entry. Please set it to an empty string"
+          end
+        end
+
+        def get_token(pass)
+          ENV.delete(Vcloud::Fog::TOKEN_ENV_VAR_NAME)
+          vcloud = ::Fog::Compute::VcloudDirector.new({
+            Vcloud::Fog::FOG_CREDS_PASS_NAME => pass,
+          })
+
+          return vcloud.vcloud_token
+        end
+      end
+    end
+  end
+end

data/spec/integration/fog/login_manual.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+# These tests, which confirm that the Fog internals are performing a login
+# and returning a new token, are not run automatically because they conflict
+# with the use of vcloud-login in CI. Because we're using vcloud-login all
+# of our tests should fail if the behaviour of Fog changes. However these
+# may came in useful when debugging such a scenario.
+
+describe Vcloud::Fog::Login do
+  let!(:mock_env) { ENV.clone }
+
+  before(:each) do
+    stub_const('ENV', mock_env)
+  end
+
+  describe "#token" do
+    context "fog credentials without password" do
+      let(:token_length) { 44 }
+      let(:env_var_name) { 'FOG_VCLOUD_TOKEN' }
+      let!(:mock_fog_creds) { ::Fog.credentials.clone }
+
+      before(:each) do
+        @real_password = mock_fog_creds.delete(:vcloud_director_password)
+        allow(::Fog).to receive(:credentials).and_return(mock_fog_creds)
+      end
+
+      context "environment variable VCLOUD_FOG_TOKEN not set" do
+        it "should login and return a token" do
+          mock_env.delete(env_var_name)
+          token = subject.token(@real_password)
+          expect(token.size).to eq(token_length)
+        end
+      end
+
+      context "environment variable VCLOUD_FOG_TOKEN is set" do
+        let(:old_token) { 'mekmitasdigoat' }
+
+        it "should login and return a token, ignoring the existing token" do
+          mock_env[env_var_name] = old_token
+          new_token = subject.token(@real_password)
+          expect(new_token).to_not eq(old_token)
+          expect(new_token.size).to eq(token_length)
+        end
+      end
+    end
+  end
+end

data/spec/integration/fog/login_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe Vcloud::Fog::Login do
+  let!(:mock_env) { ENV.clone }
+
+  before(:each) do
+    stub_const('ENV', mock_env)
+  end
+
+  describe "#token" do
+    context "unable to load credentials" do
+      it "should raise an exception succinctly listing the missing credentials" do
+        mock_env.clear
+        ::Fog.credential = 'null'
+        ::Fog.credentials_path = '/dev/null'
+
+        # This test is known to fail with a TypeError due to a bug in Ruby 1.9.3 that
+        # has since been fixed. See https://github.com/gds-operations/vcloud-core/pull/100
+        expect { ::Fog.credentials['doesnotexist'] }.to raise_error(
+          Fog::Errors::LoadError,
+          /^Missing Credentials\n/
+        )
+        expect { subject.token(@real_password) }.to raise_error(
+          ArgumentError,
+          /^Missing required arguments: vcloud_director_.*$/
+        )
+      end
+    end
+  end
+end

data/spec/vcloud/core/login_cli_spec.rb

@@ -0,0 +1,147 @@
+require 'spec_helper'
+
+class LoginCommandRun
+  attr_accessor :stdout, :stderr, :exitstatus
+
+  def initialize(args, stdin=nil)
+    out = StringIO.new
+    err = StringIO.new
+
+    if stdin
+      $stdin = StringIO.new
+      $stdin << stdin
+      $stdin.rewind
+    end
+    $stdout = out
+    $stderr = err
+
+    begin
+      Vcloud::Core::LoginCli.new(args).run
+      @exitstatus = 0
+    rescue SystemExit => e
+      # Capture exit(n) value.
+      @exitstatus = e.status
+    end
+
+    @stdout = out.string.strip
+    @stderr = err.string.strip
+
+    if stdin
+      $stdin = STDIN
+    end
+    $stdout = STDOUT
+    $stderr = STDERR
+  end
+end
+
+describe Vcloud::Core::LoginCli do
+  let(:stdin) { nil }
+  subject { LoginCommandRun.new(args, stdin) }
+
+  describe "normal usage" do
+    context "when given no arguments and a password on stdin" do
+      let(:args) { %w{} }
+      let(:pass) { 'supersekret' }
+      let(:stdin) { pass }
+
+      context "interactive tty" do
+        before(:each) do
+          expect(STDIN).to receive(:tty?).and_return(true)
+        end
+
+        it "should prompt on stderr so that stdout can be scripted and mask password input" do
+          expect(Vcloud::Fog::Login).to receive(:token_export).with(pass)
+          expect(subject.stderr).to eq("vCloud password: " + "*" * pass.size)
+        end
+      end
+
+      context "non-interactive tty" do
+        before(:each) do
+          expect(STDIN).to receive(:tty?).and_return(false)
+        end
+
+        it "should write stderr message to say that it's reading from pipe and not echo any input" do
+          expect(Vcloud::Fog::Login).to receive(:token_export).with(pass)
+          expect(subject.stderr).to eq("Reading password from pipe..")
+        end
+      end
+    end
+
+    context "when asked to display version" do
+      let(:args) { %w{--version} }
+
+      it "should not call Login" do
+        expect(Vcloud::Fog::Login).not_to receive(:token_export)
+      end
+
+      it "should print version and exit normally" do
+        expect(subject.stdout).to eq(Vcloud::Core::VERSION)
+        expect(subject.exitstatus).to eq(0)
+      end
+    end
+
+    context "when asked to display help" do
+      let(:args) { %w{--help} }
+
+      it "should not call Login" do
+        expect(Vcloud::Fog::Login).not_to receive(:token_export)
+      end
+
+      it "should print usage and exit normally" do
+        expect(subject.stderr).to match(/\AUsage: \S+ \[options\]\n/)
+        expect(subject.exitstatus).to eq(0)
+      end
+    end
+  end
+
+  describe "incorrect usage" do
+    shared_examples "print usage and exit abnormally" do |error|
+      it "should not call Login" do
+        expect(Vcloud::Fog::Login).not_to receive(:token_export)
+      end
+
+      it "should print error message and usage" do
+        expect(subject.stderr).to match(/\A\S+: #{error}\nUsage: \S+/)
+      end
+
+      it "should exit abnormally for incorrect usage" do
+        expect(subject.exitstatus).to eq(2)
+      end
+    end
+
+    context "when given more than one argument" do
+      let(:args) { %w{an_extra_arg} }
+
+      it_behaves_like "print usage and exit abnormally", "too many arguments"
+    end
+
+    context "when given an unrecognised argument" do
+      let(:args) { %w{--this-is-garbage} }
+
+      it_behaves_like "print usage and exit abnormally", "invalid option: --this-is-garbage"
+    end
+  end
+
+  describe "error handling" do
+    context "when underlying code raises an exception" do
+      let(:args) { %w{} }
+      # We have to pass a string here to prevent highline blowing up. This
+      # appears to be related to swapping out $stdin for StringIO and can't
+      # be reproduced by normal CLI use.
+      let(:pass) { 'some string' }
+      let(:stdin) { pass }
+      let(:exception_string) { 'something went horribly wrong' }
+
+      it "should print error without backtrace and exit abnormally" do
+        expect(Vcloud::Fog::Login).to receive(:token_export).
+          and_raise(exception_string)
+        if STDIN.tty?
+          expect(subject.stderr).to eq("vCloud password: #{'*' * pass.size}\n#{exception_string}")
+        else
+          expect(subject.stderr).to eq("Reading password from pipe..\n#{exception_string}")
+        end
+        expect(subject.exitstatus).to eq(1)
+      end
+    end
+  end
+end

data/spec/vcloud/core/query_cli_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-class CommandRun
+class QueryCommandRun
   attr_accessor :stdout, :stderr, :exitstatus
 
   def initialize(args)
@@ -27,7 +27,7 @@ class CommandRun
 end
 
 describe Vcloud::Core::QueryCli do
-  subject { CommandRun.new(args) }
+  subject { QueryCommandRun.new(args) }
   let(:mock_query) {
     double(:query, :run => true)
   }

data/spec/vcloud/fog/login_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+require 'stringio'
+
+describe Vcloud::Fog::Login do
+  describe "#token" do
+    it "should return the output from get_token" do
+      expect(subject).to receive(:check_plaintext_pass)
+      expect(subject).to receive(:get_token).and_return('mekmitasdigoat')
+      expect(subject.token('supersekret')).to eq("mekmitasdigoat")
+    end
+  end
+
+  describe "#token_export" do
+    it "should call #token with pass arg and return shell export string" do
+      expect(subject).to receive(:token).with('supersekret').and_return('mekmitasdigoat')
+      expect(subject.token_export("supersekret")).to eq("export FOG_VCLOUD_TOKEN=mekmitasdigoat")
+    end
+  end
+
+  describe "#check_plaintext_pass" do
+    context "vcloud_director_password not set" do
+      it "should not raise an exception" do
+        expect(Vcloud::Fog).to receive(:fog_credentials_pass).and_return(nil)
+        expect(subject).to receive(:get_token)
+        expect { subject.token('supersekret') }.not_to raise_error
+      end
+    end
+
+    context "vcloud_director_password empty string" do
+      it "should not raise an exception" do
+        expect(Vcloud::Fog).to receive(:fog_credentials_pass).and_return('')
+        expect(subject).to receive(:get_token)
+        expect { subject.token('supersekret') }.not_to raise_error
+      end
+    end
+
+    context "vcloud_director_password non-empty string" do
+      it "should raise an exception" do
+        expect(Vcloud::Fog).to receive(:fog_credentials_pass).and_return('supersekret')
+        expect(subject).to_not receive(:get_token)
+        expect { subject.token('supersekret') }.to raise_error(
+          RuntimeError,
+          "Found plaintext vcloud_director_password entry. Please set it to an empty string"
+        )
+      end
+    end
+  end
+end

data/spec/vcloud/fog_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe Vcloud::Fog do
+  describe "fog_credentials_pass" do
+    let(:subject) { Vcloud::Fog::fog_credentials_pass }
+
+    context "vcloud_director_password not set" do
+      it "should return nil" do
+        expect(::Fog).to receive(:credentials).and_return({})
+        expect(subject).to eq(nil)
+      end
+    end
+
+    context "vcloud_director_password set" do
+      it "should return string" do
+        expect(::Fog).to receive(:credentials).and_return({
+          :vcloud_director_password => 'supersekret',
+        })
+        expect(subject).to eq('supersekret')
+      end
+    end
+
+    context "Fog LoadError" do
+      it "should suppress exception and return nil" do
+        expect(::Fog).to receive(:credentials).and_raise(::Fog::Errors::LoadError)
+        expect(subject).to eq(nil)
+      end
+    end
+  end
+end

data/vcloud-core.gemspec

@@ -24,6 +24,7 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency 'fog', '>= 1.22.0'
   s.add_runtime_dependency 'mustache'
+  s.add_runtime_dependency 'highline'
   s.add_development_dependency 'gem_publisher', '1.2.0'
   s.add_development_dependency 'pry'
   s.add_development_dependency 'rake'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vcloud-core
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-14 00:00:00.000000000 Z
+date: 2014-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog
@@ -43,6 +43,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: gem_publisher
   requirement: !ruby/object:Gem::Requirement
@@ -160,6 +176,7 @@ description: Core tools for interacting with VMware vCloud Director. Includes VC
 email:
 - anna.shipman@digital.cabinet-office.gov.uk
 executables:
+- vcloud-login
 - vcloud-query
 extensions: []
 extra_rdoc_files: []
@@ -172,9 +189,11 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- bin/vcloud-login
 - bin/vcloud-query
 - jenkins.sh
 - jenkins_integration_tests.sh
+- jenkins_tests.sh
 - lib/vcloud/core.rb
 - lib/vcloud/core/compute_metadata.rb
 - lib/vcloud/core/config_loader.rb
@@ -182,6 +201,7 @@ files:
 - lib/vcloud/core/edge_gateway.rb
 - lib/vcloud/core/edge_gateway_interface.rb
 - lib/vcloud/core/entity.rb
+- lib/vcloud/core/login_cli.rb
 - lib/vcloud/core/metadata_helper.rb
 - lib/vcloud/core/org_vdc_network.rb
 - lib/vcloud/core/query.rb
@@ -194,6 +214,7 @@ files:
 - lib/vcloud/core/vm.rb
 - lib/vcloud/fog.rb
 - lib/vcloud/fog/content_types.rb
+- lib/vcloud/fog/login.rb
 - lib/vcloud/fog/model_interface.rb
 - lib/vcloud/fog/relation.rb
 - lib/vcloud/fog/service_interface.rb
@@ -203,6 +224,8 @@ files:
 - spec/integration/core/vapp_spec.rb
 - spec/integration/core/vdc_spec.rb
 - spec/integration/core/vm_spec.rb
+- spec/integration/fog/login_manual.rb
+- spec/integration/fog/login_spec.rb
 - spec/integration/vcloud_tools_testing_config.yaml.template
 - spec/spec_helper.rb
 - spec/support/integration_helper.rb
@@ -219,6 +242,7 @@ files:
 - spec/vcloud/core/data/working_with_defaults.yaml
 - spec/vcloud/core/edge_gateway_interface_spec.rb
 - spec/vcloud/core/edge_gateway_spec.rb
+- spec/vcloud/core/login_cli_spec.rb
 - spec/vcloud/core/metadata_helper_spec.rb
 - spec/vcloud/core/org_vdc_network_spec.rb
 - spec/vcloud/core/query_cli_spec.rb
@@ -229,8 +253,9 @@ files:
 - spec/vcloud/core/vdc_spec.rb
 - spec/vcloud/core/vm_spec.rb
 - spec/vcloud/fog/fog_model_interface_spec.rb
+- spec/vcloud/fog/login_spec.rb
 - spec/vcloud/fog/service_interface_spec.rb
-- tools/fog_credentials.rb
+- spec/vcloud/fog_spec.rb
 - vcloud-core.gemspec
 homepage: http://github.com/gds-operations/vcloud-core
 licenses:
@@ -253,7 +278,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2096700488299728841
+      hash: 622735401989777949
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.23
@@ -267,6 +292,8 @@ test_files:
 - spec/integration/core/vapp_spec.rb
 - spec/integration/core/vdc_spec.rb
 - spec/integration/core/vm_spec.rb
+- spec/integration/fog/login_manual.rb
+- spec/integration/fog/login_spec.rb
 - spec/integration/vcloud_tools_testing_config.yaml.template
 - spec/spec_helper.rb
 - spec/support/integration_helper.rb
@@ -283,6 +310,7 @@ test_files:
 - spec/vcloud/core/data/working_with_defaults.yaml
 - spec/vcloud/core/edge_gateway_interface_spec.rb
 - spec/vcloud/core/edge_gateway_spec.rb
+- spec/vcloud/core/login_cli_spec.rb
 - spec/vcloud/core/metadata_helper_spec.rb
 - spec/vcloud/core/org_vdc_network_spec.rb
 - spec/vcloud/core/query_cli_spec.rb
@@ -293,4 +321,6 @@ test_files:
 - spec/vcloud/core/vdc_spec.rb
 - spec/vcloud/core/vm_spec.rb
 - spec/vcloud/fog/fog_model_interface_spec.rb
+- spec/vcloud/fog/login_spec.rb
 - spec/vcloud/fog/service_interface_spec.rb
+- spec/vcloud/fog_spec.rb

data/tools/fog_credentials.rb

@@ -1,17 +0,0 @@
-# Initialiser for getting vCloud credentials into Fog from Jenkins build
-# parameters, without needing to write them to disk. To be used with:
-#
-#     RUBYOPT="-r ./tools/fog_credentials" bundle exec integration
-#
-# Replace with FOG_VCLOUD_TOKEN support when we have a tool:
-#
-#     https://www.pivotaltracker.com/story/show/68989754
-#
-require 'bundler/setup'
-require 'fog'
-
-Fog.credentials = {
-  :vcloud_director_host     => ENV['API_HOST'],
-  :vcloud_director_username => ENV['API_USERNAME'],
-  :vcloud_director_password => ENV['API_PASSWORD'],
-}