Fix empty secret with later service catalog version and multiple call…

…s to bind
mickybart · Apr 23, 2018 · 8cd3e51 · 8cd3e51
1 parent ffa4281
commit 8cd3e51
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/atlasbroker/config.py b/atlasbroker/config.py
@@ -181,6 +181,27 @@ def generate_binding_credentials(self, binding):
         # return creds
         return creds
 
+    def isGenerateBindingCredentialsPredictible(self):
+        """Is generate_binding_credentials predictible ?
+        
+        Permit to know if generate_binding_credentials call will generate same credentials
+        for every calls with the same binding parameter.
+        
+        During the binding, the first bind will send a 201 Created response with credentials in the paylod.
+        All other calls to bind with same parameters should return a 200 OK with credentials payload.
+        If a call to bind with different parameters is done, a 409 is returned without credentials payload.
+        
+        However, some brokers do not respect 201/200/409 and some broker like UPS one will just send 200 for everything.
+        
+        To better handle and/or workaround specs, we need to know if generate_binding_credentials
+        for an identical binding will return the same credentials.
+        That will permit the broker to decide if it can return credentials with 200 when it firstly created them with a 201
+        or to workaround the answer to avoid the service catalog to inject inaccurate credentials.
+        
+        In the best world, it should be good to be able to generate "static" credentials and set the return to True on this function.
+        """
+        return False
+
     def generate_binding_username(self, binding):
         """Generate binding username
         

diff --git a/atlasbroker/servicebinding.py b/atlasbroker/servicebinding.py
@@ -90,8 +90,17 @@ def bind(self, binding, parameters):
                            credentials = creds)
 
         elif binding.parameters == parameters:
-            # Identical so nothing to do
-            return Binding(BindState.IDENTICAL_ALREADY_EXISTS)
+            if self.backend.config.isGenerateBindingCredentialsPredictible():
+                # Identical and credentials generation is predictible so we can return credentials again.
+                creds = self.backend.config.generate_binding_credentials(binding)
+
+                return Binding(BindState.IDENTICAL_ALREADY_EXISTS,
+                               credentials = creds)
+
+            # Identical but credentials generation is NOT predictible. So we are breaking the spec to avoid
+            # wrong data injection. In this case we trigger a conflicting parameters for the existing binding depsite
+            # this is not the case.
+            raise ErrBindingAlreadyExists()
 
         else:
             # Different parameters ...