From 8cd3e513298ec61ae7af181b35a6744ba3750c2d Mon Sep 17 00:00:00 2001
From: mickybart <mickybart@pygoscelis.org>
Date: Mon, 23 Apr 2018 15:20:13 -0400
Subject: [PATCH] Fix empty secret with later service catalog version and
 multiple calls to bind

---
 atlasbroker/config.py         | 21 +++++++++++++++++++++
 atlasbroker/servicebinding.py | 13 +++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/atlasbroker/config.py b/atlasbroker/config.py
index c8660c8..24b64d8 100644
--- a/atlasbroker/config.py
+++ b/atlasbroker/config.py
@@ -181,6 +181,27 @@ def generate_binding_credentials(self, binding):
         # return creds
         return creds
     
+    def isGenerateBindingCredentialsPredictible(self):
+        """Is generate_binding_credentials predictible ?
+        
+        Permit to know if generate_binding_credentials call will generate same credentials
+        for every calls with the same binding parameter.
+        
+        During the binding, the first bind will send a 201 Created response with credentials in the paylod.
+        All other calls to bind with same parameters should return a 200 OK with credentials payload.
+        If a call to bind with different parameters is done, a 409 is returned without credentials payload.
+        
+        However, some brokers do not respect 201/200/409 and some broker like UPS one will just send 200 for everything.
+        
+        To better handle and/or workaround specs, we need to know if generate_binding_credentials
+        for an identical binding will return the same credentials.
+        That will permit the broker to decide if it can return credentials with 200 when it firstly created them with a 201
+        or to workaround the answer to avoid the service catalog to inject inaccurate credentials.
+        
+        In the best world, it should be good to be able to generate "static" credentials and set the return to True on this function.
+        """
+        return False
+    
     def generate_binding_username(self, binding):
         """Generate binding username
         
diff --git a/atlasbroker/servicebinding.py b/atlasbroker/servicebinding.py
index fe67b27..52966f9 100644
--- a/atlasbroker/servicebinding.py
+++ b/atlasbroker/servicebinding.py
@@ -90,8 +90,17 @@ def bind(self, binding, parameters):
                            credentials = creds)
         
         elif binding.parameters == parameters:
-            # Identical so nothing to do
-            return Binding(BindState.IDENTICAL_ALREADY_EXISTS)
+            if self.backend.config.isGenerateBindingCredentialsPredictible():
+                # Identical and credentials generation is predictible so we can return credentials again.
+                creds = self.backend.config.generate_binding_credentials(binding)
+                
+                return Binding(BindState.IDENTICAL_ALREADY_EXISTS,
+                               credentials = creds)
+            
+            # Identical but credentials generation is NOT predictible. So we are breaking the spec to avoid
+            # wrong data injection. In this case we trigger a conflicting parameters for the existing binding depsite
+            # this is not the case.
+            raise ErrBindingAlreadyExists()
         
         else:
             # Different parameters ...