CPP-817 - Provide error if override attempt of cloud bundle or contct points/ssl context (#294)

* CPP-817 - Provide error if override attempt of cloud bundle or contact points/ssl context

Author: mikefero

cpp-driver/gtests/src/integration/tests/test_dbaas.cpp

@@ -134,8 +134,8 @@ class DbaasTests : public Integration {
       Cluster cluster = default_cluster(false)
                             .with_randomized_contact_points(false)
                             .with_load_balance_round_robin();
-      cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                      creds_v1().c_str());
+      EXPECT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                             cluster.get(), creds_v1().c_str()));
       Session session = cluster.connect();
       for (int i = 0; i < 3; ++i) {
         Row row = session.execute(SELECT_ALL_SYSTEM_LOCAL_CQL).first_row();
@@ -260,8 +260,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, ResolveAndConnect) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 }
 
@@ -282,8 +282,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, QueryEachNode) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false).with_load_balance_round_robin();
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   ServerNames server_names;
@@ -319,8 +319,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, SchemaMetadata) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   // clang-format off
@@ -434,6 +434,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, SchemaMetadata) {
     EXPECT_EQ(Text("(0, 0)"), Text(initcond));
     ASSERT_TRUE(true);
   }
+
+  cass_schema_meta_free(schema_meta);
 }
 
 /**
@@ -454,8 +456,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, ConsistencyGuardrails) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   session_.execute(
@@ -489,8 +491,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, ConsistencyGuardrailsInvalid) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   session_.execute(
@@ -535,8 +537,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, DcAwareTokenAwareRoutingDefault) {
   replicas.push_back(std::pair<int, int>(5, 2));
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   for (std::vector<std::pair<int, int> >::iterator it = replicas.begin(), end = replicas.end();
@@ -568,8 +570,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, ResolveAndConnectWithoutCredsInBundle)
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1_no_creds().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1_no_creds().c_str()));
   cluster.with_credentials("cassandra", "cassandra");
   connect(cluster);
 }
@@ -589,8 +591,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, InvalidWithoutCreds) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1_no_creds().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1_no_creds().c_str()));
   try {
     connect(cluster);
     EXPECT_TRUE(false) << "Connection established";
@@ -614,8 +616,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, InvalidMetadataServer) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1_unreachable().c_str());
+  EXPECT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1_unreachable().c_str()));
   try {
     connect(cluster);
     EXPECT_TRUE(false) << "Connection established";
@@ -639,8 +641,9 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, InvalidCertificate) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1_no_cert().c_str());
+  EXPECT_EQ(CASS_ERROR_LIB_BAD_PARAMS,
+            cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                cluster.get(), creds_v1_no_cert().c_str()));
   try {
     connect(cluster);
     EXPECT_TRUE(false) << "Connection established";
@@ -664,8 +667,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, InvalidCertificateAuthority) {
   CHECK_FAILURE;
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1_invalid_ca().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1_invalid_ca().c_str()));
   try {
     connect(cluster);
     EXPECT_TRUE(false) << "Connection established";
@@ -693,8 +696,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, QueryWithNodesDown) {
   ServerNames server_names = get_server_names();
 
   Cluster cluster = default_cluster(false);
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   EXPECT_TRUE(stop_node(1));
@@ -729,8 +732,8 @@ CASSANDRA_INTEGRATION_TEST_F(DbaasTests, FullOutage) {
   ServerNames server_names = get_server_names();
 
   Cluster cluster = default_cluster(false).with_constant_reconnect(10); // Quick reconnect
-  cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(cluster.get(),
-                                                                  creds_v1().c_str());
+  ASSERT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster.get(), creds_v1().c_str()));
   connect(cluster);
 
   EXPECT_TRUE(stop_cluster());

cpp-driver/gtests/src/unit/tests/test_cloud_secure_connect_config.cpp

@@ -20,6 +20,7 @@
 #include "http_test.hpp"
 
 #include "cloud_secure_connection_config.hpp"
+#include "cluster_config.hpp"
 #include "cluster_connector.hpp"
 #include "cluster_metadata_resolver.hpp"
 #include "config.hpp"
@@ -57,10 +58,13 @@
 using datastax::String;
 using datastax::internal::core::AddressVec;
 using datastax::internal::core::CloudSecureConnectionConfig;
+using datastax::internal::core::ClusterConfig;
 using datastax::internal::core::ClusterMetadataResolver;
 using datastax::internal::core::ClusterSettings;
 using datastax::internal::core::Config;
 using datastax::internal::core::HttpClient;
+using datastax::internal::core::SslContext;
+using datastax::internal::core::SslContextFactory;
 using datastax::internal::enterprise::DsePlainTextAuthProvider;
 using datastax::internal::json::StringBuffer;
 using datastax::internal::json::Writer;
@@ -595,4 +599,89 @@ TEST_F(CloudMetadataServerTest, ResolveInvalidJsonErrorResponse) {
 
   stop_http_server();
 }
+
+TEST_F(CloudMetadataServerTest, CloudConfiguredInvalidContactPointsOverride) {
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  create_zip_file(buffer.GetString());
+
+  ClusterConfig cluster_config;
+  CassCluster* cluster = CassCluster::to(&cluster_config);
+  EXPECT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster, creds_zip_file().c_str()));
+  add_logging_critera("Contact points cannot be overridden with cloud secure connection bundle");
+  EXPECT_EQ(CASS_ERROR_LIB_BAD_PARAMS,
+            cass_cluster_set_contact_points(cluster, "some.contact.point"));
+  EXPECT_EQ(logging_criteria_count(), 1);
+}
+
+TEST_F(CloudMetadataServerTest, CloudConfiguredInvalidSslContextOverride) {
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  create_zip_file(buffer.GetString());
+
+  ClusterConfig cluster_config;
+  CassCluster* cluster = CassCluster::to(&cluster_config);
+  SslContext::Ptr ssl_context(SslContextFactory::create());
+  CassSsl* ssl = CassSsl::to(ssl_context.get());
+
+  EXPECT_EQ(CASS_OK, cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                         cluster, creds_zip_file().c_str()));
+  add_logging_critera("SSL context cannot be overridden with cloud secure connection bundle");
+  cass_cluster_set_ssl(cluster, ssl);
+  EXPECT_EQ(logging_criteria_count(), 1);
+}
+
+TEST_F(CloudMetadataServerTest, CloudConfiguredFailureContactPointsExist) {
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  create_zip_file(buffer.GetString());
+
+  ClusterConfig cluster_config;
+  CassCluster* cluster = CassCluster::to(&cluster_config);
+  EXPECT_EQ(CASS_OK, cass_cluster_set_contact_points(cluster, "some.contact.point"));
+  add_logging_critera("Contact points must not be specified with cloud secure connection bundle");
+  EXPECT_EQ(CASS_ERROR_LIB_BAD_PARAMS,
+            cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                cluster, creds_zip_file().c_str()));
+  EXPECT_EQ(logging_criteria_count(), 1);
+}
+
+TEST_F(CloudMetadataServerTest, CloudConfiguredFailureSslContextExist) {
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  create_zip_file(buffer.GetString());
+
+  ClusterConfig cluster_config;
+  CassCluster* cluster = CassCluster::to(&cluster_config);
+  SslContext::Ptr ssl_context(SslContextFactory::create());
+  CassSsl* ssl = CassSsl::to(ssl_context.get());
+
+  cass_cluster_set_ssl(cluster, ssl);
+  add_logging_critera("SSL context must not be specified with cloud secure connection bundle");
+  EXPECT_EQ(CASS_ERROR_LIB_BAD_PARAMS,
+            cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                cluster, creds_zip_file().c_str()));
+  EXPECT_EQ(logging_criteria_count(), 1);
+}
+
+TEST_F(CloudMetadataServerTest, CloudConfiguredFailureContactPointsAndSslContextExist) {
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  create_zip_file(buffer.GetString());
+
+  ClusterConfig cluster_config;
+  CassCluster* cluster = CassCluster::to(&cluster_config);
+  SslContext::Ptr ssl_context(SslContextFactory::create());
+  CassSsl* ssl = CassSsl::to(ssl_context.get());
+
+  EXPECT_EQ(CASS_OK, cass_cluster_set_contact_points(cluster, "some.contact.point"));
+  cass_cluster_set_ssl(cluster, ssl);
+  add_logging_critera(
+      "Contact points and SSL context must not be specified with cloud secure connection bundle");
+  EXPECT_EQ(CASS_ERROR_LIB_BAD_PARAMS,
+            cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(
+                cluster, creds_zip_file().c_str()));
+  EXPECT_EQ(logging_criteria_count(), 1);
+}
 #endif

cpp-driver/src/cluster_config.cpp

@@ -33,7 +33,11 @@ CassError cass_cluster_set_port(CassCluster* cluster, int port) {
 }
 
 void cass_cluster_set_ssl(CassCluster* cluster, CassSsl* ssl) {
-  cluster->config().set_ssl_context(ssl->from());
+  if (cluster->config().cloud_secure_connection_config().is_loaded()) {
+    LOG_ERROR("SSL context cannot be overridden with cloud secure connection bundle");
+  } else {
+    cluster->config().set_ssl_context(ssl->from());
+  }
 }
 
 CassError cass_cluster_set_protocol_version(CassCluster* cluster, int protocol_version) {
@@ -101,6 +105,11 @@ CassError cass_cluster_set_contact_points(CassCluster* cluster, const char* cont
 
 CassError cass_cluster_set_contact_points_n(CassCluster* cluster, const char* contact_points,
                                             size_t contact_points_length) {
+  if (cluster->config().cloud_secure_connection_config().is_loaded()) {
+    LOG_ERROR("Contact points cannot be overridden with cloud secure connection bundle");
+    return CASS_ERROR_LIB_BAD_PARAMS;
+  }
+
   if (contact_points_length == 0) {
     cluster->config().contact_points().clear();
   } else {
@@ -485,7 +494,9 @@ CassError cass_cluster_set_cloud_secure_connection_bundle(CassCluster* cluster,
 
 CassError cass_cluster_set_cloud_secure_connection_bundle_n(CassCluster* cluster, const char* path,
                                                             size_t path_length) {
-  SslContextFactory::init_once();
+  if (cluster->config().contact_points().empty() && !cluster->config().ssl_context()) {
+    SslContextFactory::init_once();
+  }
   return cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init_n(cluster, path,
                                                                            path_length);
 }
@@ -499,6 +510,25 @@ CassError cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init(CassCl
 CassError cass_cluster_set_cloud_secure_connection_bundle_no_ssl_lib_init_n(CassCluster* cluster,
                                                                             const char* path,
                                                                             size_t path_length) {
+  const AddressVec& contact_points = cluster->config().contact_points();
+  const SslContext::Ptr& ssl_context = cluster->config().ssl_context();
+  if (!contact_points.empty() || ssl_context) {
+    String message;
+    if (!cluster->config().contact_points().empty()) {
+      message.append("Contact points");
+    }
+    if (cluster->config().ssl_context()) {
+      if (!message.empty()) {
+        message.append(" and ");
+      }
+      message.append("SSL context");
+    }
+    message.append(" must not be specified with cloud secure connection bundle");
+    LOG_ERROR("%s", message.c_str());
+
+    return CASS_ERROR_LIB_BAD_PARAMS;
+  }
+
   if (!cluster->config().set_cloud_secure_connection_bundle(String(path, path_length))) {
     return CASS_ERROR_LIB_BAD_PARAMS;
   }