V3: POST /v3/routes on TCP domains: no host/path

TCP domains don't accept `host` or `path` in the body of the request.
`path` is an HTTP attribute, and thus makes no sense for a TCP domain.
Although you could make the argument that `host` is not an HTTP
attribute, its purpose is to enable [Name-based Virtual Host
Support](https://httpd.apache.org/docs/2.4/vhosts/name-based.html),
which again is HTTP-thing. This is usually accomplished with a wildcard
DNS entry (e.g. `*.domain.tld).

Many Cloud Foundry installations have a TCP domain, with an IP
address/load balancer distinct from the shared app domain. Often the
DNS entry's hostname is `tcp`, as in `tcp.domain.tld`.

The convention we are using to identify a TCP domain is the following:
- if it's running on k8s, it's an "http" domain (this will change)
- if `router_group.guid` is populated, it's a "tcp" domain.

- The route controller has an awkward method,
  `unprocessable_non_http_protocols(message, domain)`; its sole purpose is
  to appease RuboCop's `Metrics/CyclomaticComplexity` requirements. Yes,
  we are not happy about it either.

- We yanked the `protocols` method (which returns the domain's protocols,
  currently "http" and "tcp") out of the presenter and thrust it into the
  model, which is a more appropriate home. We also backfilled tests for
  it.

[finishes #169636853]

Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
Co-authored-by: Brian Cunnie <bcunnie@pivotal.io>

Author: monamohebbi

app/controllers/v3/routes_controller.rb

@@ -67,7 +67,10 @@ def create
     unprocessable_space! unless space
     unprocessable_domain! unless domain
     unauthorized! unless permission_queryer.can_write_to_space?(space.guid)
-    unprocessable_wildcard! if domain.shared? && message.wildcard? && !permission_queryer.can_write_globally?
+    if domain.shared?
+      unprocessable_wildcard! if message.wildcard? && !permission_queryer.can_write_globally?
+      unprocessable_non_http_protocols(message, domain)
+    end
 
     route = RouteCreate.new(user_audit_info).create(message: message, space: space, domain: domain)
 
@@ -222,6 +225,14 @@ def unprocessable_domain!
     unprocessable!('Invalid domain. Ensure that the domain exists and you have access to it.')
   end
 
+  def unprocessable_protocol_host!
+    unprocessable!('Hosts are not supported for TCP routes.')
+  end
+
+  def unprocessable_protocol_path!
+    unprocessable!('Paths are not supported for TCP routes.')
+  end
+
   def validate_app_guids!(apps_hash, desired_app_guids)
     existing_app_guids = apps_hash.keys
 
@@ -239,4 +250,15 @@ def validate_app_spaces!(apps_hash, route)
   def app_not_found!
     resource_not_found!(:app)
   end
+
+  def non_http_protocols_present?(domain)
+    !(domain.protocols - ['http']).empty?
+  end
+
+  def unprocessable_non_http_protocols(message, domain)
+    if non_http_protocols_present?(domain)
+      unprocessable_protocol_host! if message.host
+      unprocessable_protocol_path! if message.path
+    end
+  end
 end

spec/request/routes_spec.rb

@@ -938,6 +938,61 @@
   end
 
   describe 'POST /v3/routes' do
+    context 'when creating a route in a tcp domain' do
+      let(:domain) { VCAP::CloudController::SharedDomain.make(router_group_guid: 'some-router-group', router_group_type: 'tcp') }
+      before do
+        token = { token_type: 'Bearer', access_token: 'my-favourite-access-token' }
+        stub_request(:post, 'https://uaa.service.cf.internal/oauth/token').
+          to_return(status: 200, body: token.to_json, headers: { 'Content-Type' => 'application/json' })
+        stub_request(:get, 'http://localhost:3000/routing/v1/router_groups').
+          to_return(status: 200, body: '[{"guid":"some-router-group","name":"Robby Router","type":"tcp","reservable_ports":"25555"}]', headers: {})
+      end
+
+      context 'and the route has a host' do
+        let(:params) do
+          {
+            host: 'my-host',
+            relationships: {
+              space: {
+                data: { guid: space.guid }
+              },
+              domain: {
+                data: { guid: domain.guid }
+              },
+            }
+          }
+        end
+
+        it 'returns a 422 and a helpful error message' do
+          post '/v3/routes', params.to_json, admin_header
+          expect(last_response.status).to eq(422)
+          expect(last_response).to have_error_message('Hosts are not supported for TCP routes.')
+        end
+      end
+
+      context 'and the route has a path' do
+        let(:params) do
+          {
+            path: '/cgi-bin',
+            relationships: {
+              space: {
+                data: { guid: space.guid }
+              },
+              domain: {
+                data: { guid: domain.guid }
+              },
+            }
+          }
+        end
+
+        it 'returns a 422 and a helpful error message' do
+          post '/v3/routes', params.to_json, admin_header
+          expect(last_response.status).to eq(422)
+          expect(last_response).to have_error_message('Paths are not supported for TCP routes.')
+        end
+      end
+    end
+
     context 'when creating a route in a scoped domain' do
       let(:domain) { VCAP::CloudController::PrivateDomain.make(owning_organization: space.organization) }
 

spec/unit/models/runtime/domain_spec.rb

@@ -115,6 +115,40 @@ module VCAP::CloudController
       end
     end
 
+    describe 'protocols' do
+      let(:domain_with_router_group) { Domain.make(router_group_guid: 'some-guid') }
+      before do
+        allow(VCAP::CloudController::Config).to receive_message_chain(:config, :get).with(:kubernetes, :host_url).and_return k8s_enabled
+      end
+
+      context 'kubernetes is enabled (which implies istio)' do
+        let(:k8s_enabled) { 'k8s' }
+        context "there's a router group (this should never happen)" do
+          it 'will return http' do
+            expect(domain_with_router_group.protocols).to eq(['http'])
+          end
+        end
+        context "there's no router group" do
+          it 'will still return http' do
+            expect(subject.protocols).to eq(['http'])
+          end
+        end
+      end
+      context "kubernetes isn't enabled; it's the canonical routing back-end" do
+        let(:k8s_enabled) { '' }
+        context "there's a router group" do
+          it 'will return tcp' do
+            expect(domain_with_router_group.protocols).to eq(['tcp'])
+          end
+        end
+        context "there's no router group" do
+          it 'will return http' do
+            expect(subject.protocols).to eq(['http'])
+          end
+        end
+      end
+    end
+
     describe '#spaces_sti_eager_load (eager loading)' do
       before { SharedDomain.dataset.destroy }