V3 service credential job should fail when the broker request fails (cloudfoundry#1897)

FelisiaM · web-flow · commit c5373de85067 · 2020-10-13T11:02:49.000+01:00
[#174119280](https://www.pivotaltracker.com/story/show/174119280) * Add audit log for credential binding create in progress * Binding job should fail when the broker request fails * Fix formatting * Fix formatting
diff --git a/app/actions/service_credential_binding_create.rb b/app/actions/service_credential_binding_create.rb
@@ -55,6 +55,18 @@ def complete_binding_and_save(binding, binding_details, last_operation)
         event_repository.record_create(binding, @user_audit_info, @audit_hash, manifest_triggered: false)
       end
 
+      def save_incomplete_binding(binding, broker_operation)
+        binding.save_with_attributes_and_new_operation(
+          {},
+          {
+            type: 'create',
+            state: 'in progress',
+            broker_provided_operation: broker_operation
+          }
+        )
+        event_repository.record_start_create(binding, @user_audit_info, @audit_hash, manifest_triggered: false)
+      end
+
       def validate!(service_instance, app, volume_mount_services_enabled)
         app_is_required! unless app.present?
         space_mismatch! unless all_space_guids(service_instance).include? app.space.guid
diff --git a/app/actions/v3/service_binding_create.rb b/app/actions/v3/service_binding_create.rb
@@ -64,7 +64,7 @@ def poll(binding)
             description: e.message,
           }
         )
-        PollingFinished
+        raise e
       end
 
       class BindingNotRetrievable < StandardError; end
diff --git a/spec/request/service_credential_bindings_spec.rb b/spec/request/service_credential_bindings_spec.rb
@@ -1049,6 +1049,7 @@ def check_filtered_bindings(*bindings)
       let(:plan) { VCAP::CloudController::ServicePlan.make(service: offering) }
       let(:service_instance) { VCAP::CloudController::ManagedServiceInstance.make(space: space, service_plan: plan) }
       let(:binding) { VCAP::CloudController::ServiceBinding.last }
+      let(:audit) { VCAP::CloudController::Event.last }
       let(:job) { VCAP::CloudController::PollableJobModel.last }
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS do
@@ -1286,6 +1287,17 @@ def check_filtered_bindings(*bindings)
             expect(job.state).to eq(VCAP::CloudController::PollableJobModel::POLLING_STATE)
           end
 
+          it 'logs an audit event' do
+            execute_all_jobs(expected_successes: 1, expected_failures: 0)
+
+            event = VCAP::CloudController::Event.find(type: 'audit.service_binding.start_create')
+            expect(event).to be
+            expect(event.actee).to eq(binding.guid)
+            expect(event.data).to include({
+              'request' => create_body.with_indifferent_access
+            })
+          end
+
           it 'enqueues the next fetch last operation job' do
             execute_all_jobs(expected_successes: 1, expected_failures: 0)
             expect(Delayed::Job.count).to eq(1)
@@ -1325,6 +1337,28 @@ def check_filtered_bindings(*bindings)
 
               expect(job.state).to eq(VCAP::CloudController::PollableJobModel::COMPLETE_STATE)
             end
+
+            context 'fetching binding fails ' do
+              let(:fetch_binding_status_code) { 404 }
+              let(:fetch_binding_body) {}
+
+              it 'fails the job' do
+                execute_all_jobs(expected_successes: 0, expected_failures: 1)
+
+                expect(binding.last_operation.type).to eq('create')
+                expect(binding.last_operation.state).to eq('failed')
+                expect(binding.last_operation.description).to include('The service broker rejected the request. Status Code: 404 Not Found')
+
+                expect(job.state).to eq(VCAP::CloudController::PollableJobModel::FAILED_STATE)
+                expect(job.cf_api_error).not_to be_nil
+                error = YAML.safe_load(job.cf_api_error)
+                expect(error['errors'].first).to include({
+                  'code' => 10009,
+                  'title' => 'CF-UnableToPerform',
+                  'detail' => 'bind could not be completed: The service broker rejected the request. Status Code: 404 Not Found, Body: null',
+                })
+              end
+            end
           end
 
           it_behaves_like 'binding last operation response handling', 'create'
diff --git a/spec/support/shared_examples/v3_service_binding_create.rb b/spec/support/shared_examples/v3_service_binding_create.rb
@@ -160,9 +160,7 @@ class BadError < StandardError; end
       it 'should stop polling for other errors' do
         allow(broker_client).to receive(:fetch_service_binding_last_operation).and_raise(RuntimeError)
 
-        complete = action.poll(binding)
-
-        expect(complete).to be_truthy
+        expect { action.poll(binding) }.to raise_error(RuntimeError)
 
         binding.reload
         expect(binding.last_operation.type).to eq('create')
@@ -203,9 +201,7 @@ class BadError < StandardError; end
         end
 
         it 'marks the binding as failed' do
-          complete = action.poll(binding)
-
-          expect(complete).to be_truthy
+          expect { action.poll(binding) }.to raise_error(BadError)
 
           binding.reload
           expect(binding.last_operation.type).to eq('create')
diff --git a/spec/unit/actions/service_credential_binding_create_spec.rb b/spec/unit/actions/service_credential_binding_create_spec.rb
@@ -18,6 +18,7 @@ module V3
       before do
         @service_binding_event_repository = Repositories::ServiceBindingEventRepository
         allow(@service_binding_event_repository).to receive(:record_create)
+        allow(@service_binding_event_repository).to receive(:record_start_create)
       end
 
       describe '#precursor' do
@@ -174,7 +175,7 @@ module V3
         it_behaves_like 'service binding creation', ServiceBinding
 
         describe 'app specific behaviour' do
-          RSpec.shared_examples 'the credential binding bind' do
+          RSpec.shared_examples 'the sync credential binding' do
             it 'creates and returns the credential binding' do
               action.bind(precursor)
 
@@ -220,7 +221,23 @@ module V3
               allow(VCAP::Services::ServiceBrokers::V2::Client).to receive(:new).and_return(broker_client)
             end
 
-            it_behaves_like 'the credential binding bind'
+            it_behaves_like 'the sync credential binding'
+
+            context 'asynchronous binding' do
+              let(:broker_provided_operation) { Sham.guid }
+              let(:bind_async_response) { { async: true, operation: broker_provided_operation } }
+              let(:broker_client) { instance_double(VCAP::Services::ServiceBrokers::V2::Client, bind: bind_async_response) }
+
+              it 'should log audit start_create' do
+                action.bind(precursor)
+                expect(@service_binding_event_repository).to have_received(:record_start_create).with(
+                  precursor,
+                  user_audit_info,
+                  audit_hash,
+                  manifest_triggered: false,
+                )
+              end
+            end
           end
 
           context 'user-provided service instance' do
@@ -233,7 +250,7 @@ module V3
             }
             let(:service_instance) { UserProvidedServiceInstance.make(**details) }
 
-            it_behaves_like 'the credential binding bind'
+            it_behaves_like 'the sync credential binding'
           end
         end
       end

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ def poll(binding)`
`64`	`64`	`description: e.message,`
`65`	`65`	`}`
`66`	`66`	`)`
`67`		`- PollingFinished`
	`67`	`+ raise e`
`68`	`68`	`end`
`69`	`69`
`70`	`70`	`class BindingNotRetrievable < StandardError; end`