Introduce 'file-based-vcap-services' app feature

svkrieger · svkrieger · commit 2e6668413f9a · 2025-02-27T12:39:24.000+01:00
diff --git a/app/actions/app_feature_update.rb b/app/actions/app_feature_update.rb
@@ -8,6 +8,8 @@ def self.update(feature_name, app, message)
         app.update(revisions_enabled: message.enabled)
       when 'service-binding-k8s'
         app.update(service_binding_k8s_enabled: message.enabled)
+      when 'file-based-vcap-services'
+        app.update(file_based_vcap_services_enabled: message.enabled)
       end
     end
   end
diff --git a/app/controllers/v3/app_features_controller.rb b/app/controllers/v3/app_features_controller.rb
@@ -3,6 +3,7 @@
 require 'presenters/v3/app_ssh_feature_presenter'
 require 'presenters/v3/app_revisions_feature_presenter'
 require 'presenters/v3/app_service_binding_k8s_feature_presenter'
+require 'presenters/v3/app_file_based_vcap_services_feature_presenter'
 require 'presenters/v3/app_ssh_status_presenter'
 require 'actions/app_feature_update'
 
@@ -12,8 +13,9 @@ class AppFeaturesController < ApplicationController
   SSH_FEATURE = 'ssh'.freeze
   REVISIONS_FEATURE = 'revisions'.freeze
   SERVICE_BINDING_K8S_FEATURE = 'service-binding-k8s'.freeze
+  FILE_BASED_VCAP_SERVICES_FEATURE = 'file-based-vcap-services'.freeze
 
-  TRUSTED_APP_FEATURES = [SSH_FEATURE, SERVICE_BINDING_K8S_FEATURE].freeze
+  TRUSTED_APP_FEATURES = [SSH_FEATURE, SERVICE_BINDING_K8S_FEATURE, FILE_BASED_VCAP_SERVICES_FEATURE].freeze
   UNTRUSTED_APP_FEATURES = [REVISIONS_FEATURE].freeze
   APP_FEATURES = (TRUSTED_APP_FEATURES + UNTRUSTED_APP_FEATURES).freeze
 
@@ -53,6 +55,10 @@ def update
     message = VCAP::CloudController::AppFeatureUpdateMessage.new(hashed_params['body'])
     unprocessable!(message.errors.full_messages) unless message.valid?
 
+    if message.enabled && both_service_binding_features_enabled?(app, name)
+      unprocessable!("'file-based-vcap-services' and 'service-binding-k8s' features cannot be enabled at the same time.")
+    end
+
     AppFeatureUpdate.update(hashed_params[:name], app, message)
     render status: :ok, json: feature_presenter_for(hashed_params[:name], app)
   end
@@ -83,7 +89,8 @@ def feature_presenter_for(feature_name, app)
     presenters = {
       SSH_FEATURE => Presenters::V3::AppSshFeaturePresenter,
       REVISIONS_FEATURE => Presenters::V3::AppRevisionsFeaturePresenter,
-      SERVICE_BINDING_K8S_FEATURE => Presenters::V3::AppServiceBindingK8sFeaturePresenter
+      SERVICE_BINDING_K8S_FEATURE => Presenters::V3::AppServiceBindingK8sFeaturePresenter,
+      FILE_BASED_VCAP_SERVICES_FEATURE => Presenters::V3::AppFileBasedVcapServicesFeaturePresenter
     }
     presenters[feature_name].new(app)
   end
@@ -92,7 +99,16 @@ def presented_app_features(app)
     [
       Presenters::V3::AppSshFeaturePresenter.new(app),
       Presenters::V3::AppRevisionsFeaturePresenter.new(app),
-      Presenters::V3::AppServiceBindingK8sFeaturePresenter.new(app)
+      Presenters::V3::AppServiceBindingK8sFeaturePresenter.new(app),
+      Presenters::V3::AppFileBasedVcapServicesFeaturePresenter.new(app)
     ]
   end
+
+  def both_service_binding_features_enabled?(app, feature_name)
+    if feature_name == 'file-based-vcap-services'
+      app.service_binding_k8s_enabled
+    elsif feature_name == 'service-binding-k8s'
+      app.file_based_vcap_services_enabled
+    end
+  end
 end
diff --git a/app/presenters/v3/app_file_based_vcap_services_feature_presenter.rb b/app/presenters/v3/app_file_based_vcap_services_feature_presenter.rb
@@ -0,0 +1,19 @@
+require 'presenters/v3/base_presenter'
+
+module VCAP::CloudController::Presenters::V3
+  class AppFileBasedVcapServicesFeaturePresenter < BasePresenter
+    def to_hash
+      {
+        name: 'file-based-vcap-services',
+        description: 'Enable file-based VCAP service bindings for the app',
+        enabled: app.file_based_vcap_services_enabled
+      }
+    end
+
+    private
+
+    def app
+      @resource
+    end
+  end
+end
diff --git a/db/migrations/20250225132929_add_apps_service_binding_k8s_enabled_column.rb b/db/migrations/20250225132929_add_apps_service_binding_k8s_enabled_column.rb
@@ -1,5 +1,19 @@
 Sequel.migration do
-  change do
-    add_column :apps, :service_binding_k8s_enabled, :boolean, default: false, null: false
+  up do
+    alter_table :apps do
+      add_column :service_binding_k8s_enabled, :boolean, default: false, null: false
+      add_column :file_based_vcap_services_enabled, :boolean, default: false, null: false
+      add_constraint(name: :only_one_sb_feature_enabled) do
+        Sequel.lit('NOT (service_binding_k8s_enabled AND file_based_vcap_services_enabled)')
+      end
+    end
+  end
+
+  down do
+    alter_table :apps do
+      drop_column :service_binding_k8s_enabled
+      drop_column :file_based_vcap_services_enabled
+      drop_constraint(name: :only_one_sb_feature_enabled)
+    end
   end
 end
diff --git a/docs/v3/source/includes/api_resources/_app_features.erb b/docs/v3/source/includes/api_resources/_app_features.erb
@@ -23,10 +23,15 @@
       "name": "service-binding-k8s",
       "description": "Enable k8s service bindings for the app",
       "enabled": false
+    },
+    {
+      "name": "file-based-vcap-services",
+      "description": "Enable file-based VCAP service bindings for the app",
+      "enabled": false
     }
   ],
   "pagination": {
-    "total_results": 3,
+    "total_results": 4,
     "total_pages": 1,
     "first": { "href": "/v3/apps/05d39de4-2c9e-4c76-8fd6-10417da07e42/features" },
     "last": { "href": "/v3/apps/05d39de4-2c9e-4c76-8fd6-10417da07e42/features" },
diff --git a/docs/v3/source/includes/resources/app_features/_supported_features.md.erb b/docs/v3/source/includes/resources/app_features/_supported_features.md.erb
@@ -7,3 +7,4 @@ Name | Description
 **ssh** | Enable SSHing into the app
 **revisions** | Enable [versioning](#revisions) of an application
 **service-binding-k8s** | Enable k8s service bindings for the app (experimental)
+**file-based-vcap-services** | Enable file-based VCAP service bindings for the app (experimental)
diff --git a/spec/request/app_features_spec.rb b/spec/request/app_features_spec.rb
@@ -7,7 +7,14 @@
   let(:admin_header) { admin_headers_for(user) }
   let(:org) { VCAP::CloudController::Organization.make(created_at: 3.days.ago) }
   let(:space) { VCAP::CloudController::Space.make(organization: org) }
-  let(:app_model) { VCAP::CloudController::AppModel.make(space: space, enable_ssh: true, service_binding_k8s_enabled: true) }
+  let(:service_binding_k8s_enabled) { true }
+  let(:file_based_vcap_services_enabled) { false }
+  let(:request_body_enabled) { { body: { enabled: true } } }
+  let(:app_model) { VCAP::CloudController::AppModel.make(
+    space: space,
+    enable_ssh: true,
+    service_binding_k8s_enabled: service_binding_k8s_enabled,
+    file_based_vcap_services_enabled: file_based_vcap_services_enabled) }
 
   describe 'GET /v3/apps/:guid/features' do
     context 'getting a list of available features for the app' do
@@ -29,11 +36,16 @@
               'name' => 'service-binding-k8s',
               'description' => 'Enable k8s service bindings for the app',
               'enabled' => true
+            },
+            {
+              'name' => 'file-based-vcap-services',
+              'description' => 'Enable file-based VCAP service bindings for the app',
+              'enabled' => false
             }
           ],
           'pagination' =>
             {
-              'total_results' => 3,
+              'total_results' => 4,
               'total_pages' => 1,
               'first' => { 'href' => "/v3/apps/#{app_model.guid}/features" },
               'last' => { 'href' => "/v3/apps/#{app_model.guid}/features" },
@@ -112,6 +124,19 @@
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
     end
+
+    context 'file-based-vcap-services app feature' do
+      let(:api_call) { ->(user_headers) { get "/v3/apps/#{app_model.guid}/features/file-based-vcap-services", nil, user_headers } }
+      let(:feature_response_object) do
+        {
+          'name' => 'file-based-vcap-services',
+          'description' => 'Enable file-based VCAP service bindings for the app',
+          'enabled' => false
+        }
+      end
+
+      it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+    end
   end
 
   describe 'PATCH /v3/apps/:guid/features/:name' do
@@ -192,36 +217,148 @@
     end
 
     context 'service-binding-k8s app feature' do
-      let(:api_call) { ->(user_headers) { patch "/v3/apps/#{app_model.guid}/features/service-binding-k8s", request_body.to_json, user_headers } }
-      let(:feature_response_object) do
-        {
-          'name' => 'service-binding-k8s',
-          'description' => 'Enable k8s service bindings for the app',
-          'enabled' => false
-        }
+      context 'when feature is enabled' do
+        let(:service_binding_k8s_enabled) { true }
+        let(:api_call) { ->(user_headers) { patch "/v3/apps/#{app_model.guid}/features/service-binding-k8s", request_body.to_json, user_headers } }
+        let(:feature_response_object) do
+          {
+            'name' => 'service-binding-k8s',
+            'description' => 'Enable k8s service bindings for the app',
+            'enabled' => false
+          }
+        end
+
+        let(:expected_codes_and_responses) do
+          h = Hash.new({ code: 403, errors: CF_NOT_AUTHORIZED }.freeze)
+          %w[no_role org_auditor org_billing_manager].each { |r| h[r] = { code: 404 } }
+          %w[admin space_developer].each { |r| h[r] = { code: 200, response_object: feature_response_object } }
+          h
+        end
+
+        it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+
+        context 'when organization is suspended' do
+          let(:expected_codes_and_responses) do
+            h = super()
+            h['space_developer'] = { code: 403, errors: CF_ORG_SUSPENDED }
+            h
+          end
+
+          before do
+            org.update(status: VCAP::CloudController::Organization::SUSPENDED)
+          end
+
+          it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+        end
       end
 
-      let(:expected_codes_and_responses) do
-        h = Hash.new({ code: 403, errors: CF_NOT_AUTHORIZED }.freeze)
-        %w[no_role org_auditor org_billing_manager].each { |r| h[r] = { code: 404 } }
-        %w[admin space_developer].each { |r| h[r] = { code: 200, response_object: feature_response_object } }
-        h
+      context 'when feature is disabled' do
+        let(:service_binding_k8s_enabled) { false }
+        let(:api_call) { ->(user_headers) { patch "/v3/apps/#{app_model.guid}/features/service-binding-k8s", request_body_enabled.to_json, user_headers } }
+
+        let(:feature_response_object) do
+          {
+            'name' => 'service-binding-k8s',
+            'description' => 'Enable k8s service bindings for the app',
+            'enabled' => true
+          }
+        end
+
+        let(:expected_codes_and_responses) do
+          h = Hash.new({ code: 403, errors: CF_NOT_AUTHORIZED }.freeze)
+          %w[no_role org_auditor org_billing_manager].each { |r| h[r] = { code: 404 } }
+          %w[admin space_developer].each { |r| h[r] = { code: 200, response_object: feature_response_object } }
+          h
+        end
+
+        it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+
+        context 'when file-based-vcap-services is enabled' do
+          before do
+            patch "/v3/apps/#{app_model.guid}/features/file-based-vcap-services", request_body_enabled.to_json, admin_header
+          end
+
+          it 'returns an error which states that both features cannot be enabled at the same time' do
+            patch "/v3/apps/#{app_model.guid}/features/service-binding-k8s", request_body_enabled.to_json, admin_header
+
+            expect(last_response.status).to eq(422)
+            expect(parsed_response['errors'][0]['detail']).to eq("'file-based-vcap-services' and 'service-binding-k8s' features cannot be enabled at the same time.")
+          end
+        end
       end
+    end
 
-      it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+    context 'file-based-vcap-services app feature' do
+      context 'when feature is enabled' do
+        let(:service_binding_k8s_enabled) { false }
+        let(:file_based_vcap_services_enabled) { true }
+        let(:api_call) { ->(user_headers) { patch "/v3/apps/#{app_model.guid}/features/file-based-vcap-services", request_body.to_json, user_headers } }
+        let(:feature_response_object) do
+          {
+            'name' => 'file-based-vcap-services',
+            'description' => 'Enable file-based VCAP service bindings for the app',
+            'enabled' => false
+          }
+        end
 
-      context 'when organization is suspended' do
         let(:expected_codes_and_responses) do
-          h = super()
-          h['space_developer'] = { code: 403, errors: CF_ORG_SUSPENDED }
+          h = Hash.new({ code: 403, errors: CF_NOT_AUTHORIZED }.freeze)
+          %w[no_role org_auditor org_billing_manager].each { |r| h[r] = { code: 404 } }
+          %w[admin space_developer].each { |r| h[r] = { code: 200, response_object: feature_response_object } }
           h
         end
 
-        before do
-          org.update(status: VCAP::CloudController::Organization::SUSPENDED)
+        it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+
+        context 'when organization is suspended' do
+          let(:expected_codes_and_responses) do
+            h = super()
+            h['space_developer'] = { code: 403, errors: CF_ORG_SUSPENDED }
+            h
+          end
+
+          before do
+            org.update(status: VCAP::CloudController::Organization::SUSPENDED)
+          end
+
+          it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+        end
+      end
+
+      context 'when feature is disabled' do
+        let(:service_binding_k8s_enabled) { false }
+        let(:file_based_vcap_services_enabled) { false }
+        let(:api_call) { ->(user_headers) { patch "/v3/apps/#{app_model.guid}/features/file-based-vcap-services", request_body_enabled.to_json, user_headers } }
+
+        let(:feature_response_object) do
+          {
+            'name' => 'file-based-vcap-services',
+            'description' => 'Enable file-based VCAP service bindings for the app',
+            'enabled' => true
+          }
+        end
+
+        let(:expected_codes_and_responses) do
+          h = Hash.new({ code: 403, errors: CF_NOT_AUTHORIZED }.freeze)
+          %w[no_role org_auditor org_billing_manager].each { |r| h[r] = { code: 404 } }
+          %w[admin space_developer].each { |r| h[r] = { code: 200, response_object: feature_response_object } }
+          h
         end
 
         it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+
+        context 'when service-binding-k8s is enabled' do
+          before do
+            patch "/v3/apps/#{app_model.guid}/features/service-binding-k8s", request_body_enabled.to_json, admin_header
+          end
+
+          it 'returns an error which states that both features cannot be enabled at the same time' do
+            patch "/v3/apps/#{app_model.guid}/features/file-based-vcap-services", request_body_enabled.to_json, admin_header
+
+            expect(last_response.status).to eq(422)
+            expect(parsed_response['errors'][0]['detail']).to eq("'file-based-vcap-services' and 'service-binding-k8s' features cannot be enabled at the same time.")
+          end
+        end
       end
     end
   end
diff --git a/spec/unit/actions/app_feature_update_spec.rb b/spec/unit/actions/app_feature_update_spec.rb
@@ -5,7 +5,7 @@
 module VCAP::CloudController
   RSpec.describe AppFeatureUpdate do
     subject(:app_feature_update) { AppFeatureUpdate }
-    let(:app) { AppModel.make(enable_ssh: false, revisions_enabled: false, file_based_service_bindings_enabled: false) }
+    let(:app) { AppModel.make(enable_ssh: false, revisions_enabled: false) }
     let(:message) { AppFeatureUpdateMessage.new(enabled: true) }
 
     describe '.update' do
@@ -32,6 +32,14 @@ module VCAP::CloudController
           end.to change { app.reload.service_binding_k8s_enabled }.to(true)
         end
       end
+
+      context 'when the feature name is file-based-vcap-services' do
+        it 'updates the file_based_vcap_services_enabled column on the app' do
+          expect do
+            AppFeatureUpdate.update('file-based-vcap-services', app, message)
+          end.to change { app.reload.file_based_vcap_services_enabled }.to(true)
+        end
+      end
     end
   end
 end
diff --git a/spec/unit/controllers/v3/app_features_controller_spec.rb b/spec/unit/controllers/v3/app_features_controller_spec.rb
diff --git a/spec/unit/presenters/v3/app_feature_presenter_spec.rb b/spec/unit/presenters/v3/app_feature_presenter_spec.rb
