wip: Initial work before dealing with overloaded case

Making a commit here because I just see the tests going crazy and I would like to have something. Signed-off-by: Maria Shaldybin <[email protected]>
cloudfoundry · Jan 30, 2024 · 1b1e6ac · 1b1e6ac
1 parent 064a5f0
commit 1b1e6ac
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 5 deletions.
diff --git a/proxy/round_tripper/proxy_round_tripper.go b/proxy/round_tripper/proxy_round_tripper.go
@@ -10,6 +10,7 @@ import (
 	"net/http/httptrace"
 	"net/textproto"
 	"net/url"
+	"strings"
 	"sync"
 	"time"
 
@@ -388,7 +389,9 @@ func setupStickySession(
 
 	requestContainsStickySessionCookies := originalEndpointId != ""
 	requestNotSentToRequestedApp := originalEndpointId != endpoint.PrivateInstanceId
-	shouldSetVCAPID := requestContainsStickySessionCookies && requestNotSentToRequestedApp
+	containsAuthNegotiateHeader := strings.ToLower(response.Header.Get("Authorization")) == "negotiate"
+
+	shouldSetVCAPID := containsAuthNegotiateHeader || (requestContainsStickySessionCookies && requestNotSentToRequestedApp)
 
 	secure := false
 	maxAge := 0

diff --git a/proxy/round_tripper/proxy_round_tripper_test.go b/proxy/round_tripper/proxy_round_tripper_test.go
@@ -1021,7 +1021,7 @@ var _ = Describe("ProxyRoundTripper", func() {
 					return resp
 				}
 
-				setVCAPID := func(req *http.Request, resp *http.Response) (response *http.Response) {
+				setVCAPID := func(resp *http.Response) (response *http.Response) {
 					vcapCookie := http.Cookie{
 						Name:  round_tripper.VcapCookieId,
 						Value: "vcap-id-property-already-on-the-response",
@@ -1034,6 +1034,11 @@ var _ = Describe("ProxyRoundTripper", func() {
 					return resp
 				}
 
+				setAuthorizationNegotiateHeader := func(resp *http.Response) (response *http.Response) {
+					resp.Header.Add("Authorization", "Negotiate")
+					return resp
+				}
+
 				responseContainsNoCookies = func(req *http.Request) (*http.Response, error) {
 					resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
 					return resp, nil
@@ -1047,13 +1052,13 @@ var _ = Describe("ProxyRoundTripper", func() {
 
 				responseContainsVCAPID = func(req *http.Request) (*http.Response, error) {
 					resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
-					setVCAPID(req, resp)
+					setVCAPID(resp)
 					return resp, nil
 				}
 				responseContainsJSESSIONIDAndVCAPID = func(req *http.Request) (*http.Response, error) {
 					resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
 					setJSESSIONID(req, resp, false)
-					setVCAPID(req, resp)
+					setVCAPID(resp)
 					return resp, nil
 				}
 				responseContainsJSESSIONIDWithExtraProperties = func(req *http.Request) (*http.Response, error) {
@@ -1080,7 +1085,6 @@ var _ = Describe("ProxyRoundTripper", func() {
 					Expect(added).To(Equal(route.ADDED))
 					removed := routePool.Remove(endpoint)
 					Expect(removed).To(BeTrue())
-
 				})
 
 				Context("when there are no cookies on the request", func() {
@@ -1123,6 +1127,7 @@ var _ = Describe("ProxyRoundTripper", func() {
 							})
 						})
 					})
+
 					Context("when there is a JSESSION_ID and a VCAP_ID on the response", func() {
 						BeforeEach(func() {
 							transport.RoundTripStub = responseContainsJSESSIONIDAndVCAPID
@@ -1139,6 +1144,7 @@ var _ = Describe("ProxyRoundTripper", func() {
 							Expect(cookies[1].Value).To(Equal("vcap-id-property-already-on-the-response"))
 						})
 					})
+
 					Context("when there is only a VCAP_ID set on the response", func() {
 						BeforeEach(func() {
 							transport.RoundTripStub = responseContainsVCAPID
@@ -1154,6 +1160,99 @@ var _ = Describe("ProxyRoundTripper", func() {
 							Expect(cookies[0].Value).To(Equal("vcap-id-property-already-on-the-response"))
 						})
 					})
+
+					Context("when there is an 'Authorization: Negotiate' header set on the response", func() {
+						BeforeEach(func() {
+							transport.RoundTripStub = func(req *http.Request) (*http.Response, error) {
+								resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
+								setAuthorizationNegotiateHeader(resp)
+								return resp, nil
+							}
+						})
+
+						It("will select an endpoint and set the VCAP_ID to the privateInstanceId", func() {
+							resp, err := proxyRoundTripper.RoundTrip(req)
+							Expect(err).ToNot(HaveOccurred())
+
+							cookies := resp.Cookies()
+							Expect(cookies).To(HaveLen(1))
+							Expect(cookies[0].Name).To(Equal(round_tripper.VcapCookieId))
+							Expect(cookies[0].Value).To(SatisfyAny(
+								Equal("id-1"),
+								Equal("id-2")))
+						})
+
+						Context("when there is also a VCAP_ID set on the response", func() {
+							BeforeEach(func() {
+								transport.RoundTripStub = func(req *http.Request) (*http.Response, error) {
+									resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
+									setAuthorizationNegotiateHeader(resp)
+									setVCAPID(resp)
+									return resp, nil
+								}
+							})
+
+							It("leaves the VCAP_ID alone and does not overwrite it", func() {
+								resp, err := proxyRoundTripper.RoundTrip(req)
+								Expect(err).ToNot(HaveOccurred())
+
+								cookies := resp.Cookies()
+								Expect(cookies).To(HaveLen(1))
+								Expect(cookies[0].Name).To(Equal(round_tripper.VcapCookieId))
+								Expect(cookies[0].Value).To(Equal("vcap-id-property-already-on-the-response"))
+							})
+						})
+
+						Context("when there is also a JSESSIONID and VCAP_ID set on the response", func() {
+							BeforeEach(func() {
+								transport.RoundTripStub = func(req *http.Request) (*http.Response, error) {
+									resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
+									setAuthorizationNegotiateHeader(resp)
+									setJSESSIONID(req, resp, false)
+									setVCAPID(resp)
+									return resp, nil
+								}
+							})
+
+							It("does not overwrite JSESSIONID and VCAP_ID", func() {
+								resp, err := proxyRoundTripper.RoundTrip(req)
+								Expect(err).ToNot(HaveOccurred())
+
+								cookies := resp.Cookies()
+								Expect(cookies).To(HaveLen(2))
+								Expect(cookies[0].Raw).To(Equal(sessionCookie.String()))
+								Expect(cookies[1].Name).To(Equal(round_tripper.VcapCookieId))
+								Expect(cookies[1].Value).To(Equal("vcap-id-property-already-on-the-response"))
+							})
+						})
+
+						Context("when there is also JSESSIONID cookie with extra properties set", func() {
+							BeforeEach(func() {
+								transport.RoundTripStub = func(req *http.Request) (*http.Response, error) {
+									resp := &http.Response{StatusCode: http.StatusTeapot, Header: make(map[string][]string)}
+									setAuthorizationNegotiateHeader(resp)
+									setJSESSIONID(req, resp, true)
+									return resp, nil
+								}
+							})
+
+							It("sets the same properties on the VCAP_ID", func() {
+								resp, err := proxyRoundTripper.RoundTrip(req)
+								Expect(err).ToNot(HaveOccurred())
+
+								cookies := resp.Cookies()
+								Expect(cookies).To(HaveLen(2))
+								Expect(cookies[0].Raw).To(Equal(sessionCookie.String()))
+								Expect(sessionCookie.String()).To(ContainSubstring("Expires=Wed, 01 Jan 2020 01:00:00 GMT; HttpOnly; Secure; SameSite=Strict"))
+
+								Expect(cookies[1].Name).To(Equal(round_tripper.VcapCookieId))
+								Expect(cookies[1].Value).To(SatisfyAny(
+									Equal("id-1"),
+									Equal("id-2")))
+								Expect(cookies[1].Raw).To(ContainSubstring("Expires=Wed, 01 Jan 2020 01:00:00 GMT; HttpOnly; Secure; SameSite=Strict"))
+							})
+						})
+					})
 				})
 
 				Context("when sticky session cookies (JSESSIONID and VCAP_ID) are on the request", func() {