Refactor mTLS route options to RFC-0027 compliant flat format

Change from nested mtls_allowed_sources object to flat options:
- mtls_allowed_apps: comma-separated app GUIDs (string)
- mtls_allowed_spaces: comma-separated space GUIDs (string)
- mtls_allowed_orgs: comma-separated org GUIDs (string)
- mtls_allow_any: boolean (true/false)

This complies with RFC-0027 which requires route options to only use
numbers, strings, and boolean values (no nested objects or arrays).

Author: rkoster

app/messages/route_options_message.rb

@@ -3,12 +3,15 @@
 module VCAP::CloudController
   class RouteOptionsMessage < BaseMessage
     # Register all possible keys upfront so attr_accessors are created
-    register_allowed_keys %i[loadbalancing hash_header hash_balance mtls_allowed_sources]
+    # RFC-0027 compliant: only string/number/boolean values (no nested objects/arrays)
+    # mtls_allowed_apps, mtls_allowed_spaces, mtls_allowed_orgs are comma-separated GUIDs
+    # mtls_allow_any is a boolean
+    register_allowed_keys %i[loadbalancing hash_header hash_balance mtls_allowed_apps mtls_allowed_spaces mtls_allowed_orgs mtls_allow_any]
 
     def self.valid_route_options
       options = %i[loadbalancing]
       options += %i[hash_header hash_balance] if VCAP::CloudController::FeatureFlag.enabled?(:hash_based_routing)
-      options += %i[mtls_allowed_sources] if VCAP::CloudController::FeatureFlag.enabled?(:app_to_app_mtls_routing)
+      options += %i[mtls_allowed_apps mtls_allowed_spaces mtls_allowed_orgs mtls_allow_any] if VCAP::CloudController::FeatureFlag.enabled?(:app_to_app_mtls_routing)
       options.freeze
     end
 
@@ -86,98 +89,93 @@ def validate_hash_options_with_loadbalancing
     end
 
     def mtls_allowed_sources_options_are_valid
-      # Only validate mtls_allowed_sources when the feature flag is enabled
-      # If disabled, route_options_are_valid will already report it as unknown field
+      # Only validate mtls options when the feature flag is enabled
+      # If disabled, route_options_are_valid will already report them as unknown fields
       return unless VCAP::CloudController::FeatureFlag.enabled?(:app_to_app_mtls_routing)
-      return if mtls_allowed_sources.blank?
 
-      validate_mtls_allowed_sources_structure
-      validate_mtls_allowed_sources_any_exclusivity
-      validate_mtls_allowed_sources_guids_exist
+      validate_mtls_string_types
+      validate_mtls_allow_any_type
+      validate_mtls_allow_any_exclusivity
+      validate_mtls_guids_exist
     end
 
     private
 
-    # Normalize mtls_allowed_sources to use string keys (Rails may parse JSON with symbol keys)
-    def normalized_mtls_allowed_sources
-      @normalized_mtls_allowed_sources ||= mtls_allowed_sources.is_a?(Hash) ? mtls_allowed_sources.transform_keys(&:to_s) : mtls_allowed_sources
-    end
-
-    def validate_mtls_allowed_sources_structure
-      unless mtls_allowed_sources.is_a?(Hash)
-        errors.add(:mtls_allowed_sources, 'must be an object')
-        return
-      end
+    # Parse comma-separated GUIDs into an array
+    def parse_guid_list(value)
+      return [] if value.blank?
 
-      valid_keys = %w[apps spaces orgs any]
-      invalid_keys = normalized_mtls_allowed_sources.keys - valid_keys
-      errors.add(:mtls_allowed_sources, "contains invalid keys: #{invalid_keys.join(', ')}") if invalid_keys.any?
+      value.to_s.split(',').map(&:strip).reject(&:empty?)
+    end
 
-      # Validate types
-      %w[apps spaces orgs].each do |key|
-        next unless normalized_mtls_allowed_sources[key].present?
+    def validate_mtls_string_types
+      # These should be strings (comma-separated GUIDs) per RFC-0027
+      %i[mtls_allowed_apps mtls_allowed_spaces mtls_allowed_orgs].each do |key|
+        value = public_send(key)
+        next if value.blank?
 
-        unless normalized_mtls_allowed_sources[key].is_a?(Array) && normalized_mtls_allowed_sources[key].all? { |v| v.is_a?(String) }
-          errors.add(:mtls_allowed_sources, "#{key} must be an array of strings")
+        unless value.is_a?(String)
+          errors.add(key, 'must be a string of comma-separated GUIDs')
         end
       end
+    end
 
-      return unless normalized_mtls_allowed_sources['any'].present? && ![true, false].include?(normalized_mtls_allowed_sources['any'])
+    def validate_mtls_allow_any_type
+      return if mtls_allow_any.nil?
 
-      errors.add(:mtls_allowed_sources, 'any must be a boolean')
+      unless [true, false, 'true', 'false'].include?(mtls_allow_any)
+        errors.add(:mtls_allow_any, 'must be a boolean (true or false)')
+      end
     end
 
-    def validate_mtls_allowed_sources_any_exclusivity
-      return unless mtls_allowed_sources.is_a?(Hash)
-
-      has_any = normalized_mtls_allowed_sources['any'] == true
-      has_lists = %w[apps spaces orgs].any? { |key| normalized_mtls_allowed_sources[key].present? && normalized_mtls_allowed_sources[key].any? }
+    def validate_mtls_allow_any_exclusivity
+      allow_any = mtls_allow_any == true || mtls_allow_any == 'true'
+      has_specific = [mtls_allowed_apps, mtls_allowed_spaces, mtls_allowed_orgs].any?(&:present?)
 
-      return unless has_any && has_lists
+      return unless allow_any && has_specific
 
-      errors.add(:mtls_allowed_sources, 'any is mutually exclusive with apps, spaces, and orgs')
+      errors.add(:mtls_allow_any, 'is mutually exclusive with mtls_allowed_apps, mtls_allowed_spaces, and mtls_allowed_orgs')
     end
 
-    def validate_mtls_allowed_sources_guids_exist
-      return unless mtls_allowed_sources.is_a?(Hash)
-      return if errors[:mtls_allowed_sources].any? # Skip if already invalid
+    def validate_mtls_guids_exist
+      return if errors.any? # Skip if already invalid
 
       validate_app_guids_exist
       validate_space_guids_exist
       validate_org_guids_exist
     end
 
     def validate_app_guids_exist
-      app_guids = normalized_mtls_allowed_sources['apps']
-      return if app_guids.blank?
+      app_guids = parse_guid_list(mtls_allowed_apps)
+      return if app_guids.empty?
 
       existing_guids = AppModel.where(guid: app_guids).select_map(:guid)
       missing_guids = app_guids - existing_guids
       return if missing_guids.empty?
 
-      errors.add(:mtls_allowed_sources, "apps contains non-existent app GUIDs: #{missing_guids.join(', ')}")
+      errors.add(:mtls_allowed_apps, "contains non-existent app GUIDs: #{missing_guids.join(', ')}")
     end
 
     def validate_space_guids_exist
-      space_guids = normalized_mtls_allowed_sources['spaces']
-      return if space_guids.blank?
+      space_guids = parse_guid_list(mtls_allowed_spaces)
+      return if space_guids.empty?
 
       existing_guids = Space.where(guid: space_guids).select_map(:guid)
       missing_guids = space_guids - existing_guids
       return if missing_guids.empty?
 
-      errors.add(:mtls_allowed_sources, "spaces contains non-existent space GUIDs: #{missing_guids.join(', ')}")
+      errors.add(:mtls_allowed_spaces, "contains non-existent space GUIDs: #{missing_guids.join(', ')}")
     end
 
     def validate_org_guids_exist
-      org_guids = normalized_mtls_allowed_sources['orgs']
-      return if org_guids.blank?
+      org_guids = parse_guid_list(mtls_allowed_orgs)
+      return if org_guids.empty?
 
       existing_guids = Organization.where(guid: org_guids).select_map(:guid)
       missing_guids = org_guids - existing_guids
       return if missing_guids.empty?
 
-      errors.add(:mtls_allowed_sources, "orgs contains non-existent organization GUIDs: #{missing_guids.join(', ')}")
+      errors.add(:mtls_allowed_orgs, "contains non-existent organization GUIDs: #{missing_guids.join(', ')}")
     end
   end
 end