Bug 1507886
| Summary: | Change secret data cause ServiceInstance update fail | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Qixuan Wang <qixuan.wang> |
| Component: | Service Broker | Assignee: | Matthew Staebler <mstaeble> |
| Status: | CLOSED ERRATA | QA Contact: | Qixuan Wang <qixuan.wang> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.7.0 | CC: | aos-bugs, jmontleo, mstaeble, pmorie |
| Target Milestone: | --- | ||
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: |
undefined
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-28 22:20:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This appears to be the same issue described in https://github.com/kubernetes-incubator/service-catalog/issues/1488. The service catalog sends all of the parameters for the ServiceInstance when sending an Update request. The Ansible Service Broker rejects the Update request because the postgresql_database parameter is included, which is a parameter to which updates are not allowed. IMO it is unlikely we are going to get full closure on the issue of which parameters should be sent soon. If a broker doesn't allow updates to a parameter, it should just ignore the values sent for that parameter in an update. Suggest closing this as NOTABUG once Matthew has a chance to talk to the ansible broker team about it. Not just in Secret, other parameters have the same problem. For example, provision a Mediawiki APB on web, follow: Provisioned Services -> Mediawiki (APB) -> Edit -> Mediawiki Site Name, change (MediaWiki->MediaWiki-test) has the same problem.
[root@preserve-qe-qw-master-etcd-nfs-1 ~]# oc describe serviceinstance dh-mediawiki123-apb-t9zh8
Name: dh-mediawiki123-apb-t9zh8
Namespace: qwang9
Labels: <none>
Annotations: <none>
API Version: servicecatalog.k8s.io/v1beta1
Kind: ServiceInstance
Metadata:
Creation Timestamp: 2017-10-31T14:27:52Z
Finalizers:
kubernetes-incubator/service-catalog
Generate Name: dh-mediawiki123-apb-
Generation: 2
Resource Version: 160481
Self Link: /apis/servicecatalog.k8s.io/v1beta1/namespaces/qwang9/serviceinstances/dh-mediawiki123-apb-t9zh8
UID: adc48c8a-be47-11e7-8db3-0a580a810006
Spec:
Cluster Service Class External Name: dh-mediawiki123-apb
Cluster Service Class Ref:
Name: 268dbc13f56297fdd3737b7d30104eb4
Cluster Service Plan External Name: default
Cluster Service Plan Ref:
Name: c54bf88ce67b96a39e639d2bdf6caf1a
External ID: d27a9efe-10eb-4523-863f-acf3e10f61b9
Parameters:
Parameters From:
Secret Key Ref:
Key: parameters
Name: dh-mediawiki123-apbxfloa
Update Requests: 1
User Info:
Extra:
Scopes . Authorization . Openshift . Io:
user:full
Groups:
system:authenticated:oauth
system:authenticated
UID:
Username: qwang
Status:
Async Op In Progress: false
Conditions:
Last Transition Time: 2017-10-31T14:43:30Z
Message: ClusterServiceBroker returned a failure for update call; operation will not be retried: Error updating ServiceInstance of ClusterServiceClass (K8S: "268dbc13f56297fdd3737b7d30104eb4" ExternalName: "dh-mediawiki123-apb") at ClusterServiceBroker "ansible-service-broker": Status: 400; ErrorMessage: <nil>; Description: parameter not updatable; ResponseError: <nil>
Reason: UpdateInstanceCallFailed
Status: False
Type: Ready
Last Transition Time: 2017-10-31T14:43:30Z
Message: Error updating ServiceInstance of ClusterServiceClass (K8S: "268dbc13f56297fdd3737b7d30104eb4" ExternalName: "dh-mediawiki123-apb") at ClusterServiceBroker "ansible-service-broker": Status: 400; ErrorMessage: <nil>; Description: parameter not updatable; ResponseError: <nil>
Reason: ClusterServiceBrokerReturnedFailure
Status: True
Type: Failed
External Properties:
Cluster Service Plan External Name: default
Parameter Checksum: 93fb3b70c53492fb190aef20a4ab43291ae13beced38a9ae4eda5d9aa0e740ee
Parameters:
Mediawiki _ Admin _ Pass: <redacted>
Mediawiki _ Admin _ User: <redacted>
Mediawiki _ Db _ Schema: <redacted>
Mediawiki _ Site _ Lang: <redacted>
Mediawiki _ Site _ Name: <redacted>
User Info:
Extra:
Scopes . Authorization . Openshift . Io:
user:full
Groups:
system:authenticated:oauth
system:authenticated
UID:
Username: qwang
Orphan Mitigation In Progress: false
Reconciled Generation: 2
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
20m 20m 1 service-catalog-controller-manager Warning ErrorWithParameters Failed to prepare ServiceInstance parameters nil: secrets "dh-mediawiki123-apb-parameters2r73m" not found
20m 20m 1 service-catalog-controller-manager Normal Provisioning The instance is being provisioned asynchronously
18m 18m 1 service-catalog-controller-manager Normal ProvisionedSuccessfully The instance was provisioned successfully
5m 5m 4 service-catalog-controller-manager Warning UpdateInstanceCallFailed Error updating ServiceInstance of ClusterServiceClass (K8S: "268dbc13f56297fdd3737b7d30104eb4" ExternalName: "dh-mediawiki123-apb") at ClusterServiceBroker "ansible-service-broker": Status: 400; ErrorMessage: <nil>; Description: parameter not updatable; ResponseError: <nil>
10.129.0.1 - - [31/Oct/2017:14:40:56 +0000] "GET /ansible-service-broker/v2/catalog HTTP/1.1" 200 74028
[2017-10-31T14:43:30.675Z] [INFO] Request: "PATCH /ansible-service-broker/v2/service_instances/d27a9efe-10eb-4523-863f-acf3e10f61b9?accepts_incomplete=true HTTP/1.1\r\nHost: asb.ansible-service-broker.svc:1338\r\nAccept-Encoding: gzip\r\nContent-Length: 224\r\nContent-Type: application/json\r\nUser-Agent: Go-http-client/1.1\r\nX-Broker-Api-Originating-Identity: kubernetes eyJncm91cHMiOlsic3lzdGVtOmF1dGhlbnRpY2F0ZWQ6b2F1dGgiLCJzeXN0ZW06YXV0aGVudGljYXRlZCJdLCJzY29wZXMuYXV0aG9yaXphdGlvbi5vcGVuc2hpZnQuaW8iOlsidXNlcjpmdWxsIl0sInVpZCI6IiIsInVzZXJuYW1lIjoicXdhbmcifQ==\r\nX-Broker-Api-Version: 2.13\r\n\r\n{\"service_id\":\"268dbc13f56297fdd3737b7d30104eb4\",\"parameters\":{\"mediawiki_admin_pass\":\"111\",\"mediawiki_admin_user\":\"admin\",\"mediawiki_db_schema\":\"mediawiki\",\"mediawiki_site_lang\":\"en\",\"mediawiki_site_name\":\"MediaWiki-test\"}}"
[2017-10-31T14:43:30.675Z] [DEBUG] Auto Escalate has been set to true, we are escalating permissions
[2017-10-31T14:43:30.676Z] [DEBUG] Dao::GetSvcInstJobsByState
[2017-10-31T14:43:30.676Z] [DEBUG] Dao::getJobsForSvcInst
[2017-10-31T14:43:30.676Z] [DEBUG] Successfully loaded [ 1 ] jobs objects from [ /state/d27a9efe-10eb-4523-863f-acf3e10f61b9/job ]
[2017-10-31T14:43:30.676Z] [DEBUG] Filtered on state: [ %!s(int=0) ], returning %!d(MISSING) jobs
[2017-10-31T14:43:30.676Z] [DEBUG] Update received the following Request.PlanID: []
[2017-10-31T14:43:30.676Z] [DEBUG] Plan transition NOT requested as part of update
[2017-10-31T14:43:30.676Z] [ERROR] Tried to update non-updatable parameter, mediawiki_site_lang, on instance d27a9efe-10eb-4523-863f-acf3e10f61b9.
This is working as expected. The broker is rejecting the update because the broker does not allow the user to downgrade the plan. Ignore last comment. It was added to the wrong bug. This has been resolved by https://github.com/openshift/ansible-service-broker/pull/516. Tested on OCP (openshift v3.7.0-0.184.0, kubernetes v1.7.6+a08f5eeb62, etcd 3.2.8, brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-service-catalog:v3.7.0-0.194.0.0, brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-ansible-service-broker:v3.7.0-0.194.0.0), Mediawiki can change site name. PostgreSQL can update secret. The bug has been fixed, thanks.
Here is test result:
[root@host-172-16-120-51 ~]# oc describe serviceinstance dh-rhscl-postgresql-apb-nvmft
Name: dh-rhscl-postgresql-apb-nvmft
Namespace: qwang-p
Labels: <none>
Annotations: <none>
API Version: servicecatalog.k8s.io/v1beta1
Kind: ServiceInstance
Metadata:
Creation Timestamp: 2017-11-05T16:14:57Z
Finalizers:
kubernetes-incubator/service-catalog
Generate Name: dh-rhscl-postgresql-apb-
Generation: 2
Resource Version: 41657
Self Link: /apis/servicecatalog.k8s.io/v1beta1/namespaces/qwang-p/serviceinstances/dh-rhscl-postgresql-apb-nvmft
UID: 775797fe-c244-11e7-ad11-0a580a800004
Spec:
Cluster Service Class External Name: dh-rhscl-postgresql-apb
Cluster Service Class Ref:
Name: 27793015fe45db2fbc1deb7372cc4036
Cluster Service Plan External Name: dev
Cluster Service Plan Ref:
Name: 9f90a44d8181941768273a684de50de5
External ID: 32dace0e-11ae-4833-9fab-3acb7fffd1fc
Parameters From:
Secret Key Ref:
Key: parameters
Name: dh-rhscl-postgresql-apb-parametershx7aa
Update Requests: 1
User Info:
Groups:
system:cluster-admins
system:authenticated
UID:
Username: system:admin
Status:
Async Op In Progress: false
Conditions:
Last Transition Time: 2017-11-05T16:26:40Z
Message: The instance was updated successfully
Reason: InstanceUpdatedSuccessfully
Status: True
Type: Ready
Deprovision Status: Required
External Properties:
Cluster Service Plan External ID: 9f90a44d8181941768273a684de50de5
Cluster Service Plan External Name: dev
Parameter Checksum: a6a50b5b52edf621600e805dbc074ccd981e63391de7f59eacfa25bca38ab958
Parameters:
Postgresql _ Database: <redacted>
Postgresql _ Password: <redacted>
Postgresql _ User: <redacted>
Postgresql _ Version: <redacted>
User Info:
Groups:
system:cluster-admins
system:authenticated
UID:
Username: system:admin
Orphan Mitigation In Progress: false
Reconciled Generation: 2
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
24m 24m 1 service-catalog-controller-manager Warning ErrorWithParameters Failed to prepare ServiceInstance parameters nil: secrets "dh-rhscl-postgresql-apb-parametershx7aa" not found
24m 24m 1 service-catalog-controller-manager Normal Provisioning The instance is being provisioned asynchronously
24m 24m 1 service-catalog-controller-manager Normal ProvisionedSuccessfully The instance was provisioned successfully
13m 13m 1 service-catalog-controller-manager Normal UpdatingInstance The instance is being updated asynchronously
13m 13m 1 service-catalog-controller-manager Normal InstanceUpdatedSuccessfully The instance was updated successfully
Here is ASB log:
<-----snip------>
[2017-11-05T16:26:27.608Z] [INFO] ASYNC update in progress
[2017-11-05T16:26:27.609Z] [NOTICE] ============================================================
[2017-11-05T16:26:27.609Z] [NOTICE] UPDATING
[2017-11-05T16:26:27.609Z] [NOTICE] ============================================================
[2017-11-05T16:26:27.609Z] [NOTICE] Spec.ID: 27793015fe45db2fbc1deb7372cc4036
[2017-11-05T16:26:27.609Z] [NOTICE] Spec.Name: dh-rhscl-postgresql-apb
[2017-11-05T16:26:27.609Z] [NOTICE] Spec.Image: docker.io/ansibleplaybookbundle/rhscl-postgresql-apb:latest
[2017-11-05T16:26:27.609Z] [NOTICE] Spec.Description: SCL PostgreSQL apb implementation
[2017-11-05T16:26:27.609Z] [NOTICE] ============================================================
[2017-11-05T16:26:27.609Z] [INFO] Checking if project qwang-p exists...
10.128.0.1 - - [05/Nov/2017:16:26:27 +0000] "PATCH /ansible-service-broker/v2/service_instances/32dace0e-11ae-4833-9fab-3acb7fffd1fc?accepts_incomplete=true HTTP/1.1" 202 58
[2017-11-05T16:26:27.674Z] [WARNING] Removing non-updatable parameter postgresql_database, requested for update on instance 32dace0e-11ae-4833-9fab-3acb7fffd1fc, from request.
[2017-11-05T16:26:27.674Z] [WARNING] Removing non-updatable parameter postgresql_password, requested for update on instance 32dace0e-11ae-4833-9fab-3acb7fffd1fc, from request.
[2017-11-05T16:26:27.674Z] [WARNING] Removing non-updatable parameter postgresql_user, requested for update on instance 32dace0e-11ae-4833-9fab-3acb7fffd1fc, from request.
[2017-11-05T16:26:27.698Z] [INFO] ASYNC update in progress
[2017-11-05T16:26:27.698Z] [NOTICE] ============================================================
[2017-11-05T16:26:27.699Z] [NOTICE] UPDATING
[2017-11-05T16:26:27.699Z] [NOTICE] ============================================================
[2017-11-05T16:26:27.699Z] [NOTICE] Spec.ID: 27793015fe45db2fbc1deb7372cc4036
[2017-11-05T16:26:27.699Z] [NOTICE] Spec.Name: dh-rhscl-postgresql-apb
[2017-11-05T16:26:27.699Z] [NOTICE] Spec.Image: docker.io/ansibleplaybookbundle/rhscl-postgresql-apb:latest
[2017-11-05T16:26:27.699Z] [NOTICE] Spec.Description: SCL PostgreSQL apb implementation
[2017-11-05T16:26:27.699Z] [NOTICE] ============================================================
[2017-11-05T16:26:27.699Z] [INFO] Checking if project qwang-p exists...
10.128.0.1 - - [05/Nov/2017:16:26:27 +0000] "PATCH /ansible-service-broker/v2/service_instances/32dace0e-11ae-4833-9fab-3acb7fffd1fc?accepts_incomplete=true HTTP/1.1" 202 58
10.128.0.1 - - [05/Nov/2017:16:26:27 +0000] "GET /ansible-service-broker/v2/service_instances/32dace0e-11ae-4833-9fab-3acb7fffd1fc/last_operation?operation=a9cfd719-c324-4bba-83e2-f437af28b992&plan_id=9f90a44d8181941768273a684de50de5&service_id=27793015fe45db2fbc1deb7372cc4036 HTTP/1.1" 200 29
[2017-11-05T16:26:27.874Z] [INFO] Successfully wrote resources to /tmp/asb-resource-files/apb-68bc7d60-ad45-410c-8656-98e58fd6c759.yaml
[2017-11-05T16:26:27.92Z] [INFO] Successfully wrote resources to /tmp/asb-resource-files/apb-754dcc49-a51e-4ec0-83aa-51848cde2240.yaml
[2017-11-05T16:26:28.136Z] [INFO] Successfully created apb sandbox: [ apb-68bc7d60-ad45-410c-8656-98e58fd6c759 ], with edit permissions in namespace dh-rhscl-postgresql-apb-upda-pl2bz
[2017-11-05T16:26:28.137Z] [NOTICE] Creating pod "apb-68bc7d60-ad45-410c-8656-98e58fd6c759" in the dh-rhscl-postgresql-apb-upda-pl2bz namespace
[2017-11-05T16:26:28.176Z] [INFO] Successfully created apb sandbox: [ apb-754dcc49-a51e-4ec0-83aa-51848cde2240 ], with edit permissions in namespace dh-rhscl-postgresql-apb-upda-q6nns
<-----snip------>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |
Description of problem: Change secret data and increase ServiceInstance updateRequests by 1, the request can be sent to broker, but error shows user updated a non-updatable parameter. Version-Release number of selected component (if applicable): openshift v3.7.0-0.184.0 kubernetes v1.7.6+a08f5eeb62 etcd 3.2.8 ose-service-catalog v3.7.0-0.184.0 ose-ansible-service-broker v3.7.0-0.184.0 How reproducible: Always Steps to Reproduce: 1. Provision a PostgreSQL on web. Set postgresql password to 111 for example. 2. Change secret data (password 111 -> 2222). 3. Check secret and ServiceInstance, ASB logs. 4. Change secret data (password 2222 -> 33333), and increment ServiceInstance spec.updateRequests (0->1). 5. Check secret and ServiceInstance, ASB logs again. Actual results: 1. Provision successfully. 2. Secret has been changed successfully. 3. There isn't update event shows in ServiceInstance and ASB log. 4. Secret has been changed successfully. 5. [root@preserve-qe-qw-master-etcd-nfs-1 ~]# oc edit serviceinstance dh-rhscl-postgresql-apb-mx7jn serviceinstance "dh-rhscl-postgresql-apb-mx7jn" edited [root@preserve-qe-qw-master-etcd-nfs-1 ~]# oc describe serviceinstance dh-rhscl-postgresql-apb-mx7jn Name: dh-rhscl-postgresql-apb-mx7jn Namespace: qwang5 Labels: <none> Annotations: <none> API Version: servicecatalog.k8s.io/v1beta1 Kind: ServiceInstance Metadata: Creation Timestamp: 2017-10-31T11:11:05Z Finalizers: kubernetes-incubator/service-catalog Generate Name: dh-rhscl-postgresql-apb- Generation: 2 Resource Version: 132822 Self Link: /apis/servicecatalog.k8s.io/v1beta1/namespaces/qwang5/serviceinstances/dh-rhscl-postgresql-apb-mx7jn UID: 302028de-be2c-11e7-8db3-0a580a810006 Spec: Cluster Service Class External Name: dh-rhscl-postgresql-apb Cluster Service Class Ref: Name: 27793015fe45db2fbc1deb7372cc4036 Cluster Service Plan External Name: dev Cluster Service Plan Ref: Name: 9f90a44d8181941768273a684de50de5 External ID: c33ba497-6c3d-4686-8280-c6ae1b0d8b03 Parameters From: Secret Key Ref: Key: parameters Name: dh-rhscl-postgresql-apb-parameterscya68 Update Requests: 1 User Info: Groups: system:cluster-admins system:authenticated UID: Username: system:admin Status: Async Op In Progress: false Conditions: Last Transition Time: 2017-10-31T11:20:59Z Message: ClusterServiceBroker returned a failure for update call; operation will not be retried: Error updating ServiceInstance of ClusterServiceClass (K8S: "27793015fe45db2fbc1deb7372cc4036" ExternalName: "dh-rhscl-postgresql-apb") at ClusterServiceBroker "ansible-service-broker": Status: 400; ErrorMessage: <nil>; Description: parameter not updatable; ResponseError: <nil> Reason: UpdateInstanceCallFailed Status: False Type: Ready Last Transition Time: 2017-10-31T11:20:59Z Message: Error updating ServiceInstance of ClusterServiceClass (K8S: "27793015fe45db2fbc1deb7372cc4036" ExternalName: "dh-rhscl-postgresql-apb") at ClusterServiceBroker "ansible-service-broker": Status: 400; ErrorMessage: <nil>; Description: parameter not updatable; ResponseError: <nil> Reason: ClusterServiceBrokerReturnedFailure Status: True Type: Failed External Properties: Cluster Service Plan External Name: dev Parameter Checksum: e9f50a77db505e5f9a88ab91c334e573fa2a6be7020ea6799a58c08943298853 Parameters: Postgresql _ Database: <redacted> Postgresql _ Password: <redacted> Postgresql _ User: <redacted> Postgresql _ Version: <redacted> User Info: Extra: Scopes . Authorization . Openshift . Io: user:full Groups: system:authenticated:oauth system:authenticated UID: Username: qwang Orphan Mitigation In Progress: false Reconciled Generation: 2 Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 10m 10m 1 service-catalog-controller-manager Warning ErrorWithParameters Failed to prepare ServiceInstance parameters nil: secrets "dh-rhscl-postgresql-apb-parameterscya68" not found 10m 10m 1 service-catalog-controller-manager Normal Provisioning The instance is being provisioned asynchronously 9m 9m 1 service-catalog-controller-manager Normal ProvisionedSuccessfully The instance was provisioned successfully 17s 17s 4 service-catalog-controller-manager Warning UpdateInstanceCallFailed Error updating ServiceInstance of ClusterServiceClass (K8S: "27793015fe45db2fbc1deb7372cc4036" ExternalName: "dh-rhscl-postgresql-apb") at ClusterServiceBroker "ansible-service-broker": Status: 400; ErrorMessage: <nil>; Description: parameter not updatable; ResponseError: <nil> [root@preserve-qe-qw-master-etcd-nfs-1 ~]# oc logs asb-1-jggc8 -c asb -n ansible-service-broker -----snip------- 10.129.0.1 - - [31/Oct/2017:11:16:47 +0000] "GET /ansible-service-broker/v2/catalog HTTP/1.1" 200 74028 [2017-10-31T11:20:59.704Z] [INFO] Request: "PATCH /ansible-service-broker/v2/service_instances/c33ba497-6c3d-4686-8280-c6ae1b0d8b03?accepts_incomplete=true HTTP/1.1\r\nHost: asb.ansible-service-broker.svc:1338\r\nAccept-Encoding: gzip\r\nContent-Length: 177\r\nContent-Type: application/json\r\nUser-Agent: Go-http-client/1.1\r\nX-Broker-Api-Originating-Identity: kubernetes eyJncm91cHMiOlsic3lzdGVtOmNsdXN0ZXItYWRtaW5zIiwic3lzdGVtOmF1dGhlbnRpY2F0ZWQiXSwidWlkIjoiIiwidXNlcm5hbWUiOiJzeXN0ZW06YWRtaW4ifQ==\r\nX-Broker-Api-Version: 2.13\r\n\r\n{\"service_id\":\"27793015fe45db2fbc1deb7372cc4036\",\"parameters\":{\"postgresql_database\":\"admin\",\"postgresql_password\":\"33333\",\"postgresql_user\":\"admin\",\"postgresql_version\":\"9.5\"}}" [2017-10-31T11:20:59.704Z] [DEBUG] Auto Escalate has been set to true, we are escalating permissions [2017-10-31T11:20:59.705Z] [DEBUG] Dao::GetSvcInstJobsByState [2017-10-31T11:20:59.705Z] [DEBUG] Dao::getJobsForSvcInst [2017-10-31T11:20:59.705Z] [DEBUG] Successfully loaded [ 1 ] jobs objects from [ /state/c33ba497-6c3d-4686-8280-c6ae1b0d8b03/job ] [2017-10-31T11:20:59.705Z] [DEBUG] Filtered on state: [ %!s(int=0) ], returning %!d(MISSING) jobs [2017-10-31T11:20:59.706Z] [DEBUG] Update received the following Request.PlanID: [] [2017-10-31T11:20:59.706Z] [DEBUG] Plan transition NOT requested as part of update [2017-10-31T11:20:59.706Z] [ERROR] Tried to update non-updatable parameter, postgresql_database, on instance c33ba497-6c3d-4686-8280-c6ae1b0d8b03. 10.129.0.1 - - [31/Oct/2017:11:20:59 +0000] "PATCH /ansible-service-broker/v2/service_instances/c33ba497-6c3d-4686-8280-c6ae1b0d8b03?accepts_incomplete=true HTTP/1.1" 400 47 [2017-10-31T11:20:59.742Z] [INFO] Request: "PATCH /ansible-service-broker/v2/service_instances/c33ba497-6c3d-4686-8280-c6ae1b0d8b03?accepts_incomplete=true HTTP/1.1\r\nHost: asb.ansible-service-broker.svc:1338\r\nAccept-Encoding: gzip\r\nContent-Length: 177\r\nContent-Type: application/json\r\nUser-Agent: Go-http-client/1.1\r\nX-Broker-Api-Originating-Identity: kubernetes eyJncm91cHMiOlsic3lzdGVtOmNsdXN0ZXItYWRtaW5zIiwic3lzdGVtOmF1dGhlbnRpY2F0ZWQiXSwidWlkIjoiIiwidXNlcm5hbWUiOiJzeXN0ZW06YWRtaW4ifQ==\r\nX-Broker-Api-Version: 2.13\r\n\r\n{\"service_id\":\"27793015fe45db2fbc1deb7372cc4036\",\"parameters\":{\"postgresql_database\":\"admin\",\"postgresql_password\":\"33333\",\"postgresql_user\":\"admin\",\"postgresql_version\":\"9.5\"}}" Expected results: Secret data change can update ServiceInstance. Additional info: