Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1535652

Summary: async bind returns 201 instead of 200 when binding already exists
Product: OpenShift Container Platform Reporter: Michael Hrivnak <mhrivnak>
Component: Service BrokerAssignee: Michael Hrivnak <mhrivnak>
Status: CLOSED ERRATA QA Contact: Jian Zhang <jiazha>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: aos-bugs, chezhang, jiazha, mhrivnak, xtian
Target Milestone: ---   
Target Release: 3.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-13 19:26:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Log ouput from running your test script none

Description Michael Hrivnak 2018-01-17 20:13:14 UTC 
Reported upstream: https://github.com/openshift/ansible-service-broker/issues/649

Description of problem:
A PUT request to create a binding should return 200 if the binding already exists, per the OSB API spec. But as seen below, this broker currently returns 201, even though it logs the intent to return 200.

[2018-01-17T19:16:43.326Z] [WARNING] - launch_apb_on_bind is enabled, but accepts_incomplete is false, binding may fail
[2018-01-17T19:16:43.341Z] [DEBUG] - Injecting PlanID as parameter: { _apb_plan_id: dev }
[2018-01-17T19:16:43.341Z] [DEBUG] - Injecting ServiceClassID as parameter: { _apb_service_class_id: 1dda1477cace09730bd8ed7a6505607e }
[2018-01-17T19:16:43.341Z] [DEBUG] - Injecting ServiceInstanceID as parameter: { _apb_service_instance_id: 0e124c6d-408e-4b55-8b4a-9c6e6640c444 }
[2018-01-17T19:16:43.342Z] [DEBUG] - already have this binding instance, returning 200
[2018-01-17T19:16:43.342Z] [DEBUG] - bind creds: map[DB_HOST:postgresql DB_NAME:ddcrneradqaeker DB_PASSWORD:qCYtkr2oD1KTZtg5Vig6 DB_PORT:5432 DB_TYPE:postgres DB_USER:ddcrneradqaeker]
172.17.0.7 - - [17/Jan/2018:19:16:43 +0000] "PUT /ansible-service-broker/v2/service_instances/0e124c6d-408e-4b55-8b4a-9c6e6640c444/service_bindings/51b92cd9-3180-480d-af34-16974294c29f HTTP/1.1" 201 216

Version-Release number of selected component (if applicable):
current master

How reproducible:
always

Steps to Reproduce:
1. Configure the broker to run APBs on bind and unbind
2. From the console, initiate a bind

Actual results:
Watch the broker log, and after the initial request completes, you will likely see one or more additional PUT requests like the above that show a 201 response.

Expected results:
200 response to additional PUT requests
Comment 1 Michael Hrivnak 2018-01-17 20:41:50 UTC 
https://github.com/openshift/ansible-service-broker/pull/650
Comment 6 Michael Hrivnak 2018-02-06 17:59:47 UTC 
It works for me using the 1.1.7 release.

I noted that your script did not work, and I had to add a "-f" after "new-app".

Could you ensure that you are running 1.1.7? You can verify the currently-running broker version by execing into the running pod:

$ oc exec -it asb-2-t2rtq -- asbd --version
1.1.7

I'll attach the log output I saw when I ran your test script. I used this modified APB, which supports async bind: https://hub.docker.com/r/mhrivnak/postgresql-apb/
Comment 7 Michael Hrivnak 2018-02-06 18:00:57 UTC 
Created attachment 1392247 [details]
Log ouput from running your test script
Comment 8 Michael Hrivnak 2018-02-08 15:13:43 UTC 
I'm bumping this back to ON_QA just to make sure it gets noticed, and since it appears to work for me. Feel free to kick it back if you have additional problems.
Comment 9 Jian Zhang 2018-02-09 03:52:35 UTC 
Michael,

I used the latest version(1.1.9) for this test.
[root@host-172-16-120-54 ~]# docker run --rm --entrypoint=asbd brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-ansible-service-broker:v3.9 --version
1.1.9

Used the APB that you're provided, config as below:
...
      - type: dockerhub
        name: dh
        url:  https://registry.hub.docker.com
        org:  mhrivnak
        tag:  latest
        white_list:
          - ".*-apb$"

Steps:
1, Enable the ASYNC of the ASB, like:
    broker:
      ...
      launch_apb_on_bind: true
2, Login the cluster.
3, Provision the PostgreSQL in webconsole and create a binding by using the below script.

[root@localhost jzhang]# cat bind.sh 
INSTANCE_ID="d10a0ca6-c609-4d29-ab9d-b25c3b8c332c"
BINDING_ID=$(uuidgen)
PLAN_UUID="7f4a5e35e4af2beb70076e72fab0b7ff"
SERVICE_UUID="dh-postgresql-apb-b7gbr"
IDENTITY=$(echo -n '{"groups":["system:authenticated:oauth","system:authenticated"],"scopes.authorization.openshift.io":["user:full"],"uid":"","username":"jiazha"}'|base64 -w 0)

echo "binding ID: $BINDING_ID"

req="{
  \"plan_id\": \"$PLAN_UUID\",
  \"service_id\": \"$SERVICE_UUID\",
  \"context\": \"blog-project\",
  \"app_guid\":\"\",
  \"bind_resource\":{},
  \"parameters\": {}
}"

curl \
    -k -i \
    -X PUT \
    -H "Authorization: bearer $(oc whoami -t)" \
    -H "Content-type: application/json" \
    -H "Accept: application/json" \
    -H "X-Broker-API-Originating-Identity: kubernetes $IDENTITY" \
    -d "$req" \
    "https://asb-1338-openshift-ansible-service-broker.apps.0207-nvc.qe.rhcloud.com/ansible-service-broker/v2/service_instances/$INSTANCE_ID/service_bindings/$BINDING_ID?accepts_incomplete=true"

[root@localhost jzhang]# ./bind.sh 
binding ID: 40a35cdd-5f51-4559-ab79-6a685709cd96
HTTP/1.1 202 Accepted
Content-Type: application/json
Date: Fri, 09 Feb 2018 02:58:37 GMT
Content-Length: 58
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=b37e683520b874bc37db0badfda2d6dd; path=/; HttpOnly; Secure

{
  "operation": "b4f065ed-2010-47b0-8d61-3bc438f63ac3"
}

4, checking the binding status by using below script.

[root@localhost jzhang]# cat last_operation.sh 
OPERATION_ID=$1
INSTANCE_ID="d10a0ca6-c609-4d29-ab9d-b25c3b8c332c"
PLAN_UUID="7f4a5e35e4af2beb70076e72fab0b7ff"
SERVICE_UUID="dh-postgresql-apb-b7gbr"
IDENTITY=$(echo -n '{"groups":["system:authenticated:oauth","system:authenticated"],"scopes.authorization.openshift.io":["user:full"],"uid":"","username":"jiazha"}'|base64 -w 0)

curl \
    -k \
    -X GET \
    -H "Authorization: bearer $(oc whoami -t)" \
    -H "Content-type: application/json" \
    -H "Accept: application/json" \
    -H "X-Broker-API-Originating-Identity: kubernetes $IDENTITY" \
    "https://asb-1338-openshift-ansible-service-broker.apps.0207-nvc.qe.rhcloud.com/ansible-service-broker/v2/service_instances/$INSTANCE_ID/last_operation?operation=$OPERATION_ID&service_id=$SERVICE_UUID&plan_id=$PLAN_UUID"

[root@localhost jzhang]# ./last_operation.sh b4f065ed-2010-47b0-8d61-3bc438f63ac3
{
  "state": "succeeded"
}

5, Create a binding that already exists, for example, the above "40a35cdd-5f51-4559-ab79-6a685709cd96". Got response 200, details as below:
[root@localhost jzhang]# ./bind.sh 
binding ID: 40a35cdd-5f51-4559-ab79-6a685709cd96
HTTP/1.1 200 OK
Content-Type: application/json
Date: Fri, 09 Feb 2018 03:46:07 GMT
Content-Length: 216
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=b37e683520b874bc37db0badfda2d6dd; path=/; HttpOnly; Secure
Cache-control: private

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "qndwgxllafeqmll",
    "DB_PASSWORD": "z5pIaFTIAwbfyxOLEm6s",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "qndwgxllafeqmll"
  }
}

The logs of the ASB:
...
[2018-02-09T03:46:07.649Z] [DEBUG] - already have this binding instance, returning 200
[2018-02-09T03:46:07.649Z] [DEBUG] - bind creds: map[DB_USER:qndwgxllafeqmll DB_HOST:postgresql DB_NAME:qndwgxllafeqmll DB_PASSWORD:z5pIaFTIAwbfyxOLEm6s DB_PORT:5432 DB_TYPE:postgres]
10.128.0.1 - - [09/Feb/2018:03:46:07 +0000] "PUT /ansible-service-broker/v2/service_instances/d10a0ca6-c609-4d29-ab9d-b25c3b8c332c/service_bindings/40a35cdd-5f51-4559-ab79-6a685709cd96?accepts_incomplete=true HTTP/1.1" 200 216

So, LGTM.
Comment 12 errata-xmlrpc 2018-12-13 19:26:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3748