Bug 1563560 - [ASB] The response of binding should be 200 if the binding already exists
Summary: [ASB] The response of binding should be 200 if the binding already exists
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.10.0
Assignee: Jesus M. Rodriguez
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-04 07:58 UTC by Jian Zhang
Modified: 2018-07-30 19:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Improper OpenServiceBroker (OSB) API spec compliance in the binding calls. Consequence: Improper response code from bindings call. Fix: Implemented support for asynchronous bindings. Re-verified the call to be compliant with the OSB API specification. Result: Longer binding calls can now run asynchronously. The bindings now return the proper codes based on the OSB API spec.
Clone Of:
Environment:
Last Closed: 2018-07-30 19:11:39 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1816 None None None 2018-07-30 19:12:03 UTC

Description Jian Zhang 2018-04-04 07:58:40 UTC
Description of problem:
According to the OSB standard(https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#response-4), should return 200 if the binding already exists.

acked by wjiang

Version-Release number of selected component (if applicable):
The ASB version: 1.0.21
[root@host-172-16-120-29 ~]#docker run --rm --entrypoint=asbd registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker:v3.7 --version
1.0.21


How reproducible:
Always

Steps to Reproduce:
1, Provision a bindable APB, for example, PostgreSQL.
2, Check the serviceinstace info, as below:
[root@host-172-16-120-29 ~]# oc get serviceinstance
NAME                      AGE
rh-postgresql-apb-qhw2s   2m
[root@host-172-16-120-29 ~]# oc describe serviceinstance rh-postgresql-apb-qhw2s
Name:                rh-postgresql-apb-qhw2s
Namespace:        jian
Labels:                <none>
Annotations:        <none>
API Version:        servicecatalog.k8s.io/v1beta1
Kind:                ServiceInstance
Metadata:
  Creation Timestamp:        2018-04-04T06:35:58Z
  Finalizers:
    kubernetes-incubator/service-catalog
  Generate Name:        rh-postgresql-apb-
  Generation:                1
  Resource Version:        29312
  Self Link:                /apis/servicecatalog.k8s.io/v1beta1/namespaces/jian/serviceinstances/rh-postgresql-apb-qhw2s
  UID:                        6f4a6e5a-37d2-11e8-803e-0a580a800007
Spec:
  Cluster Service Class External Name:        rh-postgresql-apb
  Cluster Service Class Ref:
    Name:                                d5915e05b253df421efe6e41fb6a66ba
  Cluster Service Plan External Name:        dev
  Cluster Service Plan Ref:
    Name:        9783fc2e859f9179833a7dd003baa841
  External ID:        a3d43f86-d4a0-4b6a-8d48-d4c7d770e6f4
  Parameters From:
    Secret Key Ref:
      Key:                parameters
      Name:                rh-postgresql-apb-parametersc6f5h
  Update Requests:        0
  User Info:
    Extra:
      Scopes . Authorization . Openshift . Io:
        user:full
    Groups:
      system:authenticated:oauth
      system:authenticated
    UID:        
    Username:        jiazha
Status:
  Async Op In Progress:        false
  Conditions:
    Last Transition Time:        2018-04-04T06:38:04Z
    Message:                        The instance was provisioned successfully
    Reason:                        ProvisionedSuccessfully
    Status:                        True
    Type:                        Ready
  Deprovision Status:                Required
  External Properties:
    Cluster Service Plan External ID:        9783fc2e859f9179833a7dd003baa841
    Cluster Service Plan External Name:        dev
    Parameter Checksum:                        bba9c67f1db091fb6736dda435b38eb2c9e0838dd9abe090922212a66047033e
    Parameters:
      Postgresql _ Database:        <redacted>
      Postgresql _ Password:        <redacted>
      Postgresql _ User:        <redacted>
      Postgresql _ Version:        <redacted>
    User Info:
      Extra:
        Scopes . Authorization . Openshift . Io:
          user:full
      Groups:
        system:authenticated:oauth
        system:authenticated
      UID:                                
      Username:                                jiazha
  Orphan Mitigation In Progress:        false
  Reconciled Generation:                1
Events:
  FirstSeen        LastSeen        Count        From                                        SubObjectPath        Type                Reason                        Message
  ---------        --------        -----        ----                                        -------------        --------        ------                        -------
  2m                2m                1        service-catalog-controller-manager                        Warning                ErrorWithParameters        Failed to prepare ServiceInstance parameters nil: secrets "rh-postgresql-apb-parametersc6f5h" not found
  2m                2m                1        service-catalog-controller-manager                        Normal                Provisioning                The instance is being provisioned asynchronously
  35s                35s                1        service-catalog-controller-manager                        Normal                ProvisionedSuccessfully        The instance was provisioned successfully

3, Create a binding by using script(see additional info field).
[jzhang@localhost ~]$ uuidgen
7987a89a-57f7-4043-9c51-bf57cd63c2aa

[jzhang@localhost ~]$ ./sync_bind.sh 7987a89a-57f7-4043-9c51-bf57cd63c2aa
binding ID: 7987a89a-57f7-4043-9c51-bf57cd63c2aa
curl: (7) Failed to connect to asb-1338-openshift-ansible-service-broker.apps.0403-ayo.qe.rhcloud.com port 443: No route to host
[jzhang@localhost ~]$ ./sync_bind.sh 7987a89a-57f7-4043-9c51-bf57cd63c2aa
binding ID: 7987a89a-57f7-4043-9c51-bf57cd63c2aa
HTTP/1.1 201 Created
Content-Type: application/json
Date: Wed, 04 Apr 2018 07:00:11 GMT
Content-Length: 180
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=e575c883005e354c2a431a709ac5d9e1; path=/; HttpOnly; Secure

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "test",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}

4, Call the same bind.

Actual results:
[jzhang@localhost ~]$ ./sync_bind.sh 7987a89a-57f7-4043-9c51-bf57cd63c2aa
binding ID: 7987a89a-57f7-4043-9c51-bf57cd63c2aa
HTTP/1.1 201 Created
Content-Type: application/json
Date: Wed, 04 Apr 2018 07:00:29 GMT
Content-Length: 180
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=e575c883005e354c2a431a709ac5d9e1; path=/; HttpOnly; Secure

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "test",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}

Expected results:
The response should be 200 not 201 per OSB documents.

Additional info:
[jzhang@localhost ~]$ cat sync_bind.sh 
INSTANCE_ID="a3d43f86-d4a0-4b6a-8d48-d4c7d770e6f4"
#BINDING_ID=$(uuidgen)
BINDING_ID=$1
PLAN_UUID="9783fc2e859f9179833a7dd003baa841"
SERVICE_UUID="rh-postgresql-apb-qhw2s"
IDENTITY=$(echo -n '{"groups":["system:authenticated:oauth","system:authenticated"],"scopes.authorization.openshift.io":["user:full"],"uid":"","username":"jiazha"}'|base64 -w 0)

echo "binding ID: $BINDING_ID"

req="{
  \"plan_id\": \"$PLAN_UUID\",
  \"service_id\": \"$SERVICE_UUID\",
  \"context\": \"blog-project\",
  \"app_guid\":\"\",
  \"bind_resource\":{},
  \"parameters\": {}
}"

curl \
    -k -i \
    -X PUT \
    -H "Authorization: bearer $(oc whoami -t)" \
    -H "Content-type: application/json" \
    -H "Accept: application/json" \
    -H "X-Broker-API-Originating-Identity: kubernetes $IDENTITY" \
    -d "$req" \
    "https://asb-1338-openshift-ansible-service-broker.apps.0403-ayo.qe.rhcloud.com/ansible-service-broker/v2/service_instances/$INSTANCE_ID/service_bindings/$BINDING_ID"

[root@host-172-16-120-29 ~]# oc version
oc v3.7.42
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://host-8-247-157.host.centralci.eng.rdu2.redhat.com:8443
openshift v3.7.42
kubernetes v1.7.6+a08f5eeb62


And, I confirm this issue fixed in the 3.9 env, ASB 1.1.16 version.

Comment 1 John Matthews 2018-04-04 10:47:15 UTC
Aligning this to 3.10.0, BZ was originally filed with target release of 3.7.z but we don't intend to address this in 3.7.z.

Comment 2 Jesus M. Rodriguez 2018-04-16 14:24:35 UTC
Fixed by async bind changes.

[jesusr@speed3 linux{master}]$ BID=`uuidgen`                       
[jesusr@speed3 linux{master}]$ ./sync_bind.sh $BID                 
binding ID: 4d4af13b-f047-4a03-8d05-d530cf381252                   
HTTP/1.1 201 Created             
Content-Type: application/json   
Date: Mon, 16 Apr 2018 14:21:04 GMT                                
Content-Length: 184              
Set-Cookie: d05351dd24520dce41f310fcfc112523=4dadbcf5392319a16cee15b01e6bb9c5; path=/; HttpOnly; Secure                                

{                                
  "credentials": {               
    "DB_HOST": "postgresql",     
    "DB_NAME": "admin",          
    "DB_PASSWORD": "password",   
    "DB_PORT": "5432",           
    "DB_TYPE": "postgres",       
    "DB_USER": "admin"           
  }                              
}                                
[jesusr@speed3 linux{master}]$ ./sync_bind.sh $BID
binding ID: 4d4af13b-f047-4a03-8d05-d530cf381252
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 16 Apr 2018 14:21:15 GMT
Content-Length: 184
Set-Cookie: d05351dd24520dce41f310fcfc112523=4dadbcf5392319a16cee15b01e6bb9c5; path=/; HttpOnly; Secure
Cache-control: private

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "password",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}
[jesusr@speed3 linux{master}]$ ./sync_bind.sh $BID
binding ID: 4d4af13b-f047-4a03-8d05-d530cf381252
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 16 Apr 2018 14:21:20 GMT
Content-Length: 184
Set-Cookie: d05351dd24520dce41f310fcfc112523=4dadbcf5392319a16cee15b01e6bb9c5; path=/; HttpOnly; Secure
Cache-control: private

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "password",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}

Comment 3 Jesus M. Rodriguez 2018-04-16 14:39:17 UTC
definitely in 3.10 build ansible-service-broker-1.2.5-1

Comment 4 Jian Zhang 2018-04-17 05:37:39 UTC
The ASB version: 1.2.5
[root@host-172-16-120-104 ~]# docker run --rm --entrypoint=asbd registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker:v3.10.0 --version
1.2.5

[root@host-172-16-120-104 ~]# oc version
oc v3.10.0-0.15.0
kubernetes v1.9.1+a0ce1bc657
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://172.16.120.104:8443
openshift v3.10.0-0.15.0
kubernetes v1.9.1+a0ce1bc657

[jzhang@localhost ~]$ uuidgen
31b982b0-85d6-436d-86ca-157fe3293203
[jzhang@localhost ~]$ ./sync_bind.sh 31b982b0-85d6-436d-86ca-157fe3293203
binding ID: 31b982b0-85d6-436d-86ca-157fe3293203
HTTP/1.1 201 Created
Content-Type: application/json
Date: Tue, 17 Apr 2018 05:33:55 GMT
Content-Length: 180
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=ce9c6768267189514441665e21b794d3; path=/; HttpOnly; Secure

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "test",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}
[jzhang@localhost ~]$ ./sync_bind.sh 31b982b0-85d6-436d-86ca-157fe3293203
binding ID: 31b982b0-85d6-436d-86ca-157fe3293203
HTTP/1.1 200 OK
Content-Type: application/json
Date: Tue, 17 Apr 2018 05:33:58 GMT
Content-Length: 180
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=ce9c6768267189514441665e21b794d3; path=/; HttpOnly; Secure
Cache-control: private

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "test",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}
[jzhang@localhost ~]$ ./sync_bind.sh 31b982b0-85d6-436d-86ca-157fe3293203
binding ID: 31b982b0-85d6-436d-86ca-157fe3293203
HTTP/1.1 200 OK
Content-Type: application/json
Date: Tue, 17 Apr 2018 05:34:04 GMT
Content-Length: 180
Set-Cookie: 89a6d633054ded194d4e1360cdc1fbef=ce9c6768267189514441665e21b794d3; path=/; HttpOnly; Secure
Cache-control: private

{
  "credentials": {
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "test",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}

It works as expected, LGTM, verify it, thanks!

Comment 6 errata-xmlrpc 2018-07-30 19:11:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1816


Note You need to log in before you can comment on or make changes to this bug.