-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetching current input parameters values (for a service or a binding) #159
Comments
This seems to come back to the bigger question of whether OSB should provide a full REST API. Also I think that the common feeling around here is not to require brokers to keep state. If we have specific use cases where clients require to retrieve the value of parameters it would make for a much compelling argument in favour of this requirement, instead of guessing a possible future need. In any case it is probably better to raise this question in the weekly meeting. |
Of course, I've added it to the agenda for today's call. There are some use cases within Cloud Foundry whereby app developers would want to retrieve the configuration of their service instances and bindings. It will be interesting to hear if anyone else has run into this problem. |
Use case mentionned during the WG call is that client UIs could display previously submitted parameters fields as to improve “update service instance” UX. Would be worth investigating whether platforms could expose these endpoints instead of brokers, keeping the OSB API simple and reducing state management constraints on brokers. In order to avoid allow clients UI fetching and displaying sensitive params: |
As well as improving the update service instance UX, this could also improve visibility into existing service instances and bindings. CF is working on a number of service brokers that expose non-sensitive parameters (such as number of nodes in a cluster, disk sizes, etc) that developers would like to be able to see and change via a CLI or UI. We have already come across use cases whereby brokers have their own dashboards for modifying configuration, so the platform will not always know the correct parameter values, so relying on the platform to provide current parameter values will in some cases be impossible. If we made these API endpoints optional, that would mean that brokers that are unable to maintain state do not have to, and we can introduce this in version 2 (non-breaking change). Note that we also discussed on the call how some brokers could rely on other services to maintain state. We could also specify how brokers (if they want to) should respond when asked for parameters that contain sensitive information. For example, a call to:
could return
Alternatively brokers could simply not return sensitive parameters. I'm unsure whether we should specify how brokers should handle secrets within the spec. @gberche-orange What are your thoughts on this? As CF is now beginning work on the input parameter schemas for the validation through implementation, we're happy to do the same for this piece of work if we can agree on a sensible approach. |
I've put together a document that specifies the Cloud Foundry use case for this, and a proposed solution. Thoughts and feedback very welcome. |
I've had a similar request on CC a while back: cloudfoundry/cloud_controller_ng#680 |
Ignoring the security aspects of this, I like the idea of supporting GET - we'd just need to make it optional. |
Today all of our service brokers expose an INFO end point that can be queried to get information about a service instance. We don't supply sensitive data and we display the info returned in our Web UI. The info usually includes details about parameters passed in or sometimes includes information about the availability of the service. Another example, our "scheduled auto scale" that takes a cron as a service param. One of the items returned by the info endpoint is the next time we expect the cron to run, It would be nice if the CC could invoke a GET endpoint on the broker where the broker could provide information about a service instance or binding. I would love for support for this to be more formal. |
Hey all. So I've started mocking this together on a branch. My main question is:
Let me know what you think of master...mattmcneeney:get-endpoints. Cheers. |
@mattmcneeney considering that even a single GET request makes service broker stateful, I would add GET endpoints for all corresponding PUT requests. |
From the f2f notes I see:
My take-away from the f2f was that we would add a GET endpoint for all resources. |
I think the branch has both of those GET endpoints. We have Fetching a Service Instance and Fetching a Service Binding. |
Any further thoughts on this all? |
I recommend supporting all fields currently supported for responses to the create instance or create binding endpoints, as suggested in the diff linked above. This proposal looks good to me and I would recommend for moving it to validation-via-implementation phase. |
I think you can remove text like:
|
@duglin I've removed the following text from my PR:
As discussed on the call, we probably want this to be removed in the existing spec :) |
Just adding a note here that one other use cases of requiring parameter access is to be able to do an unbind/rebind operation for a given service to refresh its configuration (such as hostnames, etc.). The operator needs to know how the service was initially bound, especially if it's scripted (i.e. this is not likely the same person who did the binding in the first place!). This is a useful operation to do if the backing service has changed hostnames or IPs, such as in a disaster recovery scenario. One would think that the "update-service" (i.e. PUT /v2/service_instances/:guid) in theory would cover this case but in practice it doesn't actually refresh the service configuration unless you're changing something (service plans, etc.). Only an unbind/rebind will in practice (at least in CF). |
+1 to this. |
@mattmcneeney @duglin CF will consider a broker response invalid if it does not include a valid JSON object. |
@shalako right but since we define a Body I think that sentence is redundant. I think it was only needed before in cases where there was no Body properties defined. |
Can we just add that in one place to the top of the spec and remove from all existing response bodies? |
I see this has been promoted to validation. Great news. |
@mattmcneeney Do you expect this to be validated in CF and PR'd in time for 2.13 (early September)? @pmorie will the service-catalog SIG be implementing this feature soon? |
@avade I don't think we'll have feedback on this one by early September unfortunately. We may have support for it in the platform by then, but we probably won't have any brokers supporting the feature to get feedback from. |
@duglin The current branch ( https://github.com/mattmcneeney/servicebroker/blob/get-endpoints/spec.md#fetching-a-service-instance ) only has a All - do we need to add a |
Couple of comments:
In the binding:
The question about 202 doesn't just apply during async, but even sync since a GET could be issued while a provision/bind request is being worked on in a synchronous model. Overall it seems right, we just need to decide on which fields to return. Didn't we also talk about allowing a broker to return a subset of the data if it didn't want (or couldn't) return all of it - like the creds? |
The platform currently has a way to figure out which optional endpoints the broker supports.
This allows platforms to only send requests to brokers who explicitly declare support for them. The proposal as it stands does not allow any discoverability mechanism these endpoints by the platform. I think in the face to face we discussed that brokers who do not support these endpoints can just return a 404, however I see a number of flaws with this approach:
Instead should we follow current convention and add explicit support in the catalog for these endpoints? |
Really late to the game ... my apologies. The idea here is that it is up to the broker to decide which parameters it wants the controller to save. In our implementations fields like passwords, authentication keys, as well as one-time configuration values are not typically returned in this set of parameters. If an admin elects to modify a service instance or binding these saved parameters are used to populate "defaults" in our UI. -- |
@skaegi We are seeing many brokers use platform components or the data service it backs onto to store any state it has to keep. I agree though that it is entirely up to the brokers what they want to return in these endpoints, from parameter values to credentials and anything else. |
re: platform components -- that's interesting! |
Closing this as it will be resolved by #333 |
Following on from Issue 59 (Service broker can declare supported schema for parameters field), we are expecting that platforms will want to be able to fetch the current values of any service or binding input parameters.
How could this be integrated into the service broker API?
Potential idea
Add two new endpoints:
GET /v2/service_instances/:instance_id
to fetch input parameters for a service.GET /v2/service_instances/:instance_id/service_bindings/:binding_id
to fetch input parameters for a binding.Concerns:
Proposal Doc
(edit by @avade)
Proposal: Fetching Configuration Parameters
The text was updated successfully, but these errors were encountered: