Add text around what brokers should do upon failures #354
Conversation
|
Hey duglin! Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA. |
|
On hold until we resolve #353 |
spec.md
Outdated
| @@ -718,6 +718,12 @@ For success responses, the following fields are valid. | |||
| } | |||
| ``` | |||
|
|
|||
| If the successful response includes a `state` of `failed` then the Platform | |||
| MUST send a deprovision request to the Service Broker to prevent an orphan | |||
| being created on the Service Broker. However, while the platform will attempt | |||
There was a problem hiding this comment.
I'd capitalise Platform (multiple occurences in this PR) now to save conflicts when #356 is merged
spec.md
Outdated
| binding will remain in the marketplace database. Service brokers can include a | ||
| user-facing message in the `description` field; for details see [Service | ||
| Broker Errors](#service-broker-errors). | ||
| binding MUST remain in the marketplace database. |
There was a problem hiding this comment.
Is this the first time we've used "marketplace database"? Can we rephrase this to something like:
Responses with any other status code will be interpreted as a failure and the Platform MUST continue to remember the Service Binding.
There was a problem hiding this comment.
its not the only time we talk about DBs for the marketplace. Let me see if I can sneak in that change....
There was a problem hiding this comment.
actually, let me do that in a new PR since its more than just a one word change and might require some thinking by the reviewers.
See openservicebrokerapi#354 (review) Signed-off-by: Doug Davis <dug@us.ibm.com>
|
LGTM |
|
@duglin this PR needs rebase now. I will give my LG after it :) |
|
rebased |
|
LGTM |
|
I know there was some concern about this text: so, if those concerns are still there would using this text (someplace in the spec) help? IMO this leaves it open for the resource to live on for a while if the broker has a good reason Thoughts? |
|
Regarding this text: As a platform author, my interpretation of that is:
|
|
I'm ok with that interpretation :-) |
duglin
force-pushed
the
cleanOnFail
branch
2 times, most recently
from
c9b8178
to
53193b6
Compare
spec.md
Outdated
| @@ -962,7 +966,12 @@ $ curl http://username:password@service-broker-url/v2/service_instances/:instanc | |||
| | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. | | |||
| | 422 Unprocessable entity | MUST be returned if the requested change is not supported or if the request cannot currently be fulfilled due to the state of the Service Instance (e.g. Service Instance utilization is over the quota of the requested plan). Service Brokers SHOULD include a user-facing message in the body; for details see [Service Broker Errors](#service-broker-errors). Additionally, a `422 Unprocessable Entity` can also be returned if the Service Broker only supports asynchronous update for the requested plan and the request did not include `?accepts_incomplete=true`; in this case the expected response body is: `{ "error": "AsyncRequired", "description": "This Service Plan requires client support for asynchronous service operations." }` (see [Service Broker Errors](#service-broker-errors). | | |||
|
|
|||
| Responses with any other status code will be interpreted as a failure. Service Brokers can include a user-facing message in the `description` field; for details see [Service Broker Errors](#service-broker-errors). | |||
| Responses with any other status code will be interpreted as a failure and | |||
| the Service Broker MUST NOT apply any of the requested changes to the | |||
There was a problem hiding this comment.
How does the service broker deal with a long running, multi step update that fails near the end? It had to modify things to keep track of state in the migration, but was unable to complete the update. Do we require that the broker rolls all the steps back?
Perhaps this MUST NOT should be a SHOULD NOT ?
There was a problem hiding this comment.
My concern with SHOULD NOT is that it then becomes indeterminate and we can't know what state the broker left things. Which, sort of, means we can't use the instance upon failure and will be forced to delete it.
There was a problem hiding this comment.
I have a concern about the case where the broker returns a 500, as the resource could have been put into an unknown state. The same goes for timeout scenarios.
For 4xx I agree that we should state MUST NOT.
There was a problem hiding this comment.
per our last call, I made the MUST NOT linked to a 4xx status code. I'll open a new issue to discuss if we can say anything about 5xx's.
|
LGTM Note this PR will conflict with #409. |
|
Which one do you think will be easier to merge? This one last? |
|
I'm ok with #409 going first since it has more edits |
|
rebased |
|
Travis is failing
@duglin the check is working as intended 😄 |
Provide more guidance for what should happen when things go wrong so we can ensure a more consistent semantics and interop. This should only be reviewed after openservicebrokerapi#353 Signed-off-by: Doug Davis <dug@us.ibm.com>
|
:-) |
|
reviews needed |
|
LGTM |
|
Happy with these changes. LGTM |
|
2 more needed |
|
LGTM |
1 similar comment
|
LGTM |
Provide more guidance for what should happen when things go wrong
so we can ensure a more consistent semantics and interop.
This should only be reviewed after #353 - so only look at the 2nd commit.
Signed-off-by: Doug Davis dug@us.ibm.com