search

Azure / open-service-broker-azure

The Open Service Broker API Server for Azure Services
https://osba.sh
MIT License
248 stars 100 forks source link

Binding of Mysql instance failed, but the error wasn't returned to the service catalog controller #568

Open arapulido opened 6 years ago

arapulido commented 6 years ago

Hello,

I had an error creating a ServiceBinding for a Mysql instance, and looking at the osba logs I can see why (firewall rules wrongly set up): 

time="2018-09-14T12:53:05Z" level=error msg="binding error: error executing service-specific binding logic" bindingID= error="Error 9000: Client with IP address '<ip>' is not allowed to connect to this MySQL server." instanceID= status=BINDING_FAILED

But this error doesn't get propagated to the service catalog, so in the ServiceBinding status it doesn't appear why it failed:

kubectl describe ServiceBinding mybinding
[...]
Events:
  Type     Reason                               Age   From                                Message
  ----     ------                               ----  ----                                -------
  Warning  BindCallFailed                       2m    service-catalog-controller-manager  ServiceBroker returned failure; bind operation will not be retried: Status: 500; ErrorMessage: <nil>; Description: <nil>; ResponseError: <nil>
  Warning  ServiceBindingReturnedFailure        2m    service-catalog-controller-manager  ServiceBroker returned failure; bind operation will not be retried: Status: 500; ErrorMessage: <nil>; Description: <nil>; ResponseError: <nil>
  Warning  ServiceBindingNeedsOrphanMitigation  2m    service-catalog-controller-manager  Starting orphan mitigation
  Normal   OrphanMitigationSuccessful           2m    service-catalog-controller-manager  Orphan mitigation was completed successfully

Is there a way for OSBA to propagate that error so it appears in the status of the binding?

norshtein commented 6 years ago

Hi @arapulido , thanks for bringing up this issue. This error is generated here, and you may have noticed that there are several TODOs like "TODO: Write a more detailed response" in this file. Actually, we have planned to provide detailed response for some times, but we were occupied in other items and didn't have a free hand to do this. But we will surely do these TODOs later and then you will be able to get detailed information in the message.

zhongyi-zhang commented 6 years ago

I ever raised this: https://github.com/Azure/open-service-broker-azure/issues/523. Please see words from @krancour. This case seems an exception, which should expose the error message to user. I think we should define a boundary whether an error is directly exposed to user or not. The boundary can be: if the error comes from Azure (REST APIs / connection to Azure hosted services), the http response includes the error message. Else, the broker only logs it.