openservicebrokerapi / osb-checker

An automatic checker to verify an Open Service Broker API implementation against the specification
https://github.com/openservicebrokerapi/servicebroker/
Apache License 2.0
48 stars 40 forks source link

X-Broker-API-Version Header Check vs Spec Definition #3

Open jeremyrickard opened 7 years ago

jeremyrickard commented 7 years ago

The following check seems to be imposing a requirement that the spec does not actually impose:

should reject requests without X-Broker-API-Version header with 412

The Open Service Broker Spec states:

Requests from the platform to the service broker MUST contain a header that declares the version number of the Service Broker API that the marketplace will use:

This header allows brokers to reject requests from marketplaces for versions they do not support. While minor API revisions will always be additive, it is possible that brokers depend on a feature from a newer version of the API that is supported by the platform. In this scenario the broker MAY reject the request with 412 Precondition Failed and provide a message that informs the operator of the API version that is to be used instead.

Note that this doesn't actually state the brokers MUST fail the request (it doesn't define the behavior so it''s ambiguous).

Haishi2016 commented 6 years ago

What would be a good fix to this, to make this part configurable in the test config, i.e. "check for X-Broker-API-Version header" (true or false)?

eruvanos commented 6 years ago

Requests from the platform to the service broker MUST contain a header that declares the version number of the Service Broker API that the marketplace will use...

I think this means, that requests without that header are invalid requests. That would be a 400 BadRequest.

What do you think?

leonwanghui commented 5 years ago

@zhongyi-zhang @norshtein Any thought?