Should we use 404's

[duglin]

While working on https://github.com/openservicebrokerapi/servicebroker/pull/178 there was a discussion around where 404 or 410 should be used when the resource in question is no longer there, or never existed.

The proposed changes (introducing 404's) was reverted so we could discuss it separately

[chulkilee]

From @shalako at https://github.com/openservicebrokerapi/servicebroker/pull/178#discussion_r119907465

For async delete operations, brokers must return a 410. For async create and update, brokers must return a 200. If the resource does not exist, brokers must return a 410.

A 404 is problematic because it may be temporarily returned by a intermediating component (e.g. the CF router). We would not want a platform to remove a resource from its database as a result of a 404 response, since we cannot guarantee that a 404 was returned by the broker itself.

I see the point, but shouldn't it be ops problem instead of avoiding 404 from OSB?

There are several ways to differentiate 404 from OSB vs other proxy in OSB spec.

• require x-broker-api-version in response header
• require specific error code in response body (as JSON object is already required)

[mattmcneeney]

@duglin do you still need this?

[duglin]

Probably not since I don't think we can change this w/o breaking things. So its more of a v3 item. Closing for now.