Orphan mitigation vs. still usable service instances after deprovisioning failure

[philippthun]

What is the problem? There are conflicting statements in the spec about how platforms should handle a failed deprovisioning.

This section instructs platforms to assume the service instance to be still usable, whereas this section implies that an orphan mitigation should be performed.

Who does this affect? Platform authors

Do you have any proposed solutions? My gut feeling is that the orphan mitigation part was just not updated to reflect the changes done as part of PR #661. Maybe it would be enough to change the (Orphan Mitigation SHOULD be performed for Service Instances) "Yes" to "Yes if instance_usable equals false, otherwise not".

[philippthun]

Hi @Samze and @rsampaio, do you have any thoughts on this?

[rsampaio]

Hi Philipp,

I believe we are talking about two different cases, the first case is when the provisioning of an instance fail for any reason, the broker should signal the failure in the status of the service instance and also in the last operation polling operation, when the platform consumes that it can call brokeres to deprovision, this is the mechanism for platforms to clean up failed provisioning. The second part would be for deprovision operations that failed leaving behind an orphan instance with a status different than "operational", the platform can would fetch all instances and compare with it's internal records. In my company we have process consuming a stream of instances and consolidating by force-deprovisioning instances that are supposed to be deleted.

please let us know if this adds some clarity otherwise I will be happy to keep the discussion going and share more examples.

[pivotal-marcela-campo]

Closing this issue as it hasn't have any recent activity.