search

openshift / ansible-service-broker

Ansible Service Broker
Apache License 2.0
228 stars 84 forks source link

second async bind call returns incorrect response #670

Closed mhrivnak closed 6 years ago

mhrivnak commented 6 years ago

What happened: I made exactly the same async bind call twice in rapid succession. When the second call was made, the first operation was still running on the server.

Per the proposed OSB API spec, the second call should return the same token as the first in the body and a response code of 202. Instead it returned the provision credentials and a 200.

The first response:

HTTP/1.1 202 Accepted
Content-Type: application/json
Date: Fri, 19 Jan 2018 21:46:23 GMT
Content-Length: 58
Set-Cookie: d05351dd24520dce41f310fcfc112523=5fcc1b36cc26f6c610e7a29ef28f3e51; path=/; HttpOnly; Secure

{
  "operation": "ddb8668f-3b1d-49b9-a8f4-0c2b362600b3"
}

The second response:

HTTP/1.1 200 OK
Content-Type: application/json
Date: Fri, 19 Jan 2018 21:46:23 GMT
Content-Length: 228
Set-Cookie: d05351dd24520dce41f310fcfc112523=5fcc1b36cc26f6c610e7a29ef28f3e51; path=/; HttpOnly; Secure
Cache-control: private

{
  "credentials": {
    "DB_ADMIN_PASSWORD": "zwyWS7AHkic9BzNtkuuI",
    "DB_HOST": "postgresql",
    "DB_NAME": "admin",
    "DB_PASSWORD": "foo",
    "DB_PORT": "5432",
    "DB_TYPE": "postgres",
    "DB_USER": "admin"
  }
}

What you expected to happen: Same response twice in a row

What the proposed spec says A 202 http response code "MUST be returned if the binding is in progress. This triggers the Platform to poll the Polling Last Operation for Service Bindings endpoint for operation status. Information regarding the Service Binding (i.e. credentials) MUST NOT be returned in this asynchronous request. Note that a re-sent PUT request MUST return a 202 Accepted, not a 200 OK, if the binding is not yet fully created."

https://github.com/mattmcneeney/servicebroker/blob/a57c1723960490bc5b31096c204cbd21d266cea3/spec.md#response-5

Likely Cause: I suspect that when the second request is processed, it finds a record of the in-progress binding and misinterprets that as the binding already existing, and then defaults to returning whatever credentials it finds, which are only the provision credentials. But that's just a vague theory.

How to reproduce it:

  1. configure the broker to run APBs on bind/unbind and auto-escalate
  2. make identical PUT requests to create a binding with accepts_complete=true in rapid succession
mhrivnak commented 6 years ago

I'll work on a fix.

mhrivnak commented 6 years ago

The root cause and possible solutions are being discussed here: https://github.com/openshift/ansible-service-broker/pull/680

mhrivnak commented 6 years ago

Tracked here as well: https://bugzilla.redhat.com/show_bug.cgi?id=1543521

philipgough commented 6 years ago

@mhrivnak referenced wrong issue. apologies :)