Thanks for submitting an issue to cloud_controller_ng. We are always trying to improve! To help us, please fill out the following template.
Issue
Sending a broker update including empty strings for username and password will cause the broker to be locked in state SYNCHRONIZING.
Context
When updating a service broker with empty strings for username or password like so:
$ cf curl -X PATCH "/v3/service_brokers/08f7ad8a-aee8-4211-b605-3b4c88a874b1" -d '{"authentication": {"type":"basic", "credentials":{"username":"", "password":""}}}'
the async job will fail with a 500 - unknown error:
$ cf curl "/v3/jobs/8c88693f-0958-4ff1-ae5f-979b00ee8198"
{
"guid": "8c88693f-0958-4ff1-ae5f-979b00ee8198",
"created_at": "2022-08-22T08:55:07Z",
"updated_at": "2022-08-22T08:55:07Z",
"operation": "service_broker.update",
"state": "FAILED",
"errors": [
{
"title": "UnknownError",
"detail": "An unknown error occurred.",
"code": 10001
}
],
"warnings": [],
"links": {
"self": {
"href": "https://api.cf.dev22.aws.bndl.sapcloud.io/v3/jobs/8c88693f-0958-4ff1-ae5f-979b00ee8198"
},
"service_brokers": {
"href": "https://api.cf.dev22.aws.bndl.sapcloud.io/v3/service_brokers/08f7ad8a-aee8-4211-b605-3b4c88a874b1"
}
}
}
The service broker stays in state SYNCHRONIZING:
-[ RECORD 2 ]---------+-------------------------------------------------------
id | 2
guid | 08f7ad8a-aee8-4211-b605-3b4c88a874b1
created_at | 2022-08-22 08:42:36.700996
updated_at | 2022-08-22 08:55:07.550528
name | ta-sb
broker_url | https://at-sb.cfapps.dev22.aws.bndl.sapcloud.io
auth_password | PLbOfqnbHa/Cb/zmAegTHg==
salt | f88f636820c17ac2
auth_username | admin
space_id |
encryption_key_label | encryption_key_0
encryption_iterations | 2048
state | SYNCHRONIZING
And updating the broker with the correct credentials (actually updating the broker with anything else than metadata) is not possible from then on:
$ cf curl -X PATCH "/v3/service_brokers/08f7ad8a-aee8-4211-b605-3b4c88a874b1" -d '{"authentication": {"type":"basic", "credentials":{"username":"admin", "password":"admin"}}}'
{
"errors": [
{
"detail": "Cannot update a broker when other operation is already in progress",
"title": "CF-UnprocessableEntity",
"code": 10008
}
]
}
Steps to Reproduce
see above
Expected result
The broker does not get locked by a erroneous request.
Current result
The broker is locked and no interactions with the broker are possible anymore.
Possible Fix
The CC should either reject a request which includes empty strings for username or password. This is probably the best solution, as we don't need to enqueue a job.
Another solution would be to set the broker state to SYNCHRONIZATION_FAILED and return an appropriate error message to the client if the sequel validations fail.
Thanks for submitting an issue to
cloud_controller_ng. We are always trying to improve! To help us, please fill out the following template.Issue
Sending a broker update including empty strings for
usernameandpasswordwill cause the broker to be locked in stateSYNCHRONIZING.Context
When updating a service broker with empty strings for
usernameorpasswordlike so:the async job will fail with a 500 - unknown error:
The service broker stays in state
SYNCHRONIZING:And updating the broker with the correct credentials (actually updating the broker with anything else than metadata) is not possible from then on:
Steps to Reproduce
see above
Expected result
The broker does not get locked by a erroneous request.
Current result
The broker is locked and no interactions with the broker are possible anymore.
Possible Fix
The CC should either reject a request which includes empty strings for
usernameorpassword. This is probably the best solution, as we don't need to enqueue a job.Another solution would be to set the broker state to
SYNCHRONIZATION_FAILEDand return an appropriate error message to the client if the sequel validations fail.