@suluk/provision 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/spec.md ADDED
@@ -0,0 +1,1969 @@
1
+ # Open Service Broker API (master - might contain changes that are not yet released)
2
+
3
+ ## Table of Contents
4
+ - [API Overview](#api-overview)
5
+ - [Notations and Terminology](#notations-and-terminology)
6
+ - [Changes](#changes)
7
+ - [Change Policy](#change-policy-for-minor-versions)
8
+ - [Changes Since v2.16](#changes-since-v216)
9
+ - [Headers](#headers)
10
+ - [API Version Header](#api-version-header)
11
+ - [Originating Identity](#originating-identity)
12
+ - [Request Identity](#request-identity)
13
+ - [Platform to Service Broker Authentication](#platform-to-service-broker-authentication)
14
+ - [URL Properties](#url-properties)
15
+ - [Service Broker Errors](#service-broker-errors)
16
+ - [Content Type](#content-type)
17
+ - [Catalog Management](#catalog-management)
18
+ - [Synchronous and Asynchronous Operations](#synchronous-and-asynchronous-operations)
19
+ - [Synchronous Operations](#synchronous-operations)
20
+ - [Asynchronous Operations](#asynchronous-operations)
21
+ - [Blocking Operations](#blocking-operations)
22
+ - [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances)
23
+ - [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings)
24
+ - [Polling Interval and Duration](#polling-interval-and-duration)
25
+ - [Provisioning](#provisioning)
26
+ - [Fetching a Service Instance](#fetching-a-service-instance)
27
+ - [Updating a Service Instance](#updating-a-service-instance)
28
+ - [Binding](#binding)
29
+ - [Binding Rotation](#binding-rotation)
30
+ - [Types of Binding](#types-of-binding)
31
+ - [Fetching a Service Binding](#fetching-a-service-binding)
32
+ - [Unbinding](#unbinding)
33
+ - [Deprovisioning](#deprovisioning)
34
+ - [Orphan Mitigation](#orphan-mitigation)
35
+
36
+ ## API Overview
37
+
38
+ The Open Service Broker API defines an HTTP(S) interface between Platforms and
39
+ Service Brokers.
40
+
41
+ The Service Broker is the component of the service that implements the Service
42
+ Broker API, for which a Platform is a client. Service Brokers are responsible
43
+ for advertising a catalog of Service Offerings and Service Plans to the
44
+ Platform, and acting on requests from the Platform for provisioning, binding,
45
+ unbinding, and deprovisioning.
46
+
47
+ In general, provisioning reserves a resource on a service; we call this
48
+ reserved resource a Service Instance. What a Service Instance represents can
49
+ vary by service. Examples include a single database on a multi-tenant server,
50
+ a dedicated cluster, or an account on a web application.
51
+
52
+ What a Service Binding represents MAY also vary by service. In general, creation
53
+ of a Service Binding either generates credentials necessary for accessing the
54
+ resource or provides the Service Instance with information for a configuration change.
55
+
56
+ A Platform MAY expose services from one or many Service Brokers, and an
57
+ individual Service Broker MAY support one or many Platforms using different URL
58
+ prefixes and credentials.
59
+
60
+ ## Notations and Terminology
61
+
62
+ ### Notational Conventions
63
+
64
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
65
+ "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to
66
+ be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119).
67
+
68
+ ### Terminology
69
+
70
+ This specification defines the following terms:
71
+
72
+ - *Application*: Often the entity using a Service Instance will be a piece of
73
+ software, however, this does not need to be the case. For the purposes of
74
+ this specification, the term "Application" will be used to represent all
75
+ entities that might make use of, and be bound to, a Service Instance.
76
+
77
+ - *Platform*: The software that will manage the cloud environment into which
78
+ Applications are provisioned and Service Brokers are registered. Users will
79
+ not directly provision Services from Service Brokers, rather they will ask
80
+ the Platform to manage Services and interact with the Service Brokers for
81
+ them.
82
+
83
+ - *Service*: A managed software offering that can be used by an Application.
84
+ Typically, Services will expose some API that can be invoked to perform
85
+ some action. However, there can also be non-interactive Services that can
86
+ perform the desired actions without direct prompting from the Application.
87
+
88
+ - *Service Broker*: Service Brokers manage the lifecycle of Services. Platforms
89
+ interact with Service Brokers to provision, and manage, Service Instances
90
+ and Service Bindings.
91
+
92
+ - *Service Offering*: The advertisement of a Service that a Service Broker
93
+ supports.
94
+
95
+ - *Service Plan*: The representation of the costs and benefits for a given
96
+ variant of the Service Offering, potentially as a tier.
97
+
98
+ - *Service Instance*: An instantiation of a Service Offering and Service Plan.
99
+
100
+ - *Service Binding*: Represents the request to use a Service Instance. As part
101
+ of this request there might be a reference to the entity, also known as the
102
+ Application, that will use the Service Instance. Service Bindings will often
103
+ contain the credentials that can then be used to communicate with the Service
104
+ Instance.
105
+
106
+
107
+ ## Changes
108
+
109
+ ### Change Policy for Minor Versions
110
+
111
+ * Existing endpoints and fields MUST NOT be removed or renamed.
112
+ * New OPTIONAL endpoints, or new HTTP methods for existing endpoints, MAY be
113
+ added to enable support for new features.
114
+ * New fields MAY be added to existing request/response messages.
115
+ These fields MUST be OPTIONAL and SHOULD be ignored by clients and servers
116
+ that do not understand them.
117
+
118
+ ### Changes Since v2.16
119
+
120
+ * Add binding rotation fields to the spec and guidance on how to use the expiration fields for Service Binding
121
+ * Remove ambiguity on provisioning status code and clarify 200 status with consistent language for depraction
122
+ * Add context object to the response of fetching a Service Instance and turn into a non-requirement for Service Instances
123
+ * Rename context to attributes and update openapi files and the spec with an example
124
+ * Moved attributes to metadata and returns the metadata on fetch operations
125
+ * Add guidance for orphan mitigation
126
+ * Reconcile openapi and swagger files to match and generate identical clients and servers
127
+
128
+ For changes in older versions, see the [release notes](https://github.com/openservicebrokerapi/servicebroker/blob/master/release-notes.md).
129
+
130
+ ## Headers
131
+ The following HTTP Headers are defined for the operations detailed in this spec:
132
+
133
+ | Header | Type | Description |
134
+ | --- | --- | --- |
135
+ | X-Broker-API-Version* | string | See [API Version Header](#api-version-header). |
136
+ | X-Broker-API-Originating-Identity | string | See [Originating Identity](#originating-identity). |
137
+ | X-Broker-API-Request-Identity | string | See [Request Identity](#request-identity). |
138
+
139
+ \* Headers with an asterisk are REQUIRED.
140
+
141
+ ### API Version Header
142
+
143
+ Requests from the Platform to the Service Broker MUST contain a header that
144
+ declares the version number of the Open Service Broker API that the Platform
145
+ is using:
146
+
147
+ `X-Broker-API-Version: 2.17`
148
+
149
+ The version numbers are in the format `MAJOR.MINOR` using semantic versioning.
150
+
151
+ This header allows Service Brokers to reject requests from Platforms for
152
+ versions they do not support. While minor API revisions will always be
153
+ additive, it is possible that Service Brokers depend on a feature from a newer
154
+ version of the API that is supported by the Platform. In this scenario the
155
+ Service Broker MAY reject the request with `412 Precondition Failed` and
156
+ provide a message that informs the operator of the API version that is to be
157
+ used instead.
158
+
159
+ If the request from the Platform to the Service Broker doesn't contain this
160
+ header, then the Service Broker MAY reject the request with `400 Bad Request`
161
+ and provide a message that the header is required.
162
+
163
+ ### Originating Identity
164
+
165
+ Often a Service Broker will need to know the identity of the user that
166
+ initiated the request from the Platform. For example, this might be needed for
167
+ auditing or authorization purposes. In order to facilitate this, the Platform
168
+ will need to provide this identification information to the Service Broker on
169
+ each request. Platforms MAY support this feature, and if they do, they MUST
170
+ adhere to the following:
171
+ - For any OSBAPI request that is the result of an action taken by a Platform's
172
+ user, there MUST be an associated `X-Broker-API-Originating-Identity` header on
173
+ that HTTP request.
174
+ - Any OSBAPI request that is not associated with an action from a Platform's
175
+ user, such as the Platform refetching the catalog, MAY exclude the header from
176
+ that HTTP request.
177
+ - If present on a request, the `X-Broker-API-Originating-Identity` header
178
+ MUST contain the identify information for the Platform's user that took
179
+ the action to cause the request to be sent.
180
+
181
+ If the Platform chooses to group multiple end-user operations into one request
182
+ to the Broker, then the identity information associated with that one request
183
+ MUST accurately reflect the desired identity associated for each individual
184
+ change.
185
+
186
+ The format of the header MUST be:
187
+
188
+ ```
189
+ X-Broker-API-Originating-Identity: Platform value
190
+ ```
191
+
192
+ `Platform` MUST be a non-empty string indicating the Platform from which
193
+ the request is being sent. The specific value SHOULD match the values
194
+ defined in the [profile](profile.md) document for the `context.platform`
195
+ property. When `context` is sent as part of a message, this value MUST
196
+ be the same as the `context.platform` value.
197
+
198
+ `value` MUST be a Base64 encoded string. The string MUST be a serialized
199
+ JSON object. The specific properties will be Platform specific - see
200
+ the [profile](profile.md) document for more information.
201
+
202
+ For example:
203
+ ```
204
+ X-Broker-API-Originating-Identity: cloudfoundry eyANCiAgInVzZXJfaWQiOiAiNjgzZWE3NDgtMzA5Mi00ZmY0LWI2NTYtMzljYWNjNGQ1MzYwIg0KfQ==
205
+ ```
206
+
207
+ Where the `value`, when decoded, is:
208
+ ```
209
+ {
210
+ "user_id": "683ea748-3092-4ff4-b656-39cacc4d5360"
211
+ }
212
+ ```
213
+
214
+ Note that not all messages sent to a Service Broker are initiated by an
215
+ end-user of the Platform. For example, during
216
+ [Orphan Mitigation](#orphan-mitigation) or during the querying of the Service
217
+ Broker's catalog, the Platform might not have an end-user with which to
218
+ associate the request, therefore in those cases the originating identity header
219
+ would not be included in those messages.
220
+
221
+ ### Request Identity
222
+
223
+ A Platform might wish to uniquely identify a specific request as it flows throughout the system.
224
+ For example, this might be used for logging for request tracing purposes. In order to facilitate
225
+ this, Platforms will need to provide identification information to the Service Broker for each
226
+ request. Platforms MAY support this feature, and if they do, they MUST adhere to the following:
227
+ - For any OSBAPI request, there MUST be an associated `X-Broker-API-Request-Identity` header on
228
+ the HTTP request.
229
+ - The Service Broker MAY include this value in log messages generated as a result of the request.
230
+ - The Service Broker SHOULD include this header in the response to the request.
231
+ The format of the header MUST be:
232
+
233
+ ```
234
+ X-Broker-API-Request-Identity: value
235
+ ```
236
+
237
+ `value` MUST be a non-empty string indicating the identity of the
238
+ request being sent. The specific value MAY be unique for each request
239
+ sent to the broker. Using a GUID is RECOMMENDED.
240
+
241
+ ## Vendor Extension Fields
242
+
243
+ Senders of messages defined by this specification MAY include additional
244
+ fields within the JSON objects. When adding new fields, unique prefixes
245
+ SHOULD be used for the field names to reduce the chances of conflicts with
246
+ future specification defined fields or other extensions.
247
+
248
+ Receivers of messages defined by this specification that contain unknown
249
+ extension fields MUST ignore those fields and MUST NOT halt processing
250
+ of those messages due to the presence of those fields. Receivers are under
251
+ no obligation to understand or process unknown extension fields.
252
+
253
+ ## Platform to Service Broker Authentication
254
+
255
+ While the communication between a Platform and Service Broker MAY be unsecure,
256
+ it is RECOMMENDED that all communications between a Platform and a Service
257
+ Broker are secured via TLS and authenticated. If communications are secured
258
+ via TLS, the Platform and Service Broker SHOULD agree whether the Service
259
+ Broker will use a root-signed certificate or a self-signed certificate.
260
+
261
+ Unless there is some out of band communication and agreement between a
262
+ Platform and a Service Broker, the Platform MUST authenticate with the
263
+ Service Broker using HTTP basic authentication (the `Authorization:` header)
264
+ on every request. This specification does not specify how Platform and Service
265
+ Brokers agree on other methods of authentication.
266
+
267
+ Platforms and Service Brokers MAY agree on an authentication mechanism other
268
+ than basic authentication, but the specific agreements are not covered by this
269
+ specification. Please see the
270
+ [Platform Features authentication mechanisms wiki document](https://github.com/openservicebrokerapi/servicebroker/wiki/Platform-Features)
271
+ for details on these mechanisms.
272
+
273
+ If authentication is used, the Service Broker MUST authenticate the request
274
+ using the predetermined authentication mechanism, and MUST return a `401 Unauthorized`
275
+ response if the authentication fails.
276
+
277
+ Note: Using an authentication mechanism that is agreed to via out of band
278
+ communications could lead to interoperability issues with other Platforms.
279
+
280
+ ## URL Properties
281
+
282
+ This specification defines the following properties that might appear within
283
+ URLs:
284
+ - `service_id`
285
+ - `plan_id`
286
+ - `instance_id`
287
+ - `binding_id`
288
+ - `operation`
289
+
290
+ While this specification places no restriction on the set of characters used
291
+ within these strings, it is RECOMMENDED that these properties only contain
292
+ characters from the "Unreserved Characters" as defined by
293
+ [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.3). In other words:
294
+ uppercase and lowercase letters, decimal digits, hyphen, period, underscore
295
+ and tilde.
296
+
297
+ If a character outside of the "Unreserved Characters" set is used, then it
298
+ SHOULD be percent-encoded prior to being used as part of the HTTP request, per
299
+ [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.1).
300
+
301
+ ## Service Broker Errors
302
+
303
+ When a request to a Service Broker fails, the Service Broker MUST return an
304
+ appropriate HTTP response code. Where the specification defines the expected
305
+ response code, that response code MUST be used.
306
+
307
+ For error responses, the following fields are defined:
308
+
309
+ | Response Field | Type | Description |
310
+ | --- | --- | --- |
311
+ | error | string | A single word in camel case that uniquely identifies the error condition. If present, MUST be a non-empty string. |
312
+ | description | string | A user-facing error message explaining why the request failed. If present, MUST be a non-empty string. |
313
+ | instance_usable | boolean | If an update or deprovisioning operation failed, this flag indicates whether or not the Service Instance is still usable. If `true`, the Service Instance can still be used, `false` otherwise. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
314
+ | update_repeatable | boolean | If an update operation failed, this flag indicates whether this update can be repeated or not. If `true`, the same update operation MAY be repeated and MAY succeed; if `false`, repeating the same update operation will fail again. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
315
+
316
+ ### Error Codes
317
+
318
+ There are failure scenarios described throughout this specification for which
319
+ the `error` field MUST contain a specific string. Service Broker authors MUST
320
+ use these error codes for the specified failure scenarios.
321
+
322
+ | Error | Reason | Expected Action |
323
+ | --- | --- | --- |
324
+ | AsyncRequired | This request requires client support for asynchronous service operations. | The query parameter `accepts_incomplete=true` MUST be included the request. |
325
+ | ConcurrencyError | The Service Broker does not support concurrent requests that mutate the same resource. | Clients MUST wait until pending requests have completed for the specified resources. |
326
+ | RequiresApp | The request body is missing the `app_guid` field. | The `app_guid` MUST be included in the request body. |
327
+ | MaintenanceInfoConflict | The `maintenance_info.version` field provided in the request does not match the `maintenance_info.version` field provided in the Service Broker's [Catalog](#catalog-management). | The Platform SHOULD fetch the latest version of the Service Broker's [Catalog](#catalog-management). |
328
+
329
+ Unless otherwise specified, an HTTP status code in the 4xx range MUST result in
330
+ the Service Broker's resources being semantically unchanged as a result of
331
+ the incoming request message. Additionally, an HTTP status code in the 5xx
332
+ range SHOULD result in the Service Broker's resources being semantically
333
+ unchanged as a result of the incoming request message. Note, the 5xx error
334
+ case is a "SHOULD" instead of a "MUST" because it might not be possible for
335
+ a Service Broker to guarantee that it can revert all possible effects of a
336
+ failed attempt at the requested operation.
337
+
338
+ ## Content Type
339
+
340
+ All requests and responses defined in this specification with accompanying
341
+ bodies SHOULD contain a `Content-Type` header set to `application/json`.
342
+ If the `Content-Type` is not set, Service Brokers and Platforms MAY still
343
+ attempt to process the body. If a Service Broker rejects a request due
344
+ to a mismatched `Content-Type` or the body is unprocessable it SHOULD
345
+ respond with `400 Bad Request`.
346
+
347
+ ## Catalog Management
348
+
349
+ The first endpoint that a Platform will interact with on the Service Broker is
350
+ the service catalog (`/v2/catalog`). This endpoint returns a list of all
351
+ services available on the Service Broker. Platforms query this endpoint from
352
+ all Service Brokers in order to present an aggregated user-facing catalog.
353
+
354
+ Periodically, a Platform MAY re-query the service catalog endpoint for a
355
+ Service Broker to see if there are any changes to the list of services.
356
+ Service Brokers MAY add, remove or modify (metadata, Service Plans, etc.) the list of
357
+ services from previous queries.
358
+
359
+ When determining what, if anything, has changed on a Service Broker, the
360
+ Platform MUST use the `id` of the resources (Service Offerings or Service Plans) as the only
361
+ immutable property and MUST use that to locate the same resource as was
362
+ returned from a previous query. Likewise, a Service Broker MUST NOT change the
363
+ `id` of a resource across queries, otherwise a Platform will treat it as a
364
+ different resource.
365
+
366
+ When a Platform receives different `id` values for the same type of resource,
367
+ even if all of the other metadata in those resources are the exact same, it
368
+ MUST treat them as separate instances of that resource.
369
+
370
+ Service Broker authors are expected to be cautious when removing Service Offerings and
371
+ Service Plans from their catalogs, as Platforms might have provisioned Service
372
+ Instances of these Service Plans. For example, Platforms might restrict the actions
373
+ that users can perform on existing Service Instances if the associated Service Offering
374
+ or Service Plan is deleted. Consider your deprecation strategy.
375
+
376
+ Platforms MAY have limits on the length of strings that they can handle or
377
+ display to end users, such as the description of a Service Offering or Service Plan. It
378
+ is RECOMMENDED that strings do not exceed 255 characters to increase the
379
+ likelihood of having compatibility with any Platform.
380
+
381
+ Service Brokers and Platforms MAY support the
382
+ [`ETag`](https://tools.ietf.org/html/rfc7232#section-2.3) and
383
+ [`If-Modified-Since`](https://tools.ietf.org/html/rfc7232#section-3.3)
384
+ HTTP headers to enable caching of the catalog.
385
+ (See [RFC 7232](https://tools.ietf.org/html/rfc7232) for details.)
386
+
387
+ The following sections describe catalog requests and responses in the Service
388
+ Broker API.
389
+
390
+ ### Request
391
+
392
+ #### Route
393
+ `GET /v2/catalog`
394
+
395
+ #### cURL
396
+ ```
397
+ $ curl http://username:password@service-broker-url/v2/catalog -H "X-Broker-API-Version: 2.17"
398
+ ```
399
+
400
+ ### Response
401
+
402
+ | Status Code | Description |
403
+ | --- | --- |
404
+ | 200 OK | MUST be returned upon successful processing of this request. The expected response body is below. |
405
+
406
+ #### Body
407
+
408
+ CLI clients will typically have restrictions on how names, such as Service Offering
409
+ and Service Plan names, will be provided by users. Therefore, this specification
410
+ defines a "CLI-friendly" string as a short string that MUST only use
411
+ alphanumeric characters, periods, and hyphens, with no spaces. This will make it
412
+ easier for users when they have to type it as an argument on the command line.
413
+ For comparison purposes, Service Offering and Service Plan names MUST be treated as
414
+ case-sensitive strings.
415
+
416
+ Note: In previous versions of the specification Service Offering and Service Plan names
417
+ were not allowed to use uppercase characters. However, this requirement was
418
+ not enforced and therefore to ensure backwards compatibility with existing
419
+ Service Brokers that might use uppercase characters the specification
420
+ has been changed.
421
+
422
+ For backwards compatibility reasons, this specification does not preclude
423
+ the use of CLI-unfriendly strings that might cause problems for command line
424
+ parsers (or that are not very meaningful to users), such as `-`.
425
+ It is therefore RECOMMENDED that implementations avoid such strings.
426
+
427
+ | Response Field | Type | Description |
428
+ | --- | --- | --- |
429
+ | services* | array of [Service Offering](#service-offering-object) objects | Schema of service objects defined below. MAY be empty. |
430
+
431
+ \* Fields with an asterisk are REQUIRED.
432
+
433
+ ##### Service Offering Object
434
+
435
+ | Response Field | Type | Description |
436
+ | --- | --- | --- |
437
+ | name* | string | The name of the Service Offering. MUST be unique across all Service Offering objects returned in this response. MUST be a non-empty string. Using a CLI-friendly name is RECOMMENDED. |
438
+ | id* | string | An identifier used to correlate this Service Offering in future requests to the Service Broker. This MUST be globally unique such that Platforms (and their users) MUST be able to assume that seeing the same value (no matter what Service Broker uses it) will always refer to this Service Offering. MUST be a non-empty string. Using a GUID is RECOMMENDED. |
439
+ | description* | string | A short description of the service. MUST be a non-empty string. |
440
+ | tags | array of strings | Tags provide a flexible mechanism to expose a classification, attribute, or base technology of a service, enabling equivalent services to be swapped out without changes to dependent logic in applications, buildpacks, or other services. E.g. mysql, relational, redis, key-value, caching, messaging, amqp. |
441
+ | requires | array of strings | A list of permissions that the user would have to give the service, if they provision it. The only permissions currently supported are `syslog_drain`, `route_forwarding` and `volume_mount`. |
442
+ | bindable* | boolean | Specifies whether Service Instances of the service can be bound to applications. This specifies the default for all Service Plans of this Service Offering. Service Plans can override this field (see [Service Plan Object](#service-plan-object)). |
443
+ | instances_retrievable | boolean | Specifies whether the [Fetching a Service Instance](#fetching-a-service-instance) endpoint is supported for all Service Plans. |
444
+ | bindings_retrievable | boolean | Specifies whether the [Fetching a Service Binding](#fetching-a-service-binding) endpoint is supported for all Service Plans. |
445
+ | allow_context_updates | boolean | Specifies whether a Service Instance supports [Update](#updating-a-service-instance) requests when contextual data for the Service Instance in the Platform changes. |
446
+ | metadata | object | An opaque object of metadata for a Service Offering. It is expected that Platforms will treat this as a blob. Note that there are [conventions](profile.md#service-metadata) in existing Service Brokers and Platforms for fields that aid in the display of catalog data. |
447
+ | dashboard_client | [DashboardClient](profile.md#dashboard-client-object) | A Cloud Foundry extension described in [Catalog Extensions](profile.md#catalog-extensions). Contains the data necessary to activate the Dashboard SSO feature for this service. |
448
+ | plan_updateable | boolean | Whether the Service Offering supports upgrade/downgrade for Service Plans by default. Service Plans can override this field (see [Service Plan](#service-plan-object)). Please note that the misspelling of the attribute `plan_updatable` as `plan_updateable` was done by mistake. We have opted to keep that misspelling instead of fixing it and thus breaking backward compatibility. Defaults to false. |
449
+ | plans* | array of [Service Plan](#service-plan-object) objects | A list of Service Plans for this Service Offering, schema is defined below. MUST contain at least one Service Plan. |
450
+
451
+ \* Fields with an asterisk are REQUIRED.
452
+
453
+ Note: Platforms will typically use the Service Offering name as an input parameter
454
+ from their users to indicate which Service Offering they want to instantiate. Therefore,
455
+ it is important that these values be unique for all Service Offerings that have been
456
+ registered with a Platform. To achieve this goal service providers often will
457
+ prefix their Service Offering names with some unique value (such as the name of their
458
+ company). Additionally, some Platforms might modify the Service Offering names before
459
+ presenting them to their users. This specification places no requirements on
460
+ how Platforms might expose these values to their users.
461
+
462
+ ##### Service Plan Object
463
+
464
+ | Response Field | Type | Description |
465
+ | --- | --- | --- |
466
+ | id* | string | An identifier used to correlate this Service Plan in future requests to the Service Broker. This MUST be globally unique such that Platforms (and their users) MUST be able to assume that seeing the same value (no matter what Service Broker uses it) will always refer to this Service Plan and for the same Service Offering. MUST be a non-empty string. Using a GUID is RECOMMENDED. |
467
+ | name* | string | The name of the Service Plan. MUST be unique within the Service Offering. MUST be a non-empty string. Using a CLI-friendly name is RECOMMENDED. |
468
+ | description* | string | A short description of the Service Plan. MUST be a non-empty string. |
469
+ | metadata | object | An opaque object of metadata for a Service Plan. It is expected that Platforms will treat this as a blob. Note that there are [conventions](profile.md#service-metadata) in existing Service Brokers and Platforms for fields that aid in the display of catalog data. |
470
+ | free | boolean | When false, Service Instances of this Service Plan have a cost. The default is true. |
471
+ | bindable | boolean | Specifies whether Service Instances of the Service Plan can be bound to applications. This field is OPTIONAL. If specified, this takes precedence over the `bindable` attribute of the Service Offering. If not specified, the default is derived from the Service Offering. |
472
+ | binding_rotatable | boolean | Whether a Service Binding of that Plan supports [Service Binding rotation](#binding-rotation). The default is false. |
473
+ | plan_updateable | boolean | Whether the Plan supports upgrade/downgrade/sidegrade to another version. This field is OPTIONAL. If specificed, this takes precedence over the Service Offering's `plan_updateable` field. If not specified, the default is derived from the Service Offering. Please note that the attribute is intentionally misspelled as `plan_updateable` for legacy reasons. |
474
+ | schemas | [Schemas](#schemas-object) | Schema definitions for Service Instances and Service Bindings for the Service Plan. |
475
+ | maximum_polling_duration | integer | A duration, in seconds, that the Platform SHOULD use as the Service's [maximum polling duration](#polling-interval-and-duration). |
476
+ | maintenance_info | [Maintenance Info](#maintenance-info-object) | Maintenance information for a Service Instance which is provisioned using the Service Plan. If provided, a version string MUST be provided and platforms MAY use this when [Provisioning](#provisioning) or [Updating](#updating-a-service-instance) a Service Instance. |
477
+
478
+ \* Fields with an asterisk are REQUIRED.
479
+
480
+ ##### Schemas Object
481
+
482
+ | Response Field | Type | Description |
483
+ | --- | --- | --- |
484
+ | service_instance | [ServiceInstanceSchema](#service-instance-schema-object) | The schema definitions for creating and updating a Service Instance. |
485
+ | service_binding | [ServiceBindingSchema](#service-binding-schema-object) | The schema definition for creating a Service Binding. Used only if the Service Plan is bindable. |
486
+
487
+ ##### Service Instance Schema Object
488
+
489
+ | Response Field | Type | Description |
490
+ | --- | --- | --- |
491
+ | create | [InputParametersSchema](#input-parameters-schema-object) | The schema definition for creating a Service Instance. |
492
+ | update | [InputParametersSchema](#input-parameters-schema-object) | The schema definition for updating a Service Instance. |
493
+
494
+ ##### Service Binding Schema Object
495
+
496
+ | Response Field | Type | Description |
497
+ | --- | --- | --- |
498
+ | create | [InputParametersSchema](#input-parameters-schema-object) | The schema definition for creating a Service Binding. |
499
+
500
+ ##### Input Parameters Schema Object
501
+
502
+ | Response Field | Type | Description |
503
+ | --- | --- | --- |
504
+ | parameters | JSON schema object | The schema definition for the input parameters. Each input parameter is expressed as a property within a JSON object. |
505
+
506
+ The following rules apply if `parameters` is included anywhere in the catalog:
507
+ * Platforms MUST support at least
508
+ [JSON Schema draft v4](http://json-schema.org/).
509
+ * Platforms SHOULD be prepared to support later versions of JSON schema.
510
+ * The `$schema` key MUST be present in the schema declaring the version of JSON
511
+ schema being used.
512
+ * Schemas MUST NOT contain any external references.
513
+ * Schemas MUST NOT be larger than 64kB.
514
+
515
+ ##### Maintenance Info Object
516
+
517
+ | Response Field | Type | Description |
518
+ | --- | --- | --- |
519
+ | version* | string | This MUST be a string conforming to a [semantic version 2.0](https://semver.org/spec/v2.0.0.html). The Platform MAY use this field to determine whether a maintenance update is available for a Service Instance. |
520
+ | description | string | This SHOULD be a string describing the impact of the maintenance update, for example, important version changes, configuration changes, default value changes, etc. The Platform MAY present this information to the user before they trigger the maintenance update. |
521
+
522
+ \* Fields with an asterisk are REQUIRED.
523
+
524
+ ```
525
+ {
526
+ "services": [{
527
+ "name": "fake-service",
528
+ "id": "acb56d7c-XXXX-XXXX-XXXX-feb140a59a66",
529
+ "description": "A fake service.",
530
+ "tags": ["no-sql", "relational"],
531
+ "requires": ["route_forwarding"],
532
+ "bindable": true,
533
+ "instances_retrievable": true,
534
+ "bindings_retrievable": true,
535
+ "allow_context_updates": true,
536
+ "metadata": {
537
+ "provider": {
538
+ "name": "The name"
539
+ },
540
+ "listing": {
541
+ "imageUrl": "http://example.com/cat.gif",
542
+ "blurb": "Add a blurb here",
543
+ "longDescription": "A long time ago, in a galaxy far far away..."
544
+ },
545
+ "displayName": "The Fake Service Broker"
546
+ },
547
+ "plan_updateable": true,
548
+ "plans": [{
549
+ "name": "fake-plan-1",
550
+ "id": "d3031751-XXXX-XXXX-XXXX-a42377d3320e",
551
+ "description": "Shared fake Server, 5tb persistent disk, 40 max concurrent connections.",
552
+ "free": false,
553
+ "metadata": {
554
+ "max_storage_tb": 5,
555
+ "costs":[
556
+ {
557
+ "amount":{
558
+ "usd":99.0
559
+ },
560
+ "unit":"MONTHLY"
561
+ },
562
+ {
563
+ "amount":{
564
+ "usd":0.99
565
+ },
566
+ "unit":"1GB of messages over 20GB"
567
+ }
568
+ ],
569
+ "bullets": [
570
+ "Shared fake server",
571
+ "5 TB storage",
572
+ "40 concurrent connections"
573
+ ]
574
+ },
575
+ "schemas": {
576
+ "service_instance": {
577
+ "create": {
578
+ "parameters": {
579
+ "$schema": "http://json-schema.org/draft-04/schema#",
580
+ "type": "object",
581
+ "properties": {
582
+ "billing-account": {
583
+ "description": "Billing account number used to charge use of shared fake server.",
584
+ "type": "string"
585
+ }
586
+ }
587
+ }
588
+ },
589
+ "update": {
590
+ "parameters": {
591
+ "$schema": "http://json-schema.org/draft-04/schema#",
592
+ "type": "object",
593
+ "properties": {
594
+ "billing-account": {
595
+ "description": "Billing account number used to charge use of shared fake server.",
596
+ "type": "string"
597
+ }
598
+ }
599
+ }
600
+ }
601
+ },
602
+ "service_binding": {
603
+ "create": {
604
+ "parameters": {
605
+ "$schema": "http://json-schema.org/draft-04/schema#",
606
+ "type": "object",
607
+ "properties": {
608
+ "billing-account": {
609
+ "description": "Billing account number used to charge use of shared fake server.",
610
+ "type": "string"
611
+ }
612
+ }
613
+ }
614
+ }
615
+ }
616
+ },
617
+ "maintenance_info": {
618
+ "version": "2.1.1+abcdef",
619
+ "description": "OS image update.\nExpect downtime."
620
+ }
621
+ }, {
622
+ "name": "fake-plan-2",
623
+ "id": "0f4008b5-XXXX-XXXX-XXXX-dace631cd648",
624
+ "description": "Shared fake Server, 5tb persistent disk, 40 max concurrent connections. 100 async.",
625
+ "free": false,
626
+ "metadata": {
627
+ "max_storage_tb": 5,
628
+ "costs":[
629
+ {
630
+ "amount":{
631
+ "usd":199.0
632
+ },
633
+ "unit":"MONTHLY"
634
+ },
635
+ {
636
+ "amount":{
637
+ "usd":0.99
638
+ },
639
+ "unit":"1GB of messages over 20GB"
640
+ }
641
+ ],
642
+ "bullets": [
643
+ "40 concurrent connections"
644
+ ]
645
+ }
646
+ }]
647
+ }]
648
+ }
649
+ ```
650
+
651
+ ## Synchronous and Asynchronous Operations
652
+
653
+ Platforms expect prompt responses to all API requests in order to provide
654
+ users with fast feedback. Service Broker authors SHOULD implement their
655
+ Service Brokers to respond promptly to all requests but will need to decide
656
+ whether to implement synchronous or asynchronous responses. Service Brokers
657
+ that can guarantee completion of the requested operation with the response
658
+ SHOULD return the synchronous response. Service Brokers that cannot guarantee
659
+ completion of the operation with the response SHOULD implement the
660
+ asynchronous response.
661
+
662
+ Providing a synchronous response for a provision, update, or bind operation
663
+ before actual completion causes confusion for users as their service might not
664
+ be usable and they have no way to find out when it will be. Asynchronous
665
+ responses set expectations for users that an operation is in progress and can
666
+ also provide updates on the status of the operation.
667
+
668
+ Support for synchronous or asynchronous responses MAY vary by Service
669
+ Offering, even by Service Plan.
670
+
671
+ ### Synchronous Operations
672
+
673
+ To execute a request synchronously, the Service Broker need only return the
674
+ usual status codes: `201 Created` for provision and bind, and `200 OK` for
675
+ update, unbind, and deprovision. `200 OK` MAY be returned synchronously by
676
+ Service Brokers that accept provisioning requests with unchanged parameters
677
+ and synchronous operations.
678
+
679
+ Platforms that rely on eventual consistency are RECOMMENDED to use `409 Conflict`
680
+ as a no-op response and SHOULD use the `last_operation` endpoint to verify the status of
681
+ the provisioning request instead in asynchronous mode.
682
+
683
+ Service Brokers that support synchronous responses for provision, update, and
684
+ delete can ignore the `accepts_incomplete=true` query parameter if it is
685
+ provided by the client.
686
+
687
+ ### Asynchronous Operations
688
+
689
+ For a Service Broker to return an asynchronous response, the query parameter
690
+ `accepts_incomplete=true` MUST be included the request. If the parameter is not
691
+ included or is set to `false`, and the Service Broker cannot fulfil the request
692
+ synchronously (guaranteeing that the operation is complete on response), then
693
+ the Service Broker MUST reject the request with the status code `422
694
+ Unprocessable Entity` and a response body containing error code
695
+ `"AsyncRequired"` (see [Service Broker Errors](#service-broker-errors)). The
696
+ error response MAY include a helpful error message in the `description` field
697
+ such as `"This Service Plan requires client support for asynchronous service
698
+ operations."`.
699
+
700
+ If the query parameter described above is present, and the Service Broker
701
+ executes the request asynchronously, the Service Broker MUST return the
702
+ asynchronous response `202 Accepted`.
703
+
704
+ An asynchronous response triggers the Platform to poll the Service Instance
705
+ or Service Binding's `last_operation` endpoint until the Service Broker
706
+ indicates that the requested operation has succeeded or failed. Service Brokers
707
+ MAY include a status message with each response for the `last_operation`
708
+ endpoint that provides visibility to end users as to the progress of the
709
+ operation.
710
+
711
+ ## Blocking Operations
712
+
713
+ Service Brokers MAY choose the degree to which they support concurrent
714
+ requests, ranging from not supporting them at all to only supporting them
715
+ in selective situations. If a Service Broker receives a request that it is
716
+ not able to process due a concurrency issue then the Service Broker MUST
717
+ reject the request with a HTTP `422 Unprocessable Entity` and a response body
718
+ containing error code `"ConcurrencyError"` (see
719
+ [Service Broker Errors](#service-broker-errors)). The error response MAY include
720
+ a helpful error message in the `description` field such as `"Another operation
721
+ for this Service Instance is in progress."`.
722
+
723
+ Upon receiving this error response, Platforms MUST NOT perform
724
+ [Orphan Mitigation](#orphan-mitigation).
725
+
726
+ Brokers MAY choose to treat the creation of a Service Binding as a mutation of
727
+ the corresponding Service Instance - it is an implementation choice. Doing so
728
+ would cause Platforms to serialize multiple Service Binding creation requests
729
+ when they are directed at the same Service Instance if concurrent updates are
730
+ not supported.
731
+
732
+ ## Polling Last Operation for Service Instances
733
+
734
+ When a Service Broker returns status code `202 Accepted` for
735
+ [Provision](#provisioning), [Update](#updating-a-service-instance), or
736
+ [Deprovision](#deprovisioning), the Platform will begin polling the
737
+ `/v2/service_instances/:instance_id/last_operation` endpoint to obtain the
738
+ state of the last requested operation.
739
+
740
+ Returning `"state": "succeeded"` or `"state": "failed"` will cause the Platform
741
+ to cease polling.
742
+
743
+ ### Request
744
+
745
+ #### Route
746
+ `GET /v2/service_instances/:instance_id/last_operation`
747
+
748
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
749
+
750
+ #### Parameters
751
+
752
+ | Query-String Field | Type | Description |
753
+ | --- | --- | --- |
754
+ | service_id | string | If present, it MUST be the ID of the Service Offering being used. |
755
+ | plan_id | string | If present, it MUST be the ID of the Service Plan for the Service Instance. If this endpoint is being polled as a result of changing the Service Plan through a [Service Instance Update](#updating-a-service-instance), the ID of the Service Plan prior to the update MUST be used. |
756
+ | operation | string | A Service Broker-provided identifier for the operation. When a value for `operation` is included with asynchronous responses for [Provision](#provisioning), [Update](#updating-a-service-instance), and [Deprovision](#deprovisioning) requests, the Platform MUST provide the same value using this query parameter as a percent-encoded string. If present, MUST be a non-empty string. |
757
+
758
+ Note: Although the request query parameters `service_id` and `plan_id` are not
759
+ mandatory, the Platform SHOULD include them on all `last_operation` requests
760
+ it makes to Service Brokers.
761
+
762
+ #### cURL
763
+ ```
764
+ $ curl http://username:password@service-broker-url/v2/service_instances/:instance_id/last_operation -H "X-Broker-API-Version: 2.17"
765
+ ```
766
+
767
+ ### Response
768
+
769
+ | Status Code | Description |
770
+ | --- | --- |
771
+ | 200 OK | MUST be returned upon successful processing of this request. The expected response body is below. |
772
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
773
+ | 404 Not Found | MUST be returned if the Service Instance being polled does not exist. |
774
+ | 410 Gone | Appropriate only for asynchronous delete operations. The Platform MUST consider this response a success and forget about the resource. Returning this while the Platform is polling for create or update operations SHOULD be interpreted as an invalid response and the Platform SHOULD continue polling. |
775
+
776
+ Responses with any other status code SHOULD be interpreted as an error or
777
+ invalid response. The Platform SHOULD continue polling until the Service Broker
778
+ returns a valid response or the
779
+ [maximum polling duration](#polling-interval-and-duration) is reached.
780
+
781
+ #### Body
782
+
783
+ For success responses, the following fields are defined:
784
+
785
+ | Response Field | Type | Description |
786
+ | --- | --- | --- |
787
+ | state* | string | Valid values are `in progress`, `succeeded`, and `failed`. While `"state": "in progress"`, the Platform SHOULD continue polling. A response with `"state": "succeeded"` or `"state": "failed"` MUST cause the Platform to cease polling. |
788
+ | description | string | A user-facing message that can be used to tell the user details about the status of the operation. If present, MUST be a non-empty string. |
789
+ | instance_usable | boolean | If an update or deprovisioning operation failed, this flag indicates whether or not the Service Instance is still usable. If `true`, the Service Instance can still be used, `false` otherwise. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
790
+ | update_repeatable | boolean | If an update operation failed, this flag indicates whether this update can be repeated or not. If `true`, the same update operation MAY be repeated and MAY succeed; if `false`, repeating the same update operation will fail again. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
791
+
792
+ The response MAY also include the `Retry-After` HTTP header. This header will
793
+ indicate how long the Platform SHOULD wait before polling again and is
794
+ intended to prevent unnecessary, and premature, calls to the `last_operation`
795
+ endpoint. It is RECOMMENDED that the header include a duration rather than a
796
+ timestamp.
797
+
798
+ \* Fields with an asterisk are REQUIRED.
799
+
800
+ ```
801
+ {
802
+ "state": "in progress",
803
+ "description": "Creating service (10% complete)."
804
+ }
805
+ ```
806
+
807
+ For asynchronous provision operations, if the response contains
808
+ `"state": "failed"` then the Platform might need to perform
809
+ [Orphan Mitigation](#orphan-mitigation).
810
+
811
+ Service Brokers SHOULD NOT forget the state of an operation immediately after
812
+ returning a `"succeeded"` or `"failed"` state in case the Platform needs to ask
813
+ again.
814
+
815
+ ## Polling Last Operation for Service Bindings
816
+
817
+ When a broker returns status code `202 Accepted` for [Binding](#binding) or
818
+ [Unbinding](#unbinding), the Platform will begin polling the
819
+ `/v2/service_instances/:instance_id/service_bindings/:binding_id/last_operation`
820
+ endpoint to obtain the state of the last requested operation.
821
+
822
+ Returning `"state": "succeeded"` or `"state": "failed"` will cause the Platform
823
+ to cease polling and, in the case of a [Binding](#binding) request, information
824
+ regarding the Service Binding can then immediately be fetched using the
825
+ [Fetching a Service Binding](#fetching-a-service-binding) endpoint.
826
+
827
+ ### Request
828
+
829
+ #### Route
830
+ `GET /v2/service_instances/:instance_id/service_bindings/:binding_id/last_operation`
831
+
832
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
833
+
834
+ `:binding_id` MUST be the ID of a previously provisioned Service Binding for that
835
+ instance.
836
+
837
+ #### Parameters
838
+
839
+ The request provides these query string parameters as useful hints for brokers.
840
+
841
+ | Query-String Field | Type | Description |
842
+ | --- | --- | --- |
843
+ | service_id | string | ID of the Service Offering from the catalog. If present, MUST be a non-empty string. |
844
+ | plan_id | string | ID of the Service Plan from the catalog. If present, MUST be a non-empty string. |
845
+ | operation | string | A broker-provided identifier for the operation. When a value for `operation` is included with asynchronous responses for [Binding](#binding) and [Unbinding](#unbinding) requests, the Platform MUST provide the same value using this query parameter as a URL-encoded string. If brokers do not return this `operation` field, only one asynchronous operation MAY be supported at a time. If present, MUST be a non-empty string. |
846
+
847
+ Note: Although the request query parameters `service_id` and `plan_id` are not
848
+ mandatory, the Platform SHOULD include them on all `last_operation` requests it
849
+ makes to Service Brokers.
850
+
851
+ #### cURL
852
+ ```
853
+ $ curl http://username:password@broker-url/v2/service_instances/:instance_id/service_bindings/:binding_id/last_operation
854
+ ```
855
+
856
+ ### Response
857
+
858
+ | Status Code | Description |
859
+ | --- | --- |
860
+ | 200 OK | MUST be returned upon successful processing of this request. The expected response body is below. |
861
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
862
+ | 404 Not Found | MUST be returned if the Service Binding being polled does not exist. |
863
+ | 410 Gone | Appropriate only for asynchronous delete operations. The Platform MUST consider this response a success and remove the resource from its database. Returning this while the Platform is polling for create operations SHOULD be interpreted as an invalid response and the Platform SHOULD continue polling. |
864
+
865
+ Responses with any other status code SHOULD be interpreted as an error or
866
+ invalid response. The Platform SHOULD continue polling until the broker returns
867
+ a valid response or the
868
+ [maximum polling duration](#polling-interval-and-duration) is reached.
869
+
870
+ #### Body
871
+
872
+ For success responses, the following fields are defined:
873
+
874
+ | Response field | Type | Description |
875
+ | --- | --- | --- |
876
+ | state* | string | Valid values are `in progress`, `succeeded`, and `failed`. While `"state": "in progress"`, the Platform SHOULD continue polling. A response with `"state": "succeeded"` or `"state": "failed"` MUST cause the Platform to cease polling. |
877
+ | description | string | A user-facing message that can be used to tell the user details about the status of the operation. |
878
+
879
+ The response MAY also include the `Retry-After` HTTP header. This header will
880
+ indicate how long the Platform SHOULD wait before polling again and is
881
+ intended to prevent unnecessary, and premature, calls to the `last_operation`
882
+ endpoint. It is RECOMMENDED that the header include a duration rather than a
883
+ timestamp.
884
+
885
+ \* Fields with an asterisk are REQUIRED.
886
+
887
+ ```
888
+ {
889
+ "state": "in progress",
890
+ "description": "Creating binding (10% complete)."
891
+ }
892
+ ```
893
+
894
+ If the response contains `"state": "failed"`, then the Platform might need to
895
+ perform [Orphan Mitigation](#orphan-mitigation).
896
+
897
+ Service Brokers SHOULD NOT forget the state of an operation immediately after
898
+ returning a `"succeeded"` or `"failed"` state in case the Platform needs to ask
899
+ again.
900
+
901
+ ## Polling Interval and Duration
902
+
903
+ The frequency and maximum duration of polling MAY vary by Platform.
904
+ Additionally, Service Brokers can specify the maximum time a Platform SHOULD
905
+ poll via the `maximum_polling_duration` field returned by the
906
+ [Service Plan Object](#service-plan-object). If either the Platform or Service
907
+ Plan's maximum polling duration is reached, the Platform SHOULD cease polling
908
+ and the operation state MUST be considered `failed`.
909
+
910
+ ## Provisioning
911
+
912
+ When the Service Broker receives a provision request from the Platform, it
913
+ MUST take whatever action is necessary to create a new resource. What
914
+ provisioning represents varies by Service Offering and Service Plan, although there are several
915
+ common use cases. For a MySQL service, provisioning could result in an empty
916
+ dedicated database server running on its own VM or an empty schema on a shared
917
+ database server. For non-data services, provisioning could just mean an
918
+ account on an multi-tenant SaaS application.
919
+
920
+ ### Request
921
+
922
+ #### Route
923
+ `PUT /v2/service_instances/:instance_id`
924
+
925
+ `:instance_id` MUST be a globally unique non-empty string.
926
+ This ID will be used for future requests (bind and deprovision), so the
927
+ Service Broker will use it to correlate the resource it creates.
928
+
929
+ Platforms SHOULD NOT reuse IDs, since Service Brokers MAY NOT support this.
930
+
931
+ #### Parameters
932
+ | Parameter Name | Type | Description |
933
+ | --- | --- | --- |
934
+ | accepts_incomplete | boolean | A value of true indicates that the Platform and its clients support asynchronous Service Broker operations. If this parameter is not included in the request, and the Service Broker can only provision a Service Instance of the requested Service Plan asynchronously, the Service Broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
935
+
936
+ #### Body
937
+ | Request Field | Type | Description |
938
+ | --- | --- | --- |
939
+ | service_id* | string | MUST be the ID of a Service Offering from the catalog for this Service Broker. |
940
+ | plan_id* | string | MUST be the ID of a Service Plan from the Service Offering that has been requested. |
941
+ | context | object | Contextual data for the Service Instance. `context` will replace `organization_guid` and `space_guid` in future versions of the specification - in the interim both SHOULD be used to ensure interoperability with old and new implementations. |
942
+ | organization_guid* | string | Deprecated in favor of `context`. The Platform GUID for the organization under which the Service Instance is to be provisioned. Although most Service Brokers will not use this field, it might be helpful for executing operations on a user's behalf. MUST be a non-empty string. |
943
+ | space_guid* | string | Deprecated in favor of `context`. The identifier for the project space within the Platform organization. Although most Service Brokers will not use this field, it might be helpful for executing operations on a user's behalf. MUST be a non-empty string. |
944
+ | parameters | object | Configuration parameters for the Service Instance. Service Brokers SHOULD ensure that the client has provided valid configuration parameters and values for the operation. |
945
+ | maintenance_info | [Maintenance Info](#maintenance-info-object) | If a Service Broker provides maintenance information for a Service Plan in its [Catalog](#catalog-management), a Platform MAY provide the same maintenance information when provisioning a Service Instance. Any field except for `maintenance_info.version` will be ignored. This field can be used to ensure that the end-user of a Platform is provisioning what they are expecting since maintenance information can be used to describe important information (such as the version of the operating system the Service Instance will run on). If a Service Broker's catalog has changed and new maintenance information version is available for the Service Plan being provisioned, then the Service Broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
946
+
947
+ \* Fields with an asterisk are REQUIRED.
948
+
949
+ ```
950
+ {
951
+ "service_id": "service-offering-id-here",
952
+ "plan_id": "service-plan-id-here",
953
+ "context": {
954
+ "platform": "cloudfoundry",
955
+ "some_field": "some-contextual-data"
956
+ },
957
+ "organization_guid": "org-guid-here",
958
+ "space_guid": "space-guid-here",
959
+ "parameters": {
960
+ "parameter1": 1,
961
+ "parameter2": "foo"
962
+ },
963
+ "maintenance_info": {
964
+ "version": "2.1.1+abcdef",
965
+ }
966
+ }
967
+ ```
968
+
969
+ #### cURL
970
+ ```
971
+ $ curl http://username:password@service-broker-url/v2/service_instances/:instance_id?accepts_incomplete=true -d '{
972
+ "service_id": "service-offering-id-here",
973
+ "plan_id": "service-plan-id-here",
974
+ "context": {
975
+ "platform": "cloudfoundry",
976
+ "some_field": "some-contextual-data"
977
+ },
978
+ "organization_guid": "org-guid-here",
979
+ "space_guid": "space-guid-here",
980
+ "parameters": {
981
+ "parameter1": 1,
982
+ "parameter2": "foo"
983
+ }
984
+ }' -X PUT -H "X-Broker-API-Version: 2.17" -H "Content-Type: application/json"
985
+ ```
986
+
987
+ ### Response
988
+
989
+ | Status Code | Description |
990
+ | --- | --- |
991
+ | 200 OK | SHOULD be returned if the Service Instance already exists, is fully provisioned, and the requested parameters are identical to the existing Service Instance. The expected response body is below. *This response is only valid in synchronous operations*. |
992
+ | 201 Created | MUST be returned if the Service Instance was provisioned as a result of this request. The expected response body is below. |
993
+ | 202 Accepted | MUST be returned if the Service Instance provisioning is in progress. The `operation` string MUST match that returned for the original request. This triggers the Platform to poll the [Last Operation for Service Instances](#polling-last-operation-for-service-instances) endpoint for operation status. Note that a re-sent `PUT` request MUST return a `202 Accepted`, not a `200 OK`, if the Service Instance is not yet fully provisioned. |
994
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
995
+ | 409 Conflict | MUST be returned if a Service Instance with the same id already exists or is being provisioned but with different attributes. |
996
+ | 422 Unprocessable Entity | MUST be returned if the Service Broker only supports asynchronous provisioning for the requested Service Plan and the request did not include `?accepts_incomplete=true`. The response body MUST contain error code `"AsyncRequired"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"This Service Plan requires client support for asynchronous service operations."`. This MUST also be returned if the `maintenance_info.version` provided in the request does not match the `maintenance_info.version` described for the Service Plan in the Service Broker's [catalog](#catalog-management). In this case, the response body MUST contain error code `"MaintenanceInfoConflict"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"The maintenance information for the requested Service Plan has changed."`. |
997
+
998
+ Responses with any other status code MUST be interpreted as a failure and the
999
+ Platform might need to perform [Orphan Mitigation](#orphan-mitigation).
1000
+
1001
+ #### Body
1002
+
1003
+ For success responses, the following fields are defined:
1004
+
1005
+ | Response Field | Type | Description |
1006
+ | --- | --- | --- |
1007
+ | dashboard_url | string | The URL of a web-based management user interface for the Service Instance; we refer to this as a service dashboard. The URL MUST contain enough information for the dashboard to identify the resource being accessed (`9189kdfsk0vfnku` in the example below). Note: a Service Broker that wishes to return `dashboard_url` for a Service Instance MUST return it with the initial response to the provision request, even if the service is provisioned asynchronously. If present, MUST be a string or null. |
1008
+ | operation | string | For asynchronous responses, Service Brokers MAY return an identifier representing the operation. The value of this field MUST be provided by the Platform with requests to the [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances) endpoint in a percent-encoded query parameter. If present, MAY be null, and MUST NOT contain more than 10,000 characters. |
1009
+ | metadata | [ServiceInstanceMetadata](#service-instance-metadata) object | An OPTIONAL object containing metadata for the Service Instance. |
1010
+ ```
1011
+ {
1012
+ "dashboard_url": "http://example-dashboard.example.com/9189kdfsk0vfnku",
1013
+ "operation": "task_10",
1014
+ "metadata": {
1015
+ "labels": {
1016
+ "key1" : "value1",
1017
+ "key2" : "value2"
1018
+ },
1019
+ attributes: {
1020
+ "broker.generated.attr1": "value1",
1021
+ "broker.generated.attr2": "value2"
1022
+ }
1023
+ }
1024
+ }
1025
+ ```
1026
+
1027
+ ## Fetching a Service Instance
1028
+
1029
+ If `"instances_retrievable" :true` is declared for a Service Offering in the
1030
+ [Catalog](#catalog-management) endpoint, Service Brokers MUST support this
1031
+ endpoint for all Service Plans of the Service Offering and this endpoint MUST be available
1032
+ immediately after the
1033
+ [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances)
1034
+ endpoint returns `"state": "succeeded"` for a [Provisioning](#provisioning)
1035
+ operation. Otherwise, Platforms SHOULD NOT attempt to call this endpoint under
1036
+ any circumstances.
1037
+
1038
+ By polling this endpoint, Platforms MAY refresh their view of a successfully provisioned Service Instance, and discover out-of-bands changes that were applied on a Service Instance (such as parameters, dashboard url or maintenance info).
1039
+
1040
+ ### Request
1041
+
1042
+ ##### Route
1043
+ `GET /v2/service_instances/:instance_id`
1044
+
1045
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1046
+
1047
+ #### Parameters
1048
+
1049
+ The request provides these query string parameters as useful hints for brokers.
1050
+
1051
+ | Query-String Field | Type | Description |
1052
+ | --- | --- | --- |
1053
+ | service_id | string | ID of the Service Offering from the catalog. If present, MUST be a non-empty string. |
1054
+ | plan_id | string | ID of the Service Plan from the catalog. If present, MUST be a non-empty string. |
1055
+
1056
+ ##### cURL
1057
+ ```
1058
+ $ curl 'http://username:password@broker-url/v2/service_instances/:instance_id' -X GET -H "X-Broker-API-Version: 2.17"
1059
+ ```
1060
+
1061
+ ### Response
1062
+
1063
+ | Status Code | Description |
1064
+ | --- | --- |
1065
+ | 200 OK | The expected response body is below. |
1066
+ | 404 Not Found | MUST be returned if the Service Instance does not exist or if a provisioning operation is still in progress. |
1067
+ | 422 Unprocessable Entity | MUST be returned if the Service Instance is being updated and therefore cannot be fetched at this time. The response body MUST contain error code `"ConcurrencyError"` (see [Service Broker Errors](#service-broker-errors)). |
1068
+
1069
+ Responses with any other status code MUST be interpreted as a failure and the
1070
+ Platform MUST continue to remember the Service Instance.
1071
+
1072
+ ##### Body
1073
+
1074
+ For success responses, the following fields are defined:
1075
+
1076
+ | Response field | Type | Description |
1077
+ | --- | --- | --- |
1078
+ | service_id | string | The ID of the Service Offering from the catalog that is associated with the Service Instance. |
1079
+ | plan_id | string | The ID of the Service Plan from the catalog that is associated with the Service Instance. |
1080
+ | dashboard_url | string | The URL of a web-based management user interface for the Service Instance; we refer to this as a service dashboard. The URL MUST contain enough information for the dashboard to identify the resource being accessed (`9189kdfsk0vfnku` in the example below). Note: a Service Broker that wishes to return `dashboard_url` for a Service Instance MUST return it with the initial response to the provision request, even if the service is provisioned asynchronously. |
1081
+ | parameters | object | Configuration parameters for the Service Instance. |
1082
+ | maintenance_info | [Maintenance Info](#maintenance-info-object) | If a Service Broker provides maintenance information for a Service Plan in its [Catalog](#catalog-management), a Broker MAY return the maintenance information currently associated with the Service Instance. Any field except for `maintenance_info.version` SHOULD be ignored by the Platform. This field MAY be used by the Platform to inform the end-user of unattended maintenances that were triggered out-of-band and applied to the Service Instance. |
1083
+ | metadata | [ServiceInstanceMetadata](#service-instance-metadata) object | An OPTIONAL object containing metadata for the Service Instance. |
1084
+
1085
+ Service Brokers MAY choose to not return some or all parameters when a Service Instance is fetched - for example,
1086
+ if it contains sensitive information.
1087
+
1088
+ ```
1089
+ {
1090
+ "dashboard_url": "http://example-dashboard.example.com/9189kdfsk0vfnku",
1091
+ "parameters": {
1092
+ "billing-account": "abcde12345"
1093
+ },
1094
+ "metadata": {
1095
+ "labels": {
1096
+ "key1" : "value1",
1097
+ "key2" : "value2"
1098
+ },
1099
+ attributes: {
1100
+ "broker.generated.attr1": "value1",
1101
+ "broker.generated.attr2": "value2"
1102
+ }
1103
+ }
1104
+ }
1105
+ ```
1106
+
1107
+ ## Updating a Service Instance
1108
+
1109
+ By implementing this endpoint, Service Broker authors can:
1110
+ * Enable users to modify the Service Plan of a Service Instance. By changing the
1111
+ Service Plan, users can upgrade or downgrade their Service Instance to other
1112
+ plans.
1113
+ * Enable users to modify the parameters of a Service Instance. By modifying
1114
+ parameters, users can change configuration options that are specific to a
1115
+ Service or Service Plan.
1116
+ * Enable Platforms to send an update request for a Service Instance containing
1117
+ only contextual data (no changes to the Service Plan or parameters). This MAY
1118
+ be used by Platforms to let Service Brokers know when contextual information
1119
+ for a Service Instance has changed (i.e. `instance_name` in the
1120
+ [Cloud Foundry Context Object](profile.md#cloud-foundry-context-object). To
1121
+ enable support for Platforms to send an update request for a Service Instance
1122
+ containing only contextual data, a Service Broker MUST declare support by
1123
+ including `"allow_context_updates": true` in its
1124
+ [catalog endpoint](#catalog-management).
1125
+ * Enable Platforms to update maintenance information (allowing users to perform
1126
+ maintenance on their Service Instance, such as upgrading the underlying operating
1127
+ system the Service Instance is running on).
1128
+
1129
+ To enable support for the update of the Service Plan, a Service Broker MUST declare
1130
+ support per Service Offering by including `"plan_updateable": true` in either the
1131
+ Service Offering or Service Plan in its [catalog endpoint](#catalog-management).
1132
+
1133
+ If `"plan_updateable": true` is declared for a Service Plan in the
1134
+ [Catalog](#catalog-management) endpoint, the Platform MAY request a Service Plan
1135
+ change on a Service Instance using the given Service Plan. Otherwise, Platforms
1136
+ MUST NOT make any Service Plan change requests to the Service Broker for any
1137
+ Service Instance using the given Service Plan, but MAY request an update to the
1138
+ Service Instance parameters or perform maintenance on the Service Instance.
1139
+
1140
+ Not all permutations of Service Plan changes are expected to be supported. For
1141
+ example, a service might support upgrading from Service Plan "shared small" to
1142
+ "shared large" but not to Service Plan "dedicated". It is up to the Service
1143
+ Broker to validate whether a particular permutation of Service Plan change is
1144
+ supported. If a particular Service Plan change is not supported, the Service
1145
+ Broker SHOULD return a meaningful error message in response.
1146
+
1147
+ ### Request
1148
+
1149
+ #### Route
1150
+ `PATCH /v2/service_instances/:instance_id`
1151
+
1152
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1153
+
1154
+ #### Parameters
1155
+ | Parameter Name | Type | Description |
1156
+ | --- | --- | --- |
1157
+ | accepts_incomplete | boolean | A value of true indicates that the Platform and its clients support asynchronous Service Broker operations. If this parameter is not included in the request, and the Service Broker can only update a Service Instance of the requested Service Plan asynchronously, the Service Broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
1158
+
1159
+ #### Body
1160
+
1161
+ | Request Field | Type | Description |
1162
+ | --- | --- | --- |
1163
+ | context | object | Contextual data for the Service Instance. |
1164
+ | service_id* | string | MUST be the ID of a Service Offering from the catalog for this Service Broker. |
1165
+ | plan_id | string | If present, MUST be the ID of a Service Plan from the Service Offering that has been requested. If this field is not present in the request message, then the Service Broker MUST NOT change the Service Plan of the Service Instance as a result of this request. |
1166
+ | parameters | object | Configuration parameters for the Service Instance. Service Brokers SHOULD ensure that the client has provided valid configuration parameters and values for the operation. See "Note" below. |
1167
+ | previous_values | [PreviousValues](#previous-values-object) | Information about the Service Instance prior to the update. |
1168
+ | maintenance_info | [Maintenance Info](#maintenance-info-object) | If a Service Broker provides maintenance information for a Service Plan in its [Catalog](#catalog-management), a Platform MAY provide the same maintenance information when updating a Service Instance. Any field except for `maintenance_info.version` will be ignored. This field can be used to perform maintenance on a Service Instance (for example, to upgrade the underlying operating system the Service Instance is running on). If a Service Broker's catalog has changed and new maintenance information version is available for the Service Plan that the Service Instance being updated is using, then the Service Broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
1169
+
1170
+ \* Fields with an asterisk are REQUIRED.
1171
+
1172
+ ##### Previous Values Object
1173
+
1174
+ | Request Field | Type | Description |
1175
+ | --- | --- | --- |
1176
+ | service_id | string | Deprecated; determined to be unnecessary as the value is immutable. If present, it MUST be the ID of the Service Offering for the Service Instance. |
1177
+ | plan_id | string | If present, it MUST be the ID of the Service Plan prior to the update. |
1178
+ | organization_id | string | Deprecated as it was redundant information. The organization ID for the Service Instance MUST be provided by Platforms in the top-level field `context`. If present, it MUST be the ID of the organization specified for the Service Instance. |
1179
+ | space_id | string | Deprecated as it was redundant information. The space ID for the Service Instance MUST be provided by Platforms in the top-level field `context`. If present, it MUST be the ID of the space specified for the Service Instance. |
1180
+ | maintenance_info | [Maintenance Info](#maintenance-info-object) | The maintenance information that was used when the Service Instance was [provisioned](#provisioning) or when it was last [updated](#updating-a-service-instance). |
1181
+
1182
+ Note: The `parameters` specified are expected to be the values specified
1183
+ by an end-user. Whether the user chooses to include the complete set of
1184
+ configuration options or just a subset (or even none) is their choice. How a
1185
+ Service Broker interprets these parameters (including the absence of any
1186
+ particular parameter) is out of scope of this specification - with the
1187
+ exception that if this field is not present in the request then the
1188
+ Service Broker MUST NOT change the parameters of the instance as a result of
1189
+ this request.
1190
+
1191
+ Since some Service Instances will provide a `dashboard_url`, it is possible
1192
+ that a user has modified some of these parameters via the dashboard and
1193
+ therefore the Platform might not be aware of these changes. For this reason,
1194
+ Platforms SHOULD NOT include any parameters on the request that
1195
+ the user did not explicitly specify in their request for the update.
1196
+
1197
+ \* Fields with an asterisk are REQUIRED.
1198
+
1199
+ ```
1200
+ {
1201
+ "context": {
1202
+ "platform": "cloudfoundry",
1203
+ "some_field": "some-contextual-data"
1204
+ },
1205
+ "service_id": "service-offering-id-here",
1206
+ "plan_id": "service-plan-id-here",
1207
+ "parameters": {
1208
+ "parameter1": 1,
1209
+ "parameter2": "foo"
1210
+ },
1211
+ "previous_values": {
1212
+ "plan_id": "old-service-plan-id-here",
1213
+ "service_id": "service-offering-id-here",
1214
+ "organization_id": "org-guid-here",
1215
+ "space_id": "space-guid-here",
1216
+ "maintenance_info": {
1217
+ "version": "2.1.1+abcdef",
1218
+ }
1219
+ },
1220
+ "maintenance_info": {
1221
+ "version": "2.1.1+abcdef",
1222
+ }
1223
+ }
1224
+ ```
1225
+
1226
+ #### cURL
1227
+ ```
1228
+ $ curl http://username:password@service-broker-url/v2/service_instances/:instance_id?accepts_incomplete=true -d '{
1229
+ "context": {
1230
+ "platform": "cloudfoundry",
1231
+ "some_field": "some-contextual-data"
1232
+ },
1233
+ "service_id": "service-offering-id-here",
1234
+ "plan_id": "service-plan-id-here",
1235
+ "parameters": {
1236
+ "parameter1": 1,
1237
+ "parameter2": "foo"
1238
+ },
1239
+ "previous_values": {
1240
+ "plan_id": "old-service-plan-id-here",
1241
+ "service_id": "service-offering-id-here",
1242
+ "organization_id": "org-guid-here",
1243
+ "space_id": "space-guid-here"
1244
+ }
1245
+ }' -X PATCH -H "X-Broker-API-Version: 2.17" -H "Content-Type: application/json"
1246
+ ```
1247
+
1248
+ ### Response
1249
+
1250
+ | Status Code | Description |
1251
+ | --- | --- |
1252
+ | 200 OK | MUST be returned if the request's changes have been applied or MAY be returned if the request's changes have had no effect. The expected response body is `{}`. |
1253
+ | 202 Accepted | MUST be returned if the Service Instance update is in progress. The `operation` string MUST match that returned for the original request. This triggers the Platform to poll the [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances) endpoint for operation status. Note that a re-sent `PATCH` request MUST return a `202 Accepted`, not a `200 OK`, if the requested update has not yet completed. |
1254
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
1255
+ | 422 Unprocessable entity | MUST be returned if the requested change is not supported or if the request cannot currently be fulfilled due to the state of the Service Instance (e.g. Service Instance utilization is over the quota of the requested Service Plan). Additionally, this MUST be returned if the Service Broker only supports asynchronous update for the requested Service Plan and the request did not include `?accepts_incomplete=true`; in this case the response body MUST contain a error code `"AsyncRequired"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"This Service Plan requires client support for asynchronous service operations."`. Additionally, this MUST be returned if the `maintenance_info.version` provided in the request does not match the `maintenance_info.version` described for the Service Plan in the Service Broker's [catalog](#catalog-management). In this case, the response body MUST contain error code `"MaintenanceInfoConflict"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"The maintenance information for the requested Service Plan has changed."`. |
1256
+
1257
+ Responses with any other status code MUST be interpreted as a failure.
1258
+ When the response includes a 4xx or 5xx status code, the Service Broker MUST
1259
+ NOT apply any of the requested changes to the Service Instance.
1260
+
1261
+ When an update fails, the Service Instance can still be usable or unusable
1262
+ or its state could be unknown to the Platform. If a Service Instance became
1263
+ unusable, another update MAY repair the Service Instance.
1264
+ The Platform SHOULD NOT allow the creation of new bindings of an unusable
1265
+ Service Instance until the instance has been deleted or repaired by a
1266
+ subsequent update.
1267
+ If the broker does not indicate in the
1268
+ [Error response](#service-broker-errors) or
1269
+ [Last Operation response](#polling-last-operation-for-service-instances)
1270
+ whether the Service Instance is usable or not, the Platform SHOULD assume
1271
+ it is still usable.
1272
+
1273
+ A failed update might be repeatable. If the Service Broker
1274
+ indicates in the [Error response](#service-broker-errors) or
1275
+ [Last Operation response](#polling-last-operation-for-service-instances)
1276
+ that retrying this update does not make sense, the Platform SHOULD NOT
1277
+ repeat this update.
1278
+ For example, if a certain plan change is not supported by the
1279
+ Service Broker, all subsequent attempts will always fail, and the
1280
+ Platform SHOULD NOT retry this.
1281
+ Other updates MAY be possible.
1282
+
1283
+ #### Body
1284
+
1285
+ For success responses, the following fields are defined:
1286
+
1287
+ | Response Field | Type | Description |
1288
+ | --- | --- | --- |
1289
+ | dashboard_url | string | The updated URL of a web-based management user interface for the Service Instance; we refer to this as a service dashboard. The URL MUST contain enough information for the dashboard to identify the resource being accessed (`0129d920a083838` in the example below). Note: a Service Broker that wishes to return `dashboard_url` for a Service Instance MUST return it with the initial response to the update request, even if the Service Instance is being updated asynchronously. If not present or null, the Platform MUST retain the previous value of the `dashboard_url`. |
1290
+ | operation | string | For asynchronous responses, Service Brokers MAY return an identifier representing the operation. The value of this field MUST be provided by the Platform with requests to the [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances) endpoint in a percent-encoded query parameter. If present, MUST be a non-empty string. |
1291
+ | metadata | [ServiceInstanceMetadata](#service-instance-metadata) object | An OPTIONAL object containing metadata for the Service Instance. |
1292
+ ```
1293
+ {
1294
+ "dashboard_url": "http://example-dashboard.example.com/9189kdfsk0vfnku",
1295
+ "operation": "task_10",
1296
+ "metadata": {
1297
+ "labels": {
1298
+ "key1" : "value1",
1299
+ "key2" : "value2"
1300
+ },
1301
+ attributes: {
1302
+ "broker.generated.attr1": "value1",
1303
+ "broker.generated.attr2": "value2"
1304
+ }
1305
+ }
1306
+ }
1307
+ ```
1308
+
1309
+ ### Service Instance Metadata
1310
+
1311
+ | Response Field | Type | Description |
1312
+ | --- | --- | --- |
1313
+ | labels | object | Labels are broker specified key-value pairs specifying attributes of Service Instances that are meaningful and relevant to Platform users, but do not directly imply behaviour changes by the Platform. Platforms that support metadata labels MAY chose to update those, and if they do, they SHOULD replace all existing metadata labels with the labels received during provision or update. The Platform SHOULD ignore labels that do not adhere to the Platforms syntax. |
1314
+ | attributes | object | Attributes are Broker specific key-value pairs generated by the Broker that MAY imply behavior changes by the Platform. Platforms that support attributes MAY chose to update attributes and the new value will be updated in the response body of the FETCH Service Instances. The Platform SHOULD ignore attributes that do not adhere to the Platform supported attribute list. |
1315
+
1316
+
1317
+ ## Binding
1318
+
1319
+ If `"bindable": true` is declared for a Service Offering or Service Plan in the
1320
+ [Catalog](#catalog-management) endpoint, the Platform MAY request generation
1321
+ of a Service Binding. Otherwise, Platforms MUST NOT make a binding request to
1322
+ the Service Broker for any Service Instance using the given Service Offering
1323
+ or Service Plan.
1324
+
1325
+ Note: Not all services need to be bindable --- some deliver value just from
1326
+ being provisioned. Service Brokers that offer services that are bindable MUST
1327
+ declare them as such using `"bindable": true` in the
1328
+ [Catalog](#catalog-management). Service Brokers that do not offer any bindable
1329
+ services do not need to implement the endpoint for bind requests.
1330
+
1331
+ Service Brokers MAY choose to only return the information that represents a
1332
+ Service Binding once, either when the Service Binding is being created
1333
+ synchronously, or when the Service Binding is first fetched via the [Fetching a
1334
+ Service Binding](#fetching-a-service-binding) endpoint. However, in order for
1335
+ the Platform to successfully use the Service Binding, the information MUST be
1336
+ returned at least once.
1337
+
1338
+ In some cases, the creation of a Service Binding has to be accompanied by
1339
+ additional network configuration. This could be the configuration of a firewall
1340
+ or a load balancer or it could be the setup of a network tunnel or a VPN
1341
+ connection.
1342
+ To enable the Platform to do this in a service agnostic way, the Service Broker
1343
+ SHOULD provide the endpoints that the Application uses to connect to the service
1344
+ alongside the binding credentials.
1345
+
1346
+ ### Binding Rotation
1347
+
1348
+ Some Service Bindings are not valid forever. Especially credentials expire and
1349
+ have to be replaced at some point in time. The simplest form of exchanging a
1350
+ binding is to create a new Service Binding, make it available to the
1351
+ Application and remove and unbind the old one. In many cases, this requires a
1352
+ restart of the Application.
1353
+
1354
+ But this approach has a few downsides. First of all, from the Service Broker
1355
+ point of view, there is no continuity. The Service Broker doesn't know that
1356
+ the new binding is the successor of the old one. If state is attached to the
1357
+ old binding, the Service Broker is not able to transfer this state to the new
1358
+ binding.
1359
+ The second challenge is, that Platforms have to provide the binding parameters
1360
+ again to the successor binding. But Platforms do not necessarily store these
1361
+ parameter values. Without the values, a user has to provide them again and
1362
+ that prevents an automated rotation of Service Bindings.
1363
+
1364
+ Therefore, this specification defines means to rotate Service Bindings.
1365
+ A Service Broker can declare in the catalog per plan if it supports the
1366
+ creation of a successor binding by setting the `binding_rotatable` field to
1367
+ `true`. If the field is set to `false` or not present, the Platform MUST NOT
1368
+ attempt to rotate a Service Binding of this plan.
1369
+
1370
+ To create a successor binding, the Platform MUST provide a
1371
+ `predecessor_binding_id` field in the binding provisioning request. The value
1372
+ of this field MUST be the Service Binding ID of a non-expired Service Binding
1373
+ of the same Service Instance. The request creates a new Service Binding with a
1374
+ new binding ID. Both Service Bindings, the new and the old one, MUST both be
1375
+ valid in parallel until they expired or are deleted.
1376
+
1377
+ ### Types of Binding
1378
+
1379
+ #### Credentials
1380
+
1381
+ Credentials are a set of information used by an Application or a user to
1382
+ utilize the Service Instance. Credentials SHOULD be unique whenever possible, so
1383
+ access can be revoked for each Service Binding without affecting consumers of other
1384
+ Service Bindings for the Service Instance.
1385
+
1386
+ Service Brokers SHOULD also provide all network hosts and ports that the
1387
+ Application uses to connect to the Service Instance via this Service Binding.
1388
+ This data allows the Platform to adjust network configurations, if necessary.
1389
+
1390
+ #### Log Drain
1391
+
1392
+ There are a class of Service Offerings that provide aggregation, indexing, and
1393
+ analysis of log data. To utilize these services an application that generates
1394
+ logs needs information for the location to which it will stream logs. A create
1395
+ binding response from a Service Broker that provides one of these services MUST
1396
+ include a `syslog_drain_url`. The Platform MUST use the `syslog_drain_url` value
1397
+ when sending logs to the service.
1398
+
1399
+ #### Route Services
1400
+ Route services are a class of Service Offerings that intermediate requests to
1401
+ applications, performing functions such as rate limiting or authorization. To
1402
+ indicate support for route services, the catalog entry for the Service MUST
1403
+ include the `"requires":["route_forwarding"]` property.
1404
+
1405
+ When creating a route service type of Service Binding, a Platform MUST send
1406
+ a routable address, or endpoint, for the application along with the request to
1407
+ create a Service Binding using `"bind_resource":{"route":"some-address.com"}`.
1408
+ Service Brokers MAY support configuration specific to an address using
1409
+ parameters; exposing this feature to users would require a Platform to support
1410
+ binding multiple routable addresses to the same Service Instance.
1411
+
1412
+ If a service is deployed in a configuration to support this behavior, the
1413
+ Service Broker MUST return a `route_service_url` in the response for a request
1414
+ to create a Service Binding, so that the Platform knows where to proxy the application
1415
+ request. If the service is deployed such that the network configuration to
1416
+ proxy application requests through instances of the service is managed
1417
+ out-of-band, the Service Broker MUST NOT return `route_service_url` in the
1418
+ response.
1419
+
1420
+ #### Volume Services
1421
+
1422
+ There are a class of Service Offerings that provide network storage to applications
1423
+ via volume mounts in the application container. A create Service Binding response from
1424
+ one of these services MUST include `volume_mounts`.
1425
+
1426
+ ### Request (Creating a Service Binding)
1427
+
1428
+ #### Route
1429
+ `PUT /v2/service_instances/:instance_id/service_bindings/:binding_id`
1430
+
1431
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1432
+
1433
+ `:binding_id` MUST be a globally unique non-empty string.
1434
+ This ID will be used for future unbind requests, so the Service Broker will use
1435
+ it to correlate the resource it creates.
1436
+
1437
+ #### Parameters
1438
+ | Parameter name | Type | Description |
1439
+ | --- | --- | --- |
1440
+ | accepts_incomplete | boolean | A value of true indicates that the Platform and its clients support asynchronous broker operations. If this parameter is not included in the request, and the broker can only perform a binding operation asynchronously, the broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
1441
+
1442
+ #### Body
1443
+
1444
+ | Request Field | Type | Description |
1445
+ | --- | --- | --- |
1446
+ | context | object | Contextual data for the Service Binding. |
1447
+ | service_id* | string | MUST be the ID of the Service Offering that is being used. |
1448
+ | plan_id* | string | MUST be the ID of the Servie Plan from the service that is being used. |
1449
+ | app_guid | string | Deprecated in favor of `bind_resource.app_guid`. GUID of an application associated with the Service Binding to be created. If present, MUST be a non-empty string. |
1450
+ | bind_resource | [BindResource](#bind-resource-object) | A JSON object that contains data for Platform resources associated with the Service Binding to be created. See [Bind Resource Object](#bind-resource-object) for more information. |
1451
+ | parameters | object | Configuration parameters for the Service Binding. Service Brokers SHOULD ensure that the client has provided valid configuration parameters and values for the operation. |
1452
+
1453
+ \* Fields with an asterisk are REQUIRED.
1454
+
1455
+ ##### Bind Resource Object
1456
+
1457
+ The `bind_resource` object contains Platform specific information related to
1458
+ the context in which the service will be used. In some cases the Platform
1459
+ might not be able to provide this information at the time of the binding
1460
+ request, therefore the `bind_resource` and its fields are OPTIONAL.
1461
+
1462
+ Below are some common fields that MAY be used. Platforms MAY choose to add
1463
+ additional ones as needed (see
1464
+ [Bind Resource Object](profile.md#bind-resource-object) conventions).
1465
+
1466
+ | Request Field | Type | Description |
1467
+ | --- | --- | --- |
1468
+ | app_guid | string | GUID of an application associated with the Service Binding. For [credentials](#types-of-binding) bindings. MUST be unique within the scope of the Platform. |
1469
+ | route | string | URL of the application to be intermediated. For [route services](#route-services) Service Bindings. |
1470
+
1471
+ `app_guid` represents the scope to which the Service Binding will apply within
1472
+ the Platform. For example, in Cloud Foundry it might map to an "application"
1473
+ while in Kubernetes it might map to a "namespace". The scope of what a
1474
+ Platform maps the `app_guid` to is Platform specific and MAY vary across
1475
+ binding requests.
1476
+
1477
+ ```
1478
+ {
1479
+ "context": {
1480
+ "platform": "cloudfoundry",
1481
+ "some_field": "some-contextual-data"
1482
+ },
1483
+ "service_id": "service-offering-id-here",
1484
+ "plan_id": "service-plan-id-here",
1485
+ "bind_resource": {
1486
+ "app_guid": "app-guid-here"
1487
+ },
1488
+ "parameters": {
1489
+ "parameter1-name-here": 1,
1490
+ "parameter2-name-here": "parameter2-value-here"
1491
+ }
1492
+ }
1493
+ ```
1494
+
1495
+
1496
+ #### cURL
1497
+ ```
1498
+ $ curl http://username:password@service-broker-url/v2/service_instances/:instance_id/service_bindings/:binding_id?accepts_incomplete=true -d '{
1499
+ "context": {
1500
+ "platform": "cloudfoundry",
1501
+ "some_field": "some-contextual-data"
1502
+ },
1503
+ "service_id": "service-offering-id-here",
1504
+ "plan_id": "service-plan-id-here",
1505
+ "bind_resource": {
1506
+ "app_guid": "app-guid-here"
1507
+ },
1508
+ "parameters": {
1509
+ "parameter1-name-here": 1,
1510
+ "parameter2-name-here": "parameter2-value-here"
1511
+ }
1512
+ }' -X PUT -H "X-Broker-API-Version: 2.17" -H "Content-Type: application/json"
1513
+ ```
1514
+
1515
+ ### Response
1516
+
1517
+ | Status Code | Description |
1518
+ | --- | --- |
1519
+ | 200 OK | SHOULD be returned if the Service Binding already exists and the requested parameters are identical to the existing Service Binding. The expected response body is below. *This response is only valid in synchronous operations*. |
1520
+ | 201 Created | MUST be returned if the Service Binding was created as a result of this request. The expected response body is below. |
1521
+ | 202 Accepted | MUST be returned if the binding is in progress. The `operation` string MUST match that returned for the original request. This triggers the Platform to poll the [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings) endpoint for operation status. Information regarding the Service Binding (i.e. credentials) MUST NOT be returned in this response. Note that a re-sent `PUT` request MUST return a `202 Accepted`, not a `200 OK`, if the Service Binding is not yet fully created. |
1522
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
1523
+ | 409 Conflict | MUST be returned if a Service Binding with the same id, for the same Service Instance, already exists or is being created but with different parameters. |
1524
+ | 422 Unprocessable Entity | MUST be returned if the Service Broker requires that `app_guid` be included in the request body. The response body MUST contain error code `"RequiresApp"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"This Service supports generation of credentials through binding an application only."`. Additionally, if the Service Broker rejects the request due to a concurrent request to create a Service Binding for the same Service Instance, then this error MUST be returned (see [Blocking Operations](#blocking-operations)). This MUST also be returned if the Service Broker only supports asynchronous bindings for the Service Instance and the request did not include `?accepts_incomplete=true`. In this case, the response body MUST contain error code `"AsyncRequired"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"This Service Instance requires client support for asynchronous binding operations."`. |
1525
+
1526
+ Responses with any other status code MUST be interpreted as a failure and the
1527
+ Platform might need to perform [Orphan Mitigation](#orphan-mitigation).
1528
+
1529
+ #### Body
1530
+
1531
+ For a `202 Accepted` response code, the following fields are defined:
1532
+
1533
+ | Response Field | Type | Description |
1534
+ | --- | --- | --- |
1535
+ | operation | string | For asynchronous responses, Service Brokers MAY return an identifier representing the operation. The value of this field MUST be provided by the Platform with requests to the [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings) endpoint in a URL encoded query parameter. If present, MUST be a string containing no more than 10,000 characters. |
1536
+
1537
+ For `200 OK` and `201 Created` response codes, the following fields are defined:
1538
+
1539
+ | Response Field | Type | Description |
1540
+ | --- | --- | --- |
1541
+ | metadata | [BindingMetadata](#binding-metadata-object) object | An OPTIONAL object containing metadata about this Service Binding. This metadata is mainly used to manage the Service Binding itself and SHOULD NOT contain any data that is needed to connect to the Service Instance. |
1542
+ | credentials | object | A free-form hash of credentials that can be used by applications or users to access the service. MUST be returned if the Service Broker supports generation of credentials. |
1543
+ | syslog_drain_url | string | A URL to which logs MUST be streamed. `"requires":["syslog_drain"]` MUST be declared in the [Catalog](#catalog-management) endpoint or the Platform can consider the response invalid. |
1544
+ | route_service_url | string | A URL to which the Platform MUST proxy requests for the address sent with `bind_resource.route` in the request body. `"requires":["route_forwarding"]` MUST be declared in the [Catalog](#catalog-management) endpoint or the Platform can consider the response invalid. |
1545
+ | volume_mounts | array of [VolumeMount](#volume-mount-object) objects | An array of configuration for remote storage devices to be mounted into an application container filesystem. `"requires":["volume_mount"]` MUST be declared in the [Catalog](#catalog-management) endpoint or the Platform can consider the response invalid. |
1546
+ | endpoints | array of [Endpoint](#endpoint-object) objects | The network endpoints that the Application uses to connect to the Service Instance. If present, all Service Instance endpoints that are relevant for the Application MUST be in this list, even if endpoints are not reachable or host names are not resolvable from outside the service network. |
1547
+
1548
+ ##### Binding Metadata Object
1549
+
1550
+ | Response Field | Type | Description |
1551
+ | --- | --- | --- |
1552
+ | expires_at | string | The date and time when the Service Binding becomes invalid and SHOULD NOT or CANNOT be used anymore. If present, the string MUST follow ISO 8601 and this pattern: `yyyy-mm-ddThh:mm:ss.sZ`. |
1553
+ | renew_before | string | The date and time before the Service Binding SHOULD be renewed. Applications or Platforms MAY use this field to initiate a [Service Binding rotation](#binding-rotation) or create a new Service Binding on time. It is RECOMMENDED to trigger the creation of a new Service Binding shortly before this timestamp. If the `expires_at` field is also present, the `renew_before` timestamp MUST be before or equal to the `expires_at` timestamp. Service Brokers SHOULD leave enough time between both timestamps to create a new Service Binding including a buffer to enable continuity. If present, the string MUST follow ISO 8601 and this pattern: `yyyy-mm-ddThh:mm:ss.sZ`. |
1554
+
1555
+ ##### Volume Mount Object
1556
+
1557
+ | Response Field | Type | Description |
1558
+ | --- | --- | --- |
1559
+ | driver* | string | Name of the volume driver plugin which manages the device. |
1560
+ | container_dir* | string | The path in the application container onto which the volume will be mounted. This specification does not mandate what action the Platform is to take if the path specified already exists in the container. |
1561
+ | mode* | string | "r" to mount the volume read-only or "rw" to mount it read-write. |
1562
+ | device_type* | string | A string specifying the type of device to mount. Currently the only supported value is "shared". |
1563
+ | device* | [Device](#device-object) | Device object containing device_type specific details. Currently only shared devices are supported. |
1564
+
1565
+ \* Fields with an asterisk are REQUIRED.
1566
+
1567
+ ##### Device Object
1568
+
1569
+ Currently only shared devices are supported; a distributed file system which
1570
+ can be mounted on all app instances simultaneously.
1571
+
1572
+ | Response Field | Type | Description |
1573
+ | --- | --- | --- |
1574
+ | volume_id* | string | ID of the shared volume to mount on every app instance. |
1575
+ | mount_config | object | Configuration object to be passed to the driver when the volume is mounted. |
1576
+ | device_config | object | Configuration object to be passed to the driver when the device is created. |
1577
+
1578
+ \* Fields with an asterisk are REQUIRED.
1579
+
1580
+ ##### Endpoint Object
1581
+
1582
+ | Response Field | Type | Description |
1583
+ | --- | --- | --- |
1584
+ | host* | string | A host name or a single IP address. |
1585
+ | ports* | array of strings | A non-empty array. Each element is either a single port (for example "443") or a port range (for example "9000-9010"). |
1586
+ | protocol | string | The protocol. Valid values are `tcp`, `udp`, or `all`. The default value is `tcp`. |
1587
+
1588
+ \* Fields with an asterisk are REQUIRED.
1589
+
1590
+ ```
1591
+ {
1592
+ "credentials": {
1593
+ "uri": "mysql://mysqluser:pass@mysqlhost:3306/dbname",
1594
+ "username": "mysqluser",
1595
+ "password": "pass",
1596
+ "host": "mysqlhost",
1597
+ "port": 3306,
1598
+ "database": "dbname"
1599
+ },
1600
+ "endpoints": [
1601
+ {
1602
+ "host": "mysqlhost",
1603
+ "ports:" ["3306"]
1604
+ }
1605
+ ]
1606
+ }
1607
+ ```
1608
+
1609
+ ```
1610
+ {
1611
+ "volume_mounts": [{
1612
+ "driver": "cephdriver",
1613
+ "container_dir": "/data/images",
1614
+ "mode": "r",
1615
+ "device_type": "shared",
1616
+ "device": {
1617
+ "volume_id": "bc2c1eab-05b9-482d-b0cf-750ee07de311",
1618
+ "device_config": {
1619
+ "size_mb": 10240,
1620
+ "fs_type": "ext4"
1621
+ },
1622
+ "mount_config": {
1623
+ "key": "value"
1624
+ }
1625
+ }
1626
+ }]
1627
+ }
1628
+ ```
1629
+
1630
+ ### Request (Rotating a Service Binding)
1631
+
1632
+ #### Route
1633
+ `PUT /v2/service_instances/:instance_id/service_bindings/:binding_id`
1634
+
1635
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1636
+
1637
+ `:binding_id` MUST be a globally unique non-empty string.
1638
+ This ID will be used for future unbind requests, so the Service Broker will use
1639
+ it to correlate the resource it creates.
1640
+
1641
+ #### Parameters
1642
+ | Parameter name | Type | Description |
1643
+ | --- | --- | --- |
1644
+ | accepts_incomplete | boolean | A value of true indicates that the Platform and its clients support asynchronous broker operations. If this parameter is not included in the request, and the broker can only perform a binding operation asynchronously, the broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
1645
+
1646
+ #### Body
1647
+
1648
+ | Request Field | Type | Description |
1649
+ | --- | --- | --- |
1650
+ | predecessor_binding_id* | string | MUST be the ID of non-expired Service Binding of the same Service Instance. |
1651
+
1652
+ \* Fields with an asterisk are REQUIRED.
1653
+
1654
+ ### Response
1655
+
1656
+ The same response as in the response section above is expected.
1657
+
1658
+
1659
+ ## Fetching a Service Binding
1660
+
1661
+ If `"bindings_retrievable" :true` is declared for a Service Offering in the
1662
+ [Catalog](#catalog-management) endpoint, Service Brokers MUST support this
1663
+ endpoint for all Service Offerings and Service Plans that support bindings (`"bindable": true`)
1664
+ and this endpoint MUST be available immediately after the
1665
+ [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings)
1666
+ endpoint returns `"state": "succeeded"` for a [Binding](#binding) operation.
1667
+
1668
+ ### Request
1669
+
1670
+ ##### Route
1671
+ `GET /v2/service_instances/:instance_id/service_bindings/:binding_id`
1672
+
1673
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1674
+
1675
+ `:binding_id` MUST be the ID of a previously provisioned Service Binding for that
1676
+ instance.
1677
+
1678
+ #### Parameters
1679
+
1680
+ The request provides these query string parameters as useful hints for brokers.
1681
+
1682
+ | Query-String Field | Type | Description |
1683
+ | --- | --- | --- |
1684
+ | service_id | string | ID of the Service Offering from the catalog. If present, MUST be a non-empty string. |
1685
+ | plan_id | string | ID of the Service Plan from the catalog. If present, MUST be a non-empty string. |
1686
+
1687
+ ##### cURL
1688
+ ```
1689
+ $ curl 'http://username:password@broker-url/v2/service_instances/:instance_id/service_bindings/:binding_id' -X GET -H "X-Broker-API-Version: 2.17"
1690
+ ```
1691
+
1692
+ ### Response
1693
+
1694
+ | Status Code | Description |
1695
+ | --- | --- |
1696
+ | 200 OK | The expected response body is below. |
1697
+ | 404 Not Found | MUST be returned if the Service Binding does not exist or if a binding operation is still in progress. |
1698
+
1699
+ Responses with any other status code MUST be interpreted as a failure and the
1700
+ Platform MUST continue to remember the Service Binding.
1701
+
1702
+ ##### Body
1703
+
1704
+ For success responses, the following fields are defined:
1705
+
1706
+ | Response Field | Type | Description |
1707
+ | --- | --- | --- |
1708
+ | metadata | [BindingMetadata](#binding-metadata-object) object | An OPTIONAL object containing metadata about this Service Binding. This metadata is mainly used to manage the Service Binding itself and SHOULD NOT contain any data that is needed to connect to the Service Instance. |
1709
+ | credentials | object | A free-form hash of credentials that can be used by applications or users to access the service. MUST be returned if the Service Broker supports generation of credentials and the Service Binding was provisioned asynchronously. |
1710
+ | syslog_drain_url | string | A URL to which logs MUST be streamed. `"requires":["syslog_drain"]` MUST be declared in the [Catalog](#catalog-management) endpoint or the Platform can consider the response invalid. |
1711
+ | route_service_url | string | A URL to which the Platform MUST proxy requests for the address sent with `bind_resource.route` in the request body. `"requires":["route_forwarding"]` MUST be declared in the [Catalog](#catalog-management) endpoint or the Platform can consider the response invalid. |
1712
+ | volume_mounts | array of [VolumeMount](#volume-mount-object) objects | An array of configuration for mounting volumes. `"requires":["volume_mount"]` MUST be declared in the [Catalog](#catalog-management) endpoint or the Platform can consider the response invalid. |
1713
+ | parameters | object | Configuration parameters for the Service Binding. |
1714
+ | endpoints | array of [Endpoint](#endpoint-object) objects | The network endpoints that the Application uses to connect to the Service Instance. If present, all Service Instance endpoints that are relevant for the Application MUST be in this list, even if endpoints are not reachable or host names are not resolvable from outside the service network. |
1715
+
1716
+ Service Brokers MAY choose to not return some or all parameters when a Service Binding is fetched - for example,
1717
+ if it contains sensitive information.
1718
+
1719
+ ```
1720
+ {
1721
+ "metadata": {
1722
+ "expires_at": "2019-12-31T23:59:59.0Z"
1723
+ },
1724
+ "credentials": {
1725
+ "uri": "mysql://mysqluser:pass@mysqlhost:3306/dbname",
1726
+ "username": "mysqluser",
1727
+ "password": "pass",
1728
+ "host": "mysqlhost",
1729
+ "port": 3306,
1730
+ "database": "dbname"
1731
+ },
1732
+ "endpoints": [
1733
+ {
1734
+ "host": "mysqlhost",
1735
+ "ports:" ["3306"]
1736
+ }
1737
+ ],
1738
+ "parameters": {
1739
+ "billing-account": "abcde12345"
1740
+ }
1741
+ }
1742
+ ```
1743
+
1744
+ ## Unbinding
1745
+
1746
+ Note: Service Brokers that do not provide any bindable Service Offerings or Service Plans do
1747
+ not need to implement this endpoint.
1748
+
1749
+ When a Service Broker receives an unbind request from a Platform, it MUST
1750
+ delete any resources associated with the Service Binding. In the case where
1751
+ credentials were generated, this might result in requests to the Service
1752
+ Instance failing to authenticate.
1753
+
1754
+ If a Service Broker accepts the request to delete a Service Binding during
1755
+ the process of it being created, then it MUST have the net effect of halting
1756
+ the current creation process and beginning the deletion of any resources
1757
+ associated with the Service Binding. If the request to delete the Service Binding
1758
+ is being performed asynchronously, then the
1759
+ [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings)
1760
+ endpoint SHOULD indicate the state of the delete request (unless a different
1761
+ `operation` identifier was provided by the Service Broker). If the request to
1762
+ delete the Service Binding is being performed synchronously, then the
1763
+ [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings)
1764
+ endpoint SHOULD indicate that the create request has a `state` value of `failed`.
1765
+
1766
+ ### Request
1767
+
1768
+ #### Route
1769
+
1770
+ `DELETE /v2/service_instances/:instance_id/service_bindings/:binding_id`
1771
+
1772
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1773
+
1774
+ `:binding_id` MUST be the the ID of a previously provisioned Service Binding for that
1775
+ Service Instance.
1776
+
1777
+ #### Parameters
1778
+
1779
+ | Query-String Field | Type | Description |
1780
+ | --- | --- | --- |
1781
+ | service_id* | string | MUST be the ID of the Service Offering associated with the Service Binding being deleted. |
1782
+ | plan_id* | string | MUST be the ID of the Service Plan associated with the Service Binding being deleted. |
1783
+ | accepts_incomplete | boolean | A value of true indicates that the Platform and its clients support asynchronous Service Broker operations. If this parameter is not included in the request, and the Service Broker can only perform an unbinding operation asynchronously, the Service Broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
1784
+
1785
+ \* Query parameters with an asterisk are REQUIRED.
1786
+
1787
+ #### cURL
1788
+
1789
+ ```
1790
+ $ curl 'http://username:password@service-broker-url/v2/service_instances/:instance_id/
1791
+ service_bindings/:binding_id?service_id=service-offering-id-here&plan_id=service-plan-id-here&accepts_incomplete=true' -X DELETE -H "X-Broker-API-Version: 2.17"
1792
+ ```
1793
+
1794
+ ### Response
1795
+
1796
+ | Status Code | Description |
1797
+ | --- | --- |
1798
+ | 200 OK | MUST be returned if the Service Binding was deleted as a result of this request. The expected response body is `{}`. |
1799
+ | 202 Accepted | MUST be returned if the unbinding is in progress. The `operation` string MUST match that returned for the original request. This triggers the Platform to poll the [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings) endpoint for operation status. Note that a re-sent `DELETE` request MUST return a `202 Accepted`, not a `200 OK`, if the unbinding request has not completed yet. |
1800
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
1801
+ | 410 Gone | MUST be returned if the Service Binding does not exist. |
1802
+ | 422 Unprocessable Entity | MUST also be returned if the Service Broker only supports asynchronous unbinding for the Service Instance and the request did not include `?accepts_incomplete=true`. The response body MUST contain error code `"AsyncRequired"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"This Service Instance requires client support for asynchronous binding operations."`. Additionally, this MUST be returned if the Service Binding is being processed by some other operation and therefore cannot be deleted at this time. The response body MUST contain error code `"ConcurrencyError"` (see [Service Broker Errors](#service-broker-errors)). |
1803
+
1804
+ Responses with any other status code MUST be interpreted as a failure and the
1805
+ Platform MUST continue to remember the Service Binding.
1806
+
1807
+ #### Body
1808
+
1809
+ For success responses, the following fields are defined:
1810
+
1811
+ | Response field | Type | Description |
1812
+ | --- | --- | --- |
1813
+ | operation | string | For asynchronous responses, Service Brokers MAY return an identifier representing the operation. The value of this field MUST be provided by the Platform with requests to the [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings) endpoint in a percent-encoded query parameter. If present, MUST be a string containing no more than 10,000 characters. |
1814
+
1815
+ \* Fields with an asterisk are REQUIRED.
1816
+
1817
+ ```
1818
+ {
1819
+ "operation": "task_10"
1820
+ }
1821
+ ```
1822
+
1823
+ ## Deprovisioning
1824
+
1825
+ When a Service Broker receives a deprovision request from a Platform, it MUST
1826
+ delete any resources it created during the provision. Usually this means that
1827
+ all resources are immediately reclaimed for future provisions.
1828
+
1829
+ Platforms MUST delete all Service Bindings for a Service Instance prior to attempting to
1830
+ deprovision the Service Instance. This specification does not specify what a Service
1831
+ Broker is to do if it receives a deprovision request while there are still
1832
+ Service Bindings associated with it.
1833
+
1834
+ If a Service Broker accepts the request to delete a Service Instance during
1835
+ the process of it being provisioned, then it MUST have the net effect of halting
1836
+ the current creation process and beginning the deletion of any resources
1837
+ associated with the Service Instance. If the request to deprovision the Service
1838
+ Instance is being performed asynchronously, then the
1839
+ [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances)
1840
+ endpoint SHOULD indicate the state of the deprovision request (unless a
1841
+ different `operation` identifier was provided by the Service Broker). If the
1842
+ request to deprovision the Service Instance is being performed synchronously, then the
1843
+ [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances)
1844
+ endpoint SHOULD indicate that the provision request has a `state` value of
1845
+ `failed`.
1846
+
1847
+ ### Request
1848
+
1849
+ #### Route
1850
+
1851
+ `DELETE /v2/service_instances/:instance_id`
1852
+
1853
+ `:instance_id` MUST be the ID of a previously provisioned Service Instance.
1854
+
1855
+ #### Parameters
1856
+
1857
+ The request provides these query string parameters as useful hints for Service
1858
+ Brokers.
1859
+
1860
+
1861
+ | Query-String Field | Type | Description |
1862
+ | --- | --- | --- |
1863
+ | service_id* | string | MUST be the ID of the Service Offering associated with the Service Instance being deleted. |
1864
+ | plan_id* | string | MUST be the ID of the Service Plan associated with the Service Instance being deleted. |
1865
+ | accepts_incomplete | boolean | A value of true indicates that both the Platform and the requesting client support asynchronous deprovisioning. If this parameter is not included in the request, and the Service Broker can only deprovision a Service Instance of the requested Service Plan asynchronously, the Service Broker MUST reject the request with a `422 Unprocessable Entity` as described below. |
1866
+
1867
+ \* Query parameters with an asterisk are REQUIRED.
1868
+
1869
+ #### cURL
1870
+ ```
1871
+ $ curl 'http://username:password@service-broker-url/v2/service_instances/:instance_id?accepts_incomplete=true
1872
+ &service_id=service-offering-id-here&plan_id=service-plan-id-here' -X DELETE -H "X-Broker-API-Version: 2.17"
1873
+ ```
1874
+
1875
+ ### Response
1876
+
1877
+ | Status Code | Description |
1878
+ | --- | --- |
1879
+ | 200 OK | MUST be returned if the Service Instance was deleted as a result of this request. The expected response body is `{}`. |
1880
+ | 202 Accepted | MUST be returned if the Service Instance deletion is in progress. The `operation` string MUST match that returned for the original request. This triggers the Platform to poll the [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances) endpoint for operation status. Note that a re-sent `DELETE` request MUST return a `202 Accepted`, not a `200 OK`, if the delete request has not completed yet. |
1881
+ | 400 Bad Request | MUST be returned if the request is malformed or missing mandatory data. MAY be returned if the request contains invalid data, in which case the error response MAY include a helpful error message in the `description` field (see [Service Broker Errors](#service-broker-errors)). |
1882
+ | 410 Gone | MUST be returned if the Service Instance does not exist. |
1883
+ | 422 Unprocessable Entity | MUST be returned if the Service Broker only supports asynchronous deprovisioning for the requested Service Plan and the request did not include `?accepts_incomplete=true`. The response body MUST contain error code `"AsyncRequired"` (see [Service Broker Errors](#service-broker-errors)). The error response MAY include a helpful error message in the `description` field such as `"This Service Plan requires client support for asynchronous service operations."`. Additionally, this MUST be returned if the Service Instance is being processed by some other operation and therefore cannot be deleted at this time. The response body MUST contain error code `"ConcurrencyError"` (see [Service Broker Errors](#service-broker-errors)). |
1884
+
1885
+ Responses with any other status code MUST be interpreted as a failure and the
1886
+ Platform MUST remember the Service Instance.
1887
+
1888
+ When a deprovisioning fails, the Service Instance can still be usable or
1889
+ unusable or its state could be unknown. If a Service Instance becomes unusable,
1890
+ the Platform SHOULD NOT request new Service Bindings for that Service Instance.
1891
+ If the broker does not indicate in the [Error response](#service-broker-errors)
1892
+ or [Last Operation response](#polling-last-operation-for-service-instances)
1893
+ whether the Service Instance is usable or not, the Platform SHOULD assume it is
1894
+ still usable.
1895
+
1896
+ #### Body
1897
+
1898
+ For success responses, the following fields are defined:
1899
+
1900
+ | Response Field | Type | Description |
1901
+ | --- | --- | --- |
1902
+ | operation | string | For asynchronous responses, Service Brokers MAY return an identifier representing the operation. The value of this field MUST be provided by the Platform with requests to the [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances) endpoint in a percent-encoded query parameter. If present, MUST NOT contain more than 10,000 characters. |
1903
+
1904
+ ```
1905
+ {
1906
+ "operation": "task_10"
1907
+ }
1908
+ ```
1909
+
1910
+ ## Orphan Mitigation
1911
+
1912
+ The Platform is the source of truth for Service Instances and Service Bindings.
1913
+ Service Brokers are expected to have successfully provisioned all of the Service
1914
+ Instances and Service Bindings that the Platform knows about, and none that it
1915
+ doesn't.
1916
+
1917
+ Orphaned Service Instances and Service Bindings might have been created in one
1918
+ of the following scenarios:
1919
+ * The Service Broker does not return a response before a request from the
1920
+ Platform times out (typically 60 seconds). The Service Broker might eventually
1921
+ succeed in creating a resource, however the Platform might have already
1922
+ considered the request a failure.
1923
+ * A synchronous [Provisioning](#provisioning) request fails.
1924
+ * A call to the
1925
+ [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances)
1926
+ endpoint returns `"state": "failed"` for an asynchronous provisioning or
1927
+ deprovisioning request.
1928
+ * A synchronous [Binding](#binding) request fails.
1929
+ * A call to the
1930
+ [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings)
1931
+ endpoint returns `"state": "failed"` for an asynchronous binding or unbinding
1932
+ request.
1933
+ * The Platform encounters an internal error when creating a Service Instance or
1934
+ Service Binding (for example, saving to the database fails).
1935
+
1936
+ To mitigate orphaned Service Instances and Service Bindings, the Platform SHOULD
1937
+ attempt to delete resources it cannot be sure were successfully created, and
1938
+ SHOULD keep trying to delete them until the Service Broker responds with a
1939
+ success. Service Brokers MAY automatically delete any resources they believe to
1940
+ be orphaned on their own. Note that the Platform MAY allow end users to
1941
+ determine when orphan mitigation occurs, in order to allow them to investigate
1942
+ the cause of any failures.
1943
+
1944
+ The following table aims to describe when Orphan Mitigation is to be initiated
1945
+ by the Platform:
1946
+
1947
+ | Request | Service Broker Response Status Code | Platform Interpretation Of Response | Orphan Mitigation SHOULD be performed for Service Instances | Orphan Mitigation SHOULD be performed for Service Bindings |
1948
+ | --- | --- | --- | --- | --- |
1949
+ | _All_ | 200 | Success (only returned in synchronous mode) | No | No |
1950
+ | _All_ | 200 with malformed response | Failure | No | No |
1951
+ | [Polling Last Operation for Service Instances](#polling-last-operation-for-service-instances) for [Provisioning](#provisioning)/[Deprovisioning](#deprovisioning) | 200 with `"state": "failed"` | Failure | Yes | No |
1952
+ | [Polling Last Operation for Service Bindings](#polling-last-operation-for-service-bindings) for [Binding](#binding)/[Unbinding](#unbinding) | 200 with `"state": "failed"` | Failure | No | Yes |
1953
+ | _All_ | 201 | Success | No | No |
1954
+ | [Provisioning](#provisioning) | 201 with malformed response | Failure | Yes | No |
1955
+ | [Binding](#binding) | 201 with malformed response | Failure | No | Yes |
1956
+ | _All_ | 202 | Success | No | No |
1957
+ | [Provisioning](#provisioning) | 202 with malformed response | Failure | Yes | No |
1958
+ | [Binding](#binding) | 202 with malformed response | Failure | No | Yes |
1959
+ | [Provisioning](#provisioning)/[Deprovisioning](#deprovisioning) | All other 2xx | Failure | Yes | No |
1960
+ | [Binding](#binding)/[Unbinding](#unbinding) | All other 2xx | Failure | No | Yes |
1961
+ | [Updating a Service Instance](#updating-a-service-instance) | All other 2xx | Failure | No | No |
1962
+ | _All_ | 408 | Client timeout failure (request not received at the server) | No | No |
1963
+ | _All_ | All other 4xx | Request rejected | No | No |
1964
+ | [Provisioning](#provisioning)/[Deprovisioning](#deprovisioning) | 5xx | Service Broker error | Yes | No |
1965
+ | [Binding](#binding)/[Unbinding](#unbinding) | 5xx | Service Broker error | No | Yes |
1966
+ | [Updating a Service Instance](#updating-a-service-instance) | 5xx | Service Broker error | No | No |
1967
+ | [Provisioning](#provisioning) | Timeout | Failure | Yes | No |
1968
+ | [Binding](#binding) | Timeout | Failure | No | Yes |
1969
+ | _All_ (except [Provisioning](#provisioning) and [Binding](#binding)) | Timeout | Failure | No | No |