Managing Service Brokers

Page last updated: December 4, 2015

This page assumes you are using cf CLI v6.

In order to run any of the commands below, you must be authenticated with Cloud Foundry as an admin user.

Quick Start

Given a service broker that has implemented the Service Broker API, two steps are required to make its services available to end users.

  1. Register a Broker
  2. Make Plans Public

Register a Broker

Registering a broker causes Cloud Controller to fetch and validate the catalog from your broker, and save the catalog to the Cloud Controller database. The basic auth username and password which are provided when adding a broker are encrypted in Cloud Controller database, and used by the Cloud Controller to authenticate with the broker when making all API calls. Your service broker should validate the username and password sent in every request; otherwise, anyone could curl your broker to delete service instances.

$ cf create-service-broker mybrokername someuser somethingsecure http://mybroker.example.com/

Make Plans Public

New service plans are private by default. To make plans available to end users, see Make Plans Public. Instances of a private plan can not be provisioned until either the plan is made public or is made available to an organization.

Multiple Brokers, Services, Plans

Many service brokers may be added to a Cloud Foundry instance, each offering many services and plans. The following constraints should be kept in mind:

  • It is not possible to have multiple brokers with the same name
  • It is not possible to have multiple brokers with the same base URL
  • The service ID and plan IDs of each service advertised by the broker must be unique across Cloud Foundry. GUIDs are recommended for these fields.

See Possible Errors below for error messages and what do to when you see them.

List Service Brokers

$ cf service-brokers
Getting service brokers as admin...Cloud Controller
OK

Name            URL
my-service-name http://mybroker.example.com

Update a Broker

Updating a broker is how to ingest changes a broker author has made into Cloud Foundry. Similar to adding a broker, update causes Cloud Controller to fetch the catalog from a broker, validate it, and update the Cloud Controller database with any changes found in the catalog.

Update also provides a means to change the basic auth credentials cloud controller uses to authenticate with a broker, as well as the base URL of the broker’s API endpoints.

$ cf update-service-broker mybrokername someuser somethingsecure http://mybroker.example.com/

Rename a Broker

A service broker can be renamed with the rename-service-broker command. This name is used only by the Cloud Foundry operator to identify brokers, and has no relation to configuration of the broker itself.

$ cf rename-service-broker mybrokername mynewbrokername

Remove a Broker

Removing a service broker will remove all services and plans in the broker’s catalog from the Cloud Foundry Marketplace.

$ cf delete-service-broker mybrokername

Note: Attempting to remove a service broker will fail if there are service instances for any service plan in its catalog. When planning to shut down or delete a broker, make sure to remove all service instances first. Failure to do so will leave orphaned service instances in the Cloud Foundry database. If a service broker has been shut down without first deleting service instances, you can remove the instances with the CLI; see Purge a Service.

Purge a Service

If a service broker has been shut down or removed without first deleting service instances from Cloud Foundry, you will be unable to remove the service broker or its services and plans from the Marketplace. In development environments, broker authors often destroy their broker deployments and need a way to clean up the Cloud Controller database.

The following command will delete a service offering, all of its plans, as well as all associated service instances and bindings from the Cloud Controller database, without making any API calls to a service broker. For services from v1 brokers, you must provide a provider with -p PROVIDER. Once all services for a broker have been purged, the broker can be removed normally.

$ cf purge-service-offering v1-test -p pivotal-software
Warning: This operation assumes that the service broker responsible for this
service offering is no longer available, and all service instances have been
deleted, leaving orphan records in Cloud Foundry's database. All knowledge of
the service will be removed from Cloud Foundry, including service instances and
service bindings. No attempt will be made to contact the service broker; running
this command without destroying the service broker will cause orphan service
instances. After running this command you may want to run either
delete-service-auth-token or delete-service-broker to complete the cleanup.

Really purge service offering v1-test from Cloud Foundry? y
OK

purge-service-offering requires cf-release v160 and edge of cf CLI 6.0.2.

Purge a Service Instance

The following command will delete a single service instance, its service bindings and its service keys from the Cloud Controller database, without making any API calls to a service broker. This can be helpful in instances a Service Broker is not conforming to the Service Broker API and not returning a 200 or 410 to requests to delete the service instance.

$ cf purge-service-instance mysql-dev
WARNING: This operation assumes that the service broker responsible for this 
service instance is no longer available or is not responding with a 200 or 410, 
and the service instance has been deleted, leaving orphan records in Cloud 
Foundry's database. All knowledge of the service instance will be removed from 
Cloud Foundry, including service bindings and service keys.

Really purge service instance mysql-dev from Cloud Foundry?> y
Purging service mysql-dev...
OK

purge-service-instance requires cf-release v218 and cf CLI 6.14.0.

Possible Errors

If incorrect basic auth credentials are provided:

Server error, status code: 500, error code: 10001, message: Authentication 
failed for the service broker API.
Double-check that the username and password are correct:
    http://github-broker.a1-app.cf-app.com/v2/catalog

If you receive the following errors, check your broker logs. You may have an internal error.

Server error, status code: 500, error code: 10001, message:
    The service broker response was not understood

Server error, status code: 500, error code: 10001, message:
    The service broker API returned an error from
    http://github-broker.a1-app.cf-app.com/v2/catalog: 404 Not Found

Server error, status code: 500, error code: 10001, message:
    The service broker API returned an error from
    http://github-broker.primo.cf-app.com/v2/catalog: 500 Internal Server Error

If your broker’s catalog of services and plans violates validation of presence, uniqueness, and type, you will receive meaningful errors.

Server error, status code: 502, error code: 270012, message: Service broker catalog is invalid:
Service service-name-1
  service id must be unique
  service description is required
  service "bindable" field must be a boolean, but has value "true"
  Plan plan-name-1
    plan metadata must be a hash, but has value [{"bullets"=>["bullet1", "bullet2"]}]