From b83adbddcfc0c9540c91e2283016b53d63007679 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20Mu=CC=88ller?= <florian.mueller02@sap.com>
Date: Wed, 8 May 2019 17:19:23 +0200
Subject: [PATCH 1/3] Added instance_usable and update_repeatable flags

---
 spec.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/spec.md b/spec.md
index ebdaed37..9a9aaa9b 100644
--- a/spec.md
+++ b/spec.md
@@ -314,6 +314,8 @@ For error responses, the following fields are defined:
 | --- | --- | --- |
 | error | string | A single word in camel case that uniquely identifies the error condition. If present, MUST be a non-empty string. |
 | description | string | A user-facing error message explaining why the request failed. If present, MUST be a non-empty string. |
+| instance_usable | boolean | If an update or deprovisioning operation failed, this flag indicates whether or not the Service Instance is still usable. If `true`, the Service Instance can still be used, `false` otherwise. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
+| update_repeatable | boolean | If an update operation failed, this flag indicates whether this update can be repeated or not. If `true`, the same update operation MAY be repeated and MAY succeed; if `false`, repeating the same update operation will fail again. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
 
 ### Error Codes
 
@@ -782,6 +784,8 @@ For success responses, the following fields are defined:
 | --- | --- | --- |
 | state* | string | Valid values are `in progress`, `succeeded`, and `failed`. While `"state": "in progress"`, the Platform SHOULD continue polling. A response with `"state": "succeeded"` or `"state": "failed"` MUST cause the Platform to cease polling. |
 | description | string | A user-facing message that can be used to tell the user details about the status of the operation. If present, MUST be a non-empty string. |
+| instance_usable | boolean | If an update or deprovisioning operation failed, this flag indicates whether or not the Service Instance is still usable. If `true`, the Service Instance can still be used, `false` otherwise. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
+| update_repeatable | boolean | If an update operation failed, this flag indicates whether this update can be repeated or not. If `true`, the same update operation MAY be repeated and MAY succeed; if `false`, repeating the same update operation will fail again. This field MUST NOT be present for errors of other operations. Defaults to `true`. |
 
 \* Fields with an asterisk are REQUIRED.
 
@@ -1194,6 +1198,28 @@ Responses with any other status code MUST be interpreted as a failure.
 When the response includes a 4xx status code, the Service Broker MUST NOT
 apply any of the requested changes to the Service Instance.
 
+When an update fails, the Service Instance can still be usable or unusable
+or its state could be unknown to the Platform. If a Service Instance became
+unusable, another update MAY repair the Service Instance.
+The Platform SHOULD NOT allow the creation of new bindings of an unusable
+Service Instance until the instance has been deleted or repaired by a
+subsequent update.
+If the broker does not indicate in the
+[Error response](#service-broker-errors) or
+[Last Operation response](#polling-last-operation-for-service-instances)
+whether the Service Instance is usable or not, the Platform SHOULD assume
+it is still usable.
+
+A failed update might be repeatable. If the Service Broker
+indicates in the [Error response](#service-broker-errors) or
+[Last Operation response](#polling-last-operation-for-service-instances)
+that retrying this update does not make sense, the Platform SHOULD NOT
+repeat this update.
+For example, if a certain plan change is not supported by the
+Service Broker, all subsequent attempts will always fail, and the
+Platform SHOULD NOT retry this.
+Other updates MAY be possible.
+
 #### Body
 
 For success responses, the following fields are defined:
@@ -1675,6 +1701,14 @@ $ curl 'http://username:password@service-broker-url/v2/service_instances/:instan
 Responses with any other status code MUST be interpreted as a failure and the
 Platform MUST remember the Service Instance.
 
+When a deprovisioning fails, the Service Instance can still be usable or
+unusable or its state could be unknown. If a Service Instance became unusable,
+the Platform SHOULD NOT allow the creation of new bindings.
+If the broker does not indicate in the [Error response](#service-broker-errors)
+or [Last Operation response](#polling-last-operation-for-service-instances)
+whether the Service Instance is usable or not, the Platform SHOULD assume it is
+still usable.
+
 #### Body
 
 For success responses, the following fields are defined:

From e9e676c64805edbae849194abe68fc0ab0f7ba89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20Mu=CC=88ller?= <florian.mueller02@sap.com>
Date: Wed, 8 May 2019 17:25:18 +0200
Subject: [PATCH 2/3] Updated openapi and swagger files

---
 openapi.yaml | 8 ++++++++
 swagger.yaml | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/openapi.yaml b/openapi.yaml
index 534a34fa..71bf4c0a 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -745,6 +745,10 @@ components:
             - failed
         description:
           type: string
+        instance_usable:
+          type: boolean
+        update_repeatable:
+          type: boolean
 
     ServiceBindingResource:
       type: object
@@ -858,6 +862,10 @@ components:
           type: string
         description:
           type: string
+        instance_usable:
+          type: boolean
+        update_repeatable:
+          type: boolean 
 
   securitySchemes:
     basicAuth:
diff --git a/swagger.yaml b/swagger.yaml
index ed580cd2..84f68554 100644
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -569,6 +569,10 @@ definitions:
           - failed
       description:
         type: string
+      instance_usable:
+        type: boolean
+      update_repeatable:
+        type: boolean 
   ServiceBindingResource:
     type: object
     properties:
@@ -677,6 +681,10 @@ definitions:
         type: string
       description:
         type: string
+      instance_usable:
+        type: boolean
+      update_repeatable:
+        type: boolean 
 securityDefinitions:
   basicAuth:
     type: basic

From e914b8f68f888dc8199208e36c63d4d75237cd5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20Mu=CC=88ller?= <florian.mueller02@sap.com>
Date: Wed, 29 May 2019 10:06:59 +0200
Subject: [PATCH 3/3] Changed wording

---
 spec.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec.md b/spec.md
index c935c2bf..0985a3b7 100644
--- a/spec.md
+++ b/spec.md
@@ -1761,8 +1761,8 @@ Responses with any other status code MUST be interpreted as a failure and the
 Platform MUST remember the Service Instance.
 
 When a deprovisioning fails, the Service Instance can still be usable or
-unusable or its state could be unknown. If a Service Instance became unusable,
-the Platform SHOULD NOT allow the creation of new bindings.
+unusable or its state could be unknown. If a Service Instance becomes unusable,
+the Platform SHOULD NOT request new Service Bindings for that Service Instance.
 If the broker does not indicate in the [Error response](#service-broker-errors)
 or [Last Operation response](#polling-last-operation-for-service-instances)
 whether the Service Instance is usable or not, the Platform SHOULD assume it is