How to handle API key regeneration on service bind in Bluemix Watson Visual Recognition?

Question

I've got a Watson Visual Recognition service bound to a Bluemix Application. I'm managing the application deploy using blue-green deploy with a smoke test.

One of the checks I'm including in the smoke test is function which depends on the Visual Recognition service. Because the smoke test runs immediately after deployment, and because it looks like the Visual Recognition service API key is regenerated on rebind - and then takes a little while to become valid - the smoke test fails. The wait to become valid is documented, but it's causing a headache. I've tried two workarounds:

• Add a retry-loop in my code to wait until the Visual Recognition service key is valid. My smoke test can then call this, ensuring that nothing gets pushed to live until it's got a valid key. I can see that the key becomes valid for free calls relatively quickly (within about 30s), but then it takes a couple of minutes to attach to entitlement for paid calls. Waiting for the key to be valid for paid calls adds about five minutes to my deployments, which isn't ideal, since our team push many times a day and the deployments can start to back up.
• Create permanent credentials and use a user-provided service to bind them to my application. This means deployments can start using that key immediately, which is good, but I've bypassed the normal service binding mechanism, which seems wrong.

Is there an option I've missed?

Answer 1

If the service is resetting your credentials, I would run in "unbound mode."

From the CF docs, binding a service to an application is defined by the following:

Binding a service instance to your application triggers credentials to be provisioned for the service instance and delivered to the application runtime in the VCAP_SERVICES environment variable. For details on consuming these credentials with your application, see Using Bound Service Instances.

It provides a useful way to manage and consume your service instances via the VCAP_SERVICES environment variable.

If rebinding a service takes >=5 minutes, resets your credentials, and is overall an inconvenience for your deployment process, I would unbind it from your application and access the credentials through a user-provided environment variable.