Will service brokers need to change in order to support this feature?
toggle quoted messageShow quoted text
A related question for the community: are there services in the wild that
would break if a single service instance were bound to apps in different
On Thu, Jun 29, 2017 at 6:46 AM, DHR <lists(a)dhrapson.com> wrote:
I really like the proposal, especially in support of using messaging
systems between microservices.
It would be great if we could avoid reliance on central admins for
enabling service sharing between spaces though. Could we rely on Org
Manager permissions for enabling this?
Something like: the source space Org Manager advertising the service
instance for use in a specific target space, after which the target space
Org Manager can choose to 'import' it, after which it is visible in the
target space for binding, etc
On 29 Jun 2017, at 14:35, Matthew McNeeney <mmcneeney(a)pivotal.io> wrote:
Many Cloud Foundry users have expressed a desire to share service
instances across orgs and spaces. Whilst this could be considered an
anti-pattern for some data services, there are many use cases for which the
ability to do this is important. Two examples are sharing config servers
and messaging queues.
The workarounds that exist today (e.g. creating user-provided services)
require credentials to be passed around in some out-of-band way and will
prevent the platform from being able to do things like automatic rotation
of credentials in the future.
We'd like to propose a new workflow that looks like this:
$ cf share-service SERVICE_INSTANCE TARGET_ORG TARGET_SPACE
A SpaceDeveloper in the target org/space will only be able to bind/unbind
to/from the shared service instance, and running cf service will show
that the service instance has been shared.
To manage any security concerns around this, a CF admin would have to
enable one-way sharing between two spaces with a command like:
$ cf enable-service-sharing SERVICE SOURCE_ORG SOURCE_SPACE TARGET_ORG
We'd love to hear feedback from the community on this proposal. If you
have any other use cases that this could help with, please let us know
about those too.