Re: [Proposal] Sharing service instances across orgs and spaces

Mike Youngstrom

I wasn't thinking so much about making a service global or org scoped. I
was more thinking that as a CF admin I don't want to have to `
enable-service-sharing`anytime 2 orgs/spaces want to share services between
eachother. I was more thinking of a model like cf share-private-domain but
at space granularity where the user doing the sharing simply needs to be a
developer in both spaces.

Global or org scoped services is an interesting idea. But most of my org's
use cases could be covered with simple space to space sharing without CF
Admin intervention.


On Thu, Jun 29, 2017 at 10:34 AM, Matthew McNeeney <mmcneeney(a)>

One issue with Org Managers being responsible for enabling sharing is that
they may only be able to see one org, so should they have permissions to
share into another org that they are not a manger of?

Mike - that makes sense. We looked at the cf enable-service-access
command and thought about making some of the fields optional like they are
there so that there was a way to enable sharing more globally. Would you
want to enable sharing in your entire foundation, or in particular orgs or
particular spaces? Would you want to allow developers to share particular
services or maybe even particular plans that those services offer?

Thanks all for the feedback so far.

On Thu, Jun 29, 2017 at 4:35 PM Mike Youngstrom <youngm(a)> wrote:

As an admin I would prefer not to have to opt every org and space into
being able to share. Perhaps a global switch can be enabled for
installations that don't require that level of security?


On Thu, Jun 29, 2017 at 7:35 AM, Matthew McNeeney <mmcneeney(a)>

Many Cloud Foundry users have expressed a desire to share service
instances across orgs and spaces. Whilst this could be considered an
anti-pattern for some data services, there are many use cases for which the
ability to do this is important. Two examples are sharing config servers
and messaging queues.

The workarounds that exist today (e.g. creating user-provided services)
require credentials to be passed around in some out-of-band way and will
prevent the platform from being able to do things like automatic rotation
of credentials in the future.

We'd like to propose a new workflow that looks like this:


A SpaceDeveloper in the target org/space will only be able to
bind/unbind to/from the shared service instance, and running cf service
will show that the service instance has been shared.

To manage any security concerns around this, a CF admin would have to
enable one-way sharing between two spaces with a command like:


We'd love to hear feedback from the community on this proposal. If you
have any other use cases that this could help with, please let us know
about those too.


Join to automatically receive all group messages.