Hi all,

Good proposal, it rises some questions:

* Org1 probably pays money for the service and when sharing the service to Org2 the payment should be shared as well --> how can this be structured?
* You say: " To manage any security concerns around this, a CF admin would have to enable one-way sharing between two spaces" --> I see it more like: Org2 admin says to Org1 admin: "I'm interested in using service ABC (and I'm ready to pay my part for it)". If they both agree, Org2 admin enables sharing from Org1 to Org2. After that Org1 admin (or a Org1 developer) shares Org1 service instance to Org2.
* --> I believe that sharing services can be done by a developer but it is actually an admin decision due to the costs impact

Sergio

From: Christopher Brown [mailto:cbrown(a)pivotal.io]
Sent: יום ג 29 אוגוסט 2017 20:22
To: Discussions about Cloud Foundry projects and the system overall. <cf-dev(a)lists.cloudfoundry.org>
Subject: [cf-dev] Re: [Proposal] Sharing service instances across orgs and spaces

Hi there,

Interesting proposal, thank you for suggesting it! I have a few questions around some of the practicalities:

* How would shared services count towards the service instance quotas in the respective spaces?
* Does the ability to share a service into a space that you do not have access to cause a sensitive information leak? e.g. I can try and share a service into organizations and spaces until it is successful which confirms the existence of that organization, space, and possibly service name.
* Does the ability to share a service into a space that you do not have access to open developers up to abuse where someone else shares malicious services into their spaces?
At the risk of the configuration becoming tedious: perhaps space developers should be able to configure where they can accept service sharing requests from?

Christopher

On Thu, Jun 29, 2017 at 6:35 AM, Matthew McNeeney <mmcneeney(a)pivotal.io<mailto:mmcneeney(a)pivotal.io>> wrote:
Many Cloud Foundry users have expressed a desire to share service instances across orgs and spaces. Whilst this could be considered an anti-pattern for some data services, there are many use cases for which the ability to do this is important. Two examples are sharing config servers and messaging queues.

The workarounds that exist today (e.g. creating user-provided services) require credentials to be passed around in some out-of-band way and will prevent the platform from being able to do things like automatic rotation of credentials in the future.

We'd like to propose a new workflow that looks like this:

$ cf share-service SERVICE_INSTANCE TARGET_ORG TARGET_SPACE

A SpaceDeveloper in the target org/space will only be able to bind/unbind to/from the shared service instance, and running cf service will show that the service instance has been shared.

To manage any security concerns around this, a CF admin would have to enable one-way sharing between two spaces with a command like:

$ cf enable-service-sharing SERVICE SOURCE_ORG SOURCE_SPACE TARGET_ORG TARGET_SPACE


We'd love to hear feedback from the community on this proposal. If you have any other use cases that this could help with, please let us know about those too.

Matt