Note: lists.cloudfoundry.org will be down for maintenance on Monday, September 26th, starting at 9AM Pacific Time (4PM Monday September 26, 2022 UTC), for approximately one hour.
Re: CF CLI v6.35.0 Release Today - service instance sharing; client credentials
Dr Nic Williams <drnicwilliams@...>
Jay, to confirm, an admin will be able to share a service broker/service offering even if it’s not explicitly supported by the /v2/catalog?
From: cf-dev@... <cf-dev@...> on behalf of Jay Badenhope <jbadenhope@...>
Sent: Monday, March 12, 2018 6:16:51 PM
Subject: Re: [cf-dev] CF CLI v6.35.0 Release Today - service instance sharing; client credentials
Hi Dr Nic,
Building on Denise's response, we also empower the admin to enable/restrict sharing. There are two settings that must be true in order to enable service instance sharing:
1. At the global level: "To enable service instance sharing, an administrator must enable the `service_instance_sharing` flag." https://docs.cloudfoundry.org/devguide/services/sharing-instances.html#enabling
2. At the service level, as you mentioned, "Service brokers must explicitly enable service instance sharing by setting a flag in their service-level metadata object." https://docs.cloudfoundry.org/services/enable-sharing.html#enabling
I'm going to connect with my UAA colleagues and make sure we have a good answer to your question.
On Mon, Mar 12, 2018 at 3:24 AM, <dyu@...> wrote:
The decision to have service authors opt in was to account for the fact that some services may not be shareable out-of-the-box, primarily due to security considerations. Some brokers may currently be designed to only issue global read+write permissions, but authors may want to change their service permissions model if shareability is now on the cards, for example, read+write for SpaceDevs in the original space, but read-only for spaces that received the instance via sharing.