Hi Daniel,

The purpose of the Associate User with the Organization endpoint is to add
a user to an organization. This endpoint needs to be called before a user
can be added to the organization's spaces. This is why the CLI
automatically adds the user to the organization's user list.

Associate Managed Organization with the User is the same call as Associate
Manager with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_manager_with_the_organization.html>,
but it uses the relation starting from the user rather than the
organization. We don't recommend using this endpoint, as only admins have
full access to the users list, and they may not be able to look the user up
this way. We have stories in our backlog to address this.

The CF Runtime Team,
Utako && Dan


On Thu, May 28, 2015 at 12:38 AM, Daniel Jones <
daniel.jones(a)engineerbetter.com> wrote:

Hi all,

I'm working on some automation for my client to declaratively configure
orgs and spaces across multiple Cloud Foundry instances (hopefully they'll
permit open-sourcing this).

I erroneously tried to set a user as an OrgManager by first calling Associate
Managed Organization with the User
<http://apidocs.cloudfoundry.org/210/users/associate_managed_organization_with_the_user.html>;
after getting InvalidRelation errors I used CF_TRACE to spy on the CLI, and
realised that it instead uses Associate Manager with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_manager_with_the_organization.html>
.

I've got a few questions:

- What's the purpose of the Associate User with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_user_with_the_organization.html> CC
API call?


- If I don't call Associate User with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_user_with_the_organization.html>,
what effects can I expect to see?


- Is Associate User with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_user_with_the_organization.html> something
that only exists for the benefit of the Pivotal console app?


- What's the correct usage of Associate Managed Organization with the
User
<http://apidocs.cloudfoundry.org/210/users/associate_managed_organization_with_the_user.html>
?

Admin
Adding a user to an org
Adding user as manager to org
Adding user to manager list

Not an admin

Many thanks in advance.

--
Regards,

Daniel Jones
EngineerBetter.com

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Yes, we'd recommend using only the role methods on the organization
resource as a general rule.

Those roles are org specific so yes the association only exists to
facillitate granting of org roles. I'm not sure if that answers your
question?

The /v2 end points have a certain amount of difficult to change meta
magic. It's a known issue that deletes are returning 201's but it is
actually surprisingly hard to fix.
We'll address this as things move over to /v3 end points.

-Dieu

On Fri, May 29, 2015 at 1:59 AM, Daniel Jones <
daniel.jones(a)engineerbetter.com> wrote:

Thanks for the clarification.

Would you recommend using only the role methods on the organization
resource (as opposed to on /users/) as a general rule?

Just for my own understanding, would it be correct to say the org-user
association exists under the hood to facilitate the granting of org roles?
Does this association get used anywhere other than determining roles on
orgs? I know it sounds like a bit of a daft question, but I'd always
assumed users and orgs were linked *only* if they had a role.

Is it intentional that Remove Auditor from the Organization
<http://apidocs.cloudfoundry.org/210/organizations/remove_auditor_from_the_organization.html> returns
a "201 Created" for a delete request?

On Fri, May 29, 2015 at 12:20 AM, CF Runtime <cfruntime(a)gmail.com> wrote:

Hi Daniel,

The purpose of the Associate User with the Organization endpoint is to
add a user to an organization. This endpoint needs to be called before a
user can be added to the organization's spaces. This is why the CLI
automatically adds the user to the organization's user list.

Associate Managed Organization with the User is the same call as Associate
Manager with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_manager_with_the_organization.html>,
but it uses the relation starting from the user rather than the
organization. We don't recommend using this endpoint, as only admins have
full access to the users list, and they may not be able to look the user up
this way. We have stories in our backlog to address this.

The CF Runtime Team,
Utako && Dan


On Thu, May 28, 2015 at 12:38 AM, Daniel Jones <
daniel.jones(a)engineerbetter.com> wrote:

Hi all,

I'm working on some automation for my client to declaratively configure
orgs and spaces across multiple Cloud Foundry instances (hopefully they'll
permit open-sourcing this).

I erroneously tried to set a user as an OrgManager by first calling Associate
Managed Organization with the User
<http://apidocs.cloudfoundry.org/210/users/associate_managed_organization_with_the_user.html>;
after getting InvalidRelation errors I used CF_TRACE to spy on the CLI, and
realised that it instead uses Associate Manager with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_manager_with_the_organization.html>
.

I've got a few questions:

- What's the purpose of the Associate User with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_user_with_the_organization.html> CC
API call?


- If I don't call Associate User with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_user_with_the_organization.html>,
what effects can I expect to see?


- Is Associate User with the Organization
<http://apidocs.cloudfoundry.org/210/organizations/associate_user_with_the_organization.html> something
that only exists for the benefit of the Pivotal console app?


- What's the correct usage of Associate Managed Organization with
the User
<http://apidocs.cloudfoundry.org/210/users/associate_managed_organization_with_the_user.html>
?

Admin
Adding a user to an org
Adding user as manager to org
Adding user to manager list

Not an admin

Many thanks in advance.

--
Regards,

Daniel Jones
EngineerBetter.com

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Regards,

Daniel Jones
EngineerBetter.com

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev