cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry

Handle `organization_user` role more transparently

Open svkrieger opened this issue 1 year ago • 1 comments

What's the user value of this feature request? Transparent handling of the organization_user role and with that less confusion and better usability.

Who is the functionality for? Users who have org_manager or space_manager rights and assign space roles to users.

How often will this functionality be used by the user? Quite frequently. Onboarding new developers to a space, or creating new orgs and spaces including rights for users is happening very often.

Who else is affected by the change? The feature is backwards compatible in the first place.

Is your feature request related to a problem? Please describe. When assigning a space role via set-space-role the CF CLI implicitly creates the organization_user role in the background. When removing the space role again, the organization_user role remains and is not easily removable by unset-org-role. Currently cf curl -X DELETE /v3/roles... needs to be used to remove the role.

Describe the solution you'd like The role concept would be easier to understand if I have to first assign the organization_user role via set-org-role <user> <org> OrgUser, before assigning a space role via set-space-role. If I want to remove the user completely I can then first remove the assigned space roles via unset-space-role and then remove the organization_user role with unset-org-role <user> <org> OrgUser.

It would be great if the automatic creation of the org user role could be removed from the set-space-role command. But this would require users to add an additional command to create the org user role before assigning the space role.

Describe alternatives you've considered None

Additional context There is already an open issue (https://github.com/cloudfoundry/cli/issues/2121), but it seems related to the V2 API, which back then assigned the organization_user role automatically when assigning an org role to a user. This is no longer the case with the V3 API. As CF CLI v7 and v8 use the V3 API, I thought it is better to open a new issue. (I think the old one could be closed, because the V2 API is no longer relevant for CF CLI)

Additionally I opened an issue on the CC (https://github.com/cloudfoundry/cloud_controller_ng/issues/3377), where I suggest allowing to assign space roles to users, who have any org role (e.g. Org Manager) and don't require that the user has the organization_user role. This is somewhat related, but the change, which I suggested here, could be realised independently.

svkrieger avatar Aug 07 '23 13:08 svkrieger