Bug 1102273

Summary: Multiple domain scopes interfere with each other
Product: OpenShift Online Reporter: Jordan Liggitt <jliggitt>
Component: PodAssignee: Jordan Liggitt <jliggitt>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.xCC: jhou, jokerman, mmccomas, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1102303 (view as bug list) Environment:
Last Closed: 2014-07-15 10:29:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1102303    

Description Jordan Liggitt 2014-05-28 16:21:48 UTC 
Description of problem:

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create three domains, each containing an application (with id's '1', '2', and '3' for example)
2. Create an authorization token containing view scopes for two of the domains: 
"domain/1/view domain/2/view"
3. Using the auth token, GET "/broker/rest/domains".
4. Using the auth token, GET "/broker/rest/applications".

Actual results:
Two domains are returned
One application is returned

Expected results:
Two domains are returned
Two applications are returned


Additional info:
Comment 1 Jordan Liggitt 2014-05-28 17:32:44 UTC 
Will merge in https://github.com/openshift/origin-server/pull/5455
Comment 2 openshift-github-bot 2014-05-28 18:38:41 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/748f6211b5e178fa1fe7717bc739a6edfc287886
Bug 1102273: Make domain scopes additive
Comment 3 Jianwei Hou 2014-05-29 08:59:52 UTC 
Steps:
1. Create 3 domains
2. Create 1 app for each domain
3. Create one view scope token for two of the domains.
rhc authorization-add --scope "domain/53872af8fa04afeaac000002/view domain/53872b0bfa04afeaac000003/view"
4. Retrieve all domains using the token
curl -k -s -H 'Authorization: Bearer d76000c1d6ad455566c8c4eadba7940ca172d52d8d7c6441bef80267ae0443ed' https://ec2-23-22-78-16.compute-1.amazonaws.com/broker/rest/domains | json_reformat
5. Retrieve all apps using the token
curl -k -s -H 'Authorization: Bearer d76000c1d6ad455566c8c4eadba7940ca172d52d8d7c6441bef80267ae0443ed' https://ec2-23-22-78-16.compute-1.amazonaws.com/broker/rest/applications | json_reformat

Result:
After step 4: 2 domains are listed
After step 5: 2 apps are listed