Bug 1386736

Summary: Groups unable to view workloads/hosts in OpenStack
Product: Red Hat CloudForms Management Engine Reporter: Krain Arnold <krain>
Component: ApplianceAssignee: Libor Pichler <lpichler>
Status: CLOSED CURRENTRELEASE QA Contact: Pavol Kotvan <pakotvan>
Severity: unspecified Docs Contact:
Priority: high    
Version: 5.6.0CC: abellott, cpelland, dclarizi, gtanzill, hkataria, jhardy, lpichler, mpovolny, obarenbo, vestival
Target Milestone: GAKeywords: TestOnly
Target Release: 5.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.8.0.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1395307 (view as bug list) Environment:
Last Closed: 2017-06-12 16:26:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Openstack Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1395307    
Attachments:
Description Flags
provider screenshot showing instance count
none
screenshot showing no visibility on instances none

Description Krain Arnold 2016-10-19 14:28:37 UTC 
Description of problem:
A tenant/group with visibility of an OpenStack environment are unable to view workloads in that environment, although they can view the number of workloads at the provider level.

Version-Release number of selected component (if applicable):
5.6.0.13.20160624114606_13a9153

How reproducible:
100%

Steps to Reproduce:
1. Create a user that maps to a group with a Role that has no VM & Template Access Restriction
2. under the group configuration, go to Hosts/Nodes&Clusters/Deployment Roles and select only the OSP items. (these can not be expanded for further granularity as with VmWare, only the top level box can be selected)
3.Change ownership of all existing workloads in the OSP provider to the new group.
4. Log in as the new user, select the provider, observe the number of workloads on the provider under "relationships" (see screenshot) and click it to view the workloads.

Actual results:
met with a screen that says: * You are not authorized to view other 17 Instances on this Cloud Providers (see screenshot)

Expected results:
The user should see the instances.

Additional info:
The hosts in the undercloud are likewise visible at the provider level (e.g. I can see the number) but when I click through the page reports: "* You are not authorized to view other 7 Hosts on this Infrastructure Providers"
Comment 2 Krain Arnold 2016-10-19 14:30:36 UTC 
Created attachment 1212172 [details]
provider screenshot showing instance count
Comment 3 Krain Arnold 2016-10-19 14:31:31 UTC 
Created attachment 1212173 [details]
screenshot showing no visibility on instances
Comment 8 CFME Bot 2016-11-15 15:31:35 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/8c2bd2fd5a990f85149f7ac56bebeaa6ecb5a559

commit 8c2bd2fd5a990f85149f7ac56bebeaa6ecb5a559
Author:     Gregg Tanzillo <gtanzill>
AuthorDate: Mon Nov 14 16:29:55 2016 -0500
Commit:     Oleg Barenboim <chessbyte>
CommitDate: Tue Nov 15 10:28:30 2016 -0500

    Merge pull request #12493 from lpichler/list_vms_when_filter_for_provider_is_selected
    
    List vms or templates when filter for provider is selected
    (cherry picked from commit 5f31cba8670907e7ca7964dee6498b01a45599d9)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1386736

 lib/rbac/filterer.rb           |  2 +-
 spec/lib/rbac/filterer_spec.rb | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)