Bug 1593923

Summary: OSP domain user seen objects from other domain tenants
Product: Red Hat CloudForms Management Engine Reporter: Saif Ali <saali>
Component: ProvidersAssignee: Marek Aufart <maufart>
Status: CLOSED CURRENTRELEASE QA Contact: Omri Hochman <ohochman>
Severity: medium Docs Contact:
Priority: high    
Version: 5.9.0CC: cpelland, dmetzger, gblomqui, jfrey, jhajyahy, jhardy, jprause, maufart, obarenbo, simaishi
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.10.0.15 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1629125 (view as bug list) Environment:
Last Closed: 2019-02-11 14:01:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Openstack Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1578510, 1629125    

Description Saif Ali 2018-06-21 20:17:40 UTC 
Description of problem:
On OSP side we have multiple domains "local domain, and AD domain", we created local domain account with the admin role in the local domain, and also has admin role on AD domain. 

We added OSP to CloudForms using that account and we use the AD domain ID. 


Version-Release number of selected component (if applicable):
4.6

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
The user can see all the objects in OSP side except the instances.

Expected results:
The user should only see objects within the AD domain

Additional info:
Comment 8 Marek Aufart 2018-09-04 11:48:04 UTC 
https://github.com/ManageIQ/manageiq-providers-openstack/pull/342
Comment 9 CFME Bot 2018-09-11 16:53:31 UTC 
New commit detected on ManageIQ/manageiq-providers-openstack/master:

https://github.com/ManageIQ/manageiq-providers-openstack/commit/34b7d6e0d9f55da72207dbe7f447eedb2d5ee8fc
commit 34b7d6e0d9f55da72207dbe7f447eedb2d5ee8fc
Author:     Marek Aufart <maufart>
AuthorDate: Tue Sep  4 07:41:50 2018 -0400
Commit:     Marek Aufart <maufart>
CommitDate: Tue Sep  4 07:41:50 2018 -0400

    Filter Keystone Projects by domain_id

    OpenStack provides list of all projects accessible for a user.
    MIQ allows to specify domain_id in Add provider form, so it is
    expected see only project within such domain.

    Filtering of projects available for the user by domain_id was added.

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1593923

 lib/manageiq/providers/openstack/legacy/openstack_handle/identity_delegate.rb | 3 +-
 1 file changed, 2 insertions(+), 1 deletion(-)
Comment 11 Jad Haj Yahya 2018-11-18 15:50:58 UTC 
Verified on 5.10.0.24