Bug 1594665

Summary: Normal user cannot select shared OpenStack network during VM provision
Product: Red Hat CloudForms Management Engine Reporter: Imaan <ikaur>
Component: ProvisioningAssignee: Scott Seago <sseago>
Status: CLOSED CURRENTRELEASE QA Contact: Omri Hochman <ohochman>
Severity: high Docs Contact:
Priority: high    
Version: 5.9.0CC: cpelland, ikaur, jhajyahy, jhardy, jprause, maufart, obarenbo, simaishi, sseago
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.10.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1596249 (view as bug list) Environment:
Last Closed: 2019-02-11 14:02:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Openstack Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1596249    

Description Imaan 2018-06-25 07:13:43 UTC 
Description of problem:

A normal user cannot select shared OpenStack network during VM provision. 

Version-Release number of selected component (if applicable):

Red Hat CloudForms 4.6

How reproducible:100%

Steps to Reproduce:

1. Login To CloudForms Operational Portal with normal user.

2. Navigate to Compute -> Clouds -> Instances -> Lifecycle -> Provision VM 

3. Under environment tab, the shared network is not visible to a normal user. 

Actual results:

The shared OpenStack network is not visible to the normal user.

Expected results:

It should be visible.
Comment 5 Scott Seago 2018-06-26 13:35:13 UTC 
Aparently the code that went into the prior fix for this has all been removed. it used to be that only non-public networks were included in the list, and when that was modified to include public ones too, that code was ripped out. I'm currently digging into the code trying to understand how the list is generated -- it's no longer a simple query/method on the EMS or tenant -- it goes through MiqSearch.filtered with a bunch of arguments. It's got to be somewhere in the permissions filtering, since the full list shows up for admin.
Comment 9 Scott Seago 2018-06-27 20:43:55 UTC 
OK, I was able to reproduce these results in my own environment on the gaprindashvili branch -- admin user sees the shared networks not associated with the current tenant, but non-admin user sees the list filtered for the current tenant (I'm not sure if it's filtering for the *selected* tenant or the tenants associated with the user's permissions, though).

However, I was not able to reproduce the bug on master. There, I see all the shared tenants, even for the limited-permission user. In both cases, I was pointing to the same OpenStack instance.

From what we know so far, the problem was either introduced only on the gaprindashvili branch, or it was fixed on master after the branch was made. Unfortunately, so far, Sam and I have been unable to find any relevant code differences between the branches that would explain the difference.

I will keep digging into this, but there's no ETA as of yet, since I have not yet been able to locate the code change that is causing this.
Comment 10 Scott Seago 2018-06-28 12:41:04 UTC 
I found the difference between master and gaprindashvili that prevented the bug from reproducing on master. https://github.com/ManageIQ/manageiq/pull/17305 needs to be backported. That change fixes https://bugzilla.redhat.com/show_bug.cgi?id=1546535 which allowed shared networks to show up on the router create UI. Since the fix was done at the model level, it also fixes the same problem in the provisioning UI.
Comment 12 Jad Haj Yahya 2018-07-08 12:17:49 UTC 
Verified on 5.10.0.3