Bug 1629125

Summary: OSP domain user seen objects from other domain tenants
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: ProvidersAssignee: Marek Aufart <maufart>
Status: CLOSED ERRATA QA Contact: Jadh <jhajyahy>
Severity: medium Docs Contact:
Priority: high    
Version: 5.9.0CC: cpelland, dmetzger, gblomqui, jfrey, jhajyahy, jhardy, jprause, maufart, obarenbo
Target Milestone: GAKeywords: ZStream
Target Release: 5.9.5   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1593923 Environment:
Last Closed: 2018-11-05 13:59:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Openstack Target Upstream Version:
Bug Depends On: 1593923    
Bug Blocks:    

Comment 2 CFME Bot 2018-09-24 14:28:12 UTC
New commit detected on ManageIQ/manageiq-providers-openstack/gaprindashvili:

commit 8ad0a3d9ca5a4dd6e3ef4a167fa138276b1b44cc
Author:     Samuel Lucidi <mansam@csh.rit.edu>
AuthorDate: Tue Sep 11 12:52:33 2018 -0400
Commit:     Samuel Lucidi <mansam@csh.rit.edu>
CommitDate: Tue Sep 11 12:52:33 2018 -0400

    Merge pull request #342 from aufi/domain_projects_scope

    Filter Keystone Projects by domain_id

    (cherry picked from commit 54ab551ba88f40a03093958520cfe79dd325a53f)

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1629125

 lib/manageiq/providers/openstack/legacy/openstack_handle/identity_delegate.rb | 3 +-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comment 3 Jadh 2018-10-08 12:40:27 UTC

Could you please provide steps to reproduce


Comment 4 Marek Aufart 2018-10-10 12:22:18 UTC
OSP side:
Setup OSP environment with multiple domains (default + one other) including at least one project per domain, make the admin user to be an admin on both domains.
Boot a VM in default domain and one VM in the other domain.

Add OSP provider with one of domains (keystonev3), after refresh, you should be able see only VM from the domain entered in provider form (not from the other one).

Comment 5 Jadh 2018-10-11 12:09:03 UTC
Verified on over rhos 13

Comment 7 errata-xmlrpc 2018-11-05 13:59:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.