Bug 1629125

Summary: OSP domain user seen objects from other domain tenants
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: ProvidersAssignee: Marek Aufart <maufart>
Status: CLOSED ERRATA QA Contact: Jadh <jhajyahy>
Severity: medium Docs Contact:
Priority: high    
Version: 5.9.0CC: cpelland, dmetzger, gblomqui, jfrey, jhajyahy, jhardy, jprause, maufart, obarenbo
Target Milestone: GAKeywords: ZStream
Target Release: 5.9.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.9.5.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1593923 Environment:
Last Closed: 2018-11-05 13:59:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Openstack Target Upstream Version:
Bug Depends On: 1593923    
Bug Blocks:    

Comment 2 CFME Bot 2018-09-24 14:28:12 UTC
New commit detected on ManageIQ/manageiq-providers-openstack/gaprindashvili:

https://github.com/ManageIQ/manageiq-providers-openstack/commit/8ad0a3d9ca5a4dd6e3ef4a167fa138276b1b44cc
commit 8ad0a3d9ca5a4dd6e3ef4a167fa138276b1b44cc
Author:     Samuel Lucidi <mansam@csh.rit.edu>
AuthorDate: Tue Sep 11 12:52:33 2018 -0400
Commit:     Samuel Lucidi <mansam@csh.rit.edu>
CommitDate: Tue Sep 11 12:52:33 2018 -0400

    Merge pull request #342 from aufi/domain_projects_scope

    Filter Keystone Projects by domain_id

    (cherry picked from commit 54ab551ba88f40a03093958520cfe79dd325a53f)

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1629125

 lib/manageiq/providers/openstack/legacy/openstack_handle/identity_delegate.rb | 3 +-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comment 3 Jadh 2018-10-08 12:40:27 UTC
Hi,

Could you please provide steps to reproduce

Thanks

Comment 4 Marek Aufart 2018-10-10 12:22:18 UTC
OSP side:
Setup OSP environment with multiple domains (default + one other) including at least one project per domain, make the admin user to be an admin on both domains.
Boot a VM in default domain and one VM in the other domain.

CF:
Add OSP provider with one of domains (keystonev3), after refresh, you should be able see only VM from the domain entered in provider form (not from the other one).

Comment 5 Jadh 2018-10-11 12:09:03 UTC
Verified on 5.9.5.0 over rhos 13

Comment 7 errata-xmlrpc 2018-11-05 13:59:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3466