When configuring a OSP provider with keystone v3, with a properly configure "admin" user in the "Default" domain, it fails to refresh content from other domains. This is case 3 of https://github.com/ManageIQ/manageiq/issues/13236 putting fog.log into DEBUG, some examples: FAILURE EXAMPLE 1: [----] D, [2017-07-10T17:03:47.953859 #19855:84b138] DEBUG -- : excon.request {:uri=>"https://10.75.15.138:13000/v3/auth/tokens", :method=>"POST", :headers=> {"User-Agent"=>"fog-core/1.44.3", "Content-Type"=>"application/json", "Host"=>"10.75.15.138:13000"}, :body=> "{\"auth\":{\"identity\":{\"methods\":[\"password\"],\"password\":{\"user\":{\"password\":\"********\"},\"name\":\"cfadmin\"}}},\"scope\":{\"project\":{\"name\":\"Spirent_NFV\",\"domain\":{\"id\":\"Default\"}}}}}"} [----] E, [2017-07-10T17:03:48.002882 #19855:84b138] ERROR -- : excon.error #<Excon::Error::Unauthorized: Expected([201]) <=> Actual(401 Unauthorized) excon.error. FAILURE EXAMPLE 2: [----] D, [2017-07-10T17:03:49.073050 #19855:84b138] DEBUG -- : excon.request {:uri=>"https://10.75.15.138:13000/v3/auth/tokens", :method=>"POST", :headers=> {"User-Agent"=>"fog-core/1.44.3", "Content-Type"=>"application/json", "Host"=>"10.75.15.138:13000"}, :body=> "{\"auth\":{\"identity\":{\"methods\":[\"password\"],\"password\":{\"user\":{\"password\":\"********\"},\"name\":\"cfadmin\"}}},\"scope\":{\"project\":{\"name\":\"VDSI_VNF_ONBOARDING_TESTI NG\",\"domain\":{\"id\":\"Default\"}}}}}"} [----] E, [2017-07-10T17:03:49.112364 #19855:84b138] ERROR -- : excon.error #<Excon::Error::Unauthorized: Expected([201]) <=> Actual(401 Unauthorized) excon.error.response :body => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}" :cookies => [ ] :headers => { SUCCESS EXAMPLE 1: [----] D, [2017-07-10T17:03:49.119872 #19855:84b138] DEBUG -- : excon.request {:uri=>"https://10.75.15.138:13000/v3/auth/tokens", :method=>"POST", :headers=> {"User-Agent"=>"fog-core/1.44.3", "Content-Type"=>"application/json", "Host"=>"10.75.15.138:13000"}, :body=> "{\"auth\":{\"identity\":{\"methods\":[\"password\"],\"password\":{\"user\":{\"password\":\"********\"},\"name\":\"cfadmin\"}}},\"scope\":{\"project\":{\"name\":\"admin\",\"domain\":{\"id\":\"Default\"}}}}}"} [----] D, [2017-07-10T17:03:49.312940 #19855:84b138] DEBUG -- : excon.response {:status=>201, :headers=> {"X-Subject-Token"=>"fc8b698ca55a4e55a1d3f15d18e5c1a9", "Vary"=>"X-Auth-Token", "Content-Type"=>"application/json", "Content-Length"=>"6586", ......
This should work as implemented "The provider you are creating will be able to see projects for the given domain only. To see projects for other domains, add it as another cloud provider." [1] If we need change the behaviour to make inventory/projects visible for all domains, we can discuss it as a RFE (similar to Openstack discovery). [1] http://manageiq.org/docs/reference/latest/doc-Managing_Providers/miq/#adding_openstack_cloud_providers
Closing not a bug since described in Comment #2. Open RFE if the solution is not acceptable.