Description of problem: https://bugs.launchpad.net/aodh/+bug/1703824
When an unprivileged user want to access to Gnocchi resources created by Ceilometer, that doesn't work because the filter scope the Gnocchi query to resource owner to the user. This break Heat + Aodh with trust. Heat creates Aodh alarm with the user project. Ceilometer creates resources and metrics in Gnocchi with the service users. Aodh can't access to the resource of the user to evaluate the alarm.
*** Bug 1470167 has been marked as a duplicate of this bug. ***
*** Bug 1471234 has been marked as a duplicate of this bug. ***
We have also added your use case in upstream testing: https://review.openstack.org/#/c/459659/
A first pass indicates that this is successful. We have been able to create a Heat stack on OSP10 with OCP3.4 which scales both up and down when the load on the OCP app nodes is added and removed.
For the openshift-heat-templates, the update has been tested with the hotfix using OCP3.4 on OSP10: https://github.com/redhat-openstack/openshift-on-openstack/pull/374
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2653