> When scoped to a particular OSP project (OS_PROJECT_NAME=demo2
,OS_USERNAME=demo2) a 'gnocchi metric list' shows metrics from the current project and from other projects.  

It should not unless the user is admin. Can you provide more information on what you do exactly? What command you types and what the output is?

Created attachment 1323452 [details]
gnocchi command example

The attachment shows a series of commands that demonstrate that you can see metrics from a project that you are not currently scoped to.  This was done on OSP 11.  It does mimic the behavior that my customer is seeing in OSP 10, however.  

The customer expects to see only the metrics for the current project when doing a 'gnocchi metric list.'

Thanks Chris for the detailled output. There is indeed an ACL matching problem on this request where the user is not used correctly as a filter.

I've pushed a fix upstrean and will backport it to OSP10 and OSP11.

Chris,

I've been able to reproduce the bug on master (OSP13), Gnocchi 4.0 (OSP12) and Gnocchi 3.1 (OSP11) and pushed a fix upsream for those version. However, I was unable to reproduce it on Gnocchi 3.0 (OSP10).

Your log being based on OSP11, can you provide me an identical log on OSP10?
Maybe it's just me missing a corner case or something, but it does not jump at my face.

Julien, I'm spinning up OSP10 to try it myself.  If I can't reproduce it I'll get back in touch w/my customer who originally reported this to try to re-produce.  Should have some results by the beginning of next week.

Thanks Chris, you rock.

I could not duplicate this in OSP 10 either.  It does look like I'm running into this instead: https://bugzilla.redhat.com/show_bug.cgi?id=1487619.  

My customer says they saw this (1486027) bug, but it does not look like they will be running gnocchi on OSP 10 now so I don't have a place w/the customer to re-produce.

Thanks Chris, that confirms what I thought! Closing in favor of the other BZ.