Description of problem: OpenStack provider is listing all the key pairs which are not part of the tenant user which we are using to login. Example: When we try to login to cloudforms using user: naseej which is part of Naseej-Group (Tenant:test-naseej tenant ) we see all the key pairs which are not part of "test-naseej" tenant. All the key pairs created for other tenants are also listed. We confirmed the same after logging in to Horizon using "test-naseej" user and we do not see key pairs in horizon. Version-Release number of selected component (if applicable): 5.9.1.2 Steps to Reproduce: 1. Login to cloudforms operational portal. 2. Navigate to Compute -> Clouds -> Instance 3. Select Lifecycle and Provision Instances 4. Select Properties tab 5. We will see all the tkey pairs for other tenants here. Actual results: All the key pairs are listed Expected results: Only key pairs for the particular tenant should be listed
Omri, Can you please try to re-create this issue in latest cfme 5.9.3.1 Thanks - Sudhir
(In reply to Sudhir Mallamprabhakara from comment #4) > Omri, Can you please try to re-create this issue in latest cfme 5.9.3.1 > > Thanks > - Sudhir This issue reproduced on 5.9.3.1
https://github.com/ManageIQ/manageiq-schema/pull/237
https://github.com/ManageIQ/manageiq/pull/17731
https://github.com/ManageIQ/manageiq/pull/17732
I spoke with the customer, here is the summary : The issue they highlighted : - Keypairs created by OpenStack users are not discovered by cloudforms except admin user (admin = user used to integrate OpenStack with cfme) - The customer has multiple tenants in OpenStack, they want to give tenant level access to their end customer from cloudforms, since only admin user created keypairs are visible in cloudforms and there is no filtering (tagging is one option, but he says it is difficult to manage tags for large env), they are stuck. - The customer expecting a proper keypair management in cloudforms, keypairs mapping feature, keypairs separation at tenant level. Suggestion : 1. by default disable visibility to keypairs collected from OpenStack inventory to all users except to superadmin user. 2. Add a mapping feature for keypair, where admin can decide which keypairs to get visible to which user/group/tenant. 3. Add an option in keypair create dialog that would ask username/groupname/ tenant to which the keypair will be mapped. or some mapping between tenant and keypairs. ------------ not sure if this highlighted that "Add New Key Pair" under cloud > key pairs, doest have option to download private key generated. I updated the bz with same info. Let me know if any additional information needed from the customer.
New commit detected on ManageIQ/manageiq-schema/master: https://github.com/ManageIQ/manageiq-schema/commit/7e5f1f660caa3714004c1d5b98653a8c566823af commit 7e5f1f660caa3714004c1d5b98653a8c566823af Author: Adam Grare <agrare> AuthorDate: Thu Jul 19 12:37:04 2018 -0400 Commit: Adam Grare <agrare> CommitDate: Thu Jul 19 12:37:04 2018 -0400 Add Owner/Group/Tenant to Authentication Add foreign keys for evm_owner, miq_group, and tenant to the authentications table to allow ownership of key pairs by users, groups, and tenants. https://bugzilla.redhat.com/show_bug.cgi?id=1589766 db/migrate/20180719162710_add_owner_and_group_to_auth.rb | 13 + 1 file changed, 13 insertions(+)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/4c6ba95c8c33c8ee5021e5f46893e1df6f6f51d6 commit 4c6ba95c8c33c8ee5021e5f46893e1df6f6f51d6 Author: Adam Grare <agrare> AuthorDate: Thu Jul 19 13:22:01 2018 -0400 Commit: Adam Grare <agrare> CommitDate: Thu Jul 19 13:22:01 2018 -0400 Add Ownership and Tenancy Mixins to Authentication This adds ownership and tenancy to authentications allowing for key pairs added by EmsRefresh to be associated with users in manageiq. https://bugzilla.redhat.com/show_bug.cgi?id=1589766 app/models/authentication.rb | 5 + app/models/miq_group.rb | 1 + app/models/tenant.rb | 1 + app/models/user.rb | 1 + 4 files changed, 8 insertions(+)
https://github.com/ManageIQ/manageiq-schema/pull/64
New commit detected on ManageIQ/manageiq/ivanchuk: https://github.com/ManageIQ/manageiq/commit/af239756f15f6c3a043cae70ae49790c5d2c3057 commit af239756f15f6c3a043cae70ae49790c5d2c3057 Author: Harpreet Kataria <hkataria> AuthorDate: Tue Aug 13 09:24:50 2019 -0400 Commit: Harpreet Kataria <hkataria> CommitDate: Tue Aug 13 09:24:50 2019 -0400 Merge pull request #19124 from PanSpagetka/add-keypair-ownership-feature Add Auth KeyPair Ownership feature (cherry picked from commit 25019761510360eebd43844de99129b430122647) https://bugzilla.redhat.com/show_bug.cgi?id=1589766 https://bugzilla.redhat.com/show_bug.cgi?id=1730066 db/fixtures/miq_product_features.yml | 4 + 1 file changed, 4 insertions(+)
New commit detected on ManageIQ/manageiq-ui-classic/ivanchuk: https://github.com/ManageIQ/manageiq-ui-classic/commit/f0b1b500f1a029429b58716af3cf64a31bc79fa6 commit f0b1b500f1a029429b58716af3cf64a31bc79fa6 Author: Harpreet Kataria <hkataria> AuthorDate: Tue Aug 13 10:25:55 2019 -0400 Commit: Harpreet Kataria <hkataria> CommitDate: Tue Aug 13 10:25:55 2019 -0400 Merge pull request #5973 from PanSpagetka/add-ownership-keypair Add Set Ownership to Key Pairs (cherry picked from commit 5692b46ca8720ede8deb67c343f92aba39bd3456) https://bugzilla.redhat.com/show_bug.cgi?id=1589766 https://bugzilla.redhat.com/show_bug.cgi?id=1730066 app/controllers/auth_key_pair_cloud_controller.rb | 8 +- app/controllers/mixins/actions/vm_actions/ownership.rb | 2 + app/helpers/application_helper/toolbar/auth_key_pair_cloud_center.rb | 6 + app/helpers/application_helper/toolbar/auth_key_pair_clouds_center.rb | 9 + app/helpers/auth_key_pair_cloud_helper/textual_summary.rb | 15 + app/views/auth_key_pair_cloud/show.html.haml | 2 + config/routes.rb | 3 + 7 files changed, 44 insertions(+), 1 deletion(-)
Failed QA ========= Tested on CFME 5.11.0.23 No only admin can see key pairs. Step to reproduce: ================== 1. create project A and user A on it 2. on CFME sync users 3. login with user A and create key pair Actual results: =============== 1. after refresh no key pair listed neither on Compute --> Cloud --> Key Pair, nor on Provision Instances Properties 2. log in with admin user all the key pairs are listed on Compute --> Cloud --> Key Pair, on Provision Instances --> Environment Cloud Tenant select project A on Provision Instances --> Properties Guest Access Key Pair all key pairs are listed and not filtered to project A only