Bug 1593923 - OSP domain user seen objects from other domain tenants
Summary: OSP domain user seen objects from other domain tenants
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.9.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: GA
: 5.10.0
Assignee: Marek Aufart
QA Contact: Omri Hochman
URL:
Whiteboard:
Depends On:
Blocks: 1578510 1629125
TreeView+ depends on / blocked
 
Reported: 2018-06-21 20:17 UTC by Saif Ali
Modified: 2019-02-11 14:01 UTC (History)
10 users (show)

Fixed In Version: 5.10.0.15
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1629125 (view as bug list)
Environment:
Last Closed: 2019-02-11 14:01:04 UTC
Category: ---
Cloudforms Team: Openstack
Target Upstream Version:


Attachments (Terms of Use)

Description Saif Ali 2018-06-21 20:17:40 UTC
Description of problem:
On OSP side we have multiple domains "local domain, and AD domain", we created local domain account with the admin role in the local domain, and also has admin role on AD domain. 

We added OSP to CloudForms using that account and we use the AD domain ID. 


Version-Release number of selected component (if applicable):
4.6

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
The user can see all the objects in OSP side except the instances.

Expected results:
The user should only see objects within the AD domain

Additional info:

Comment 9 CFME Bot 2018-09-11 16:53:31 UTC
New commit detected on ManageIQ/manageiq-providers-openstack/master:

https://github.com/ManageIQ/manageiq-providers-openstack/commit/34b7d6e0d9f55da72207dbe7f447eedb2d5ee8fc
commit 34b7d6e0d9f55da72207dbe7f447eedb2d5ee8fc
Author:     Marek Aufart <maufart@redhat.com>
AuthorDate: Tue Sep  4 07:41:50 2018 -0400
Commit:     Marek Aufart <maufart@redhat.com>
CommitDate: Tue Sep  4 07:41:50 2018 -0400

    Filter Keystone Projects by domain_id

    OpenStack provides list of all projects accessible for a user.
    MIQ allows to specify domain_id in Add provider form, so it is
    expected see only project within such domain.

    Filtering of projects available for the user by domain_id was added.

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1593923

 lib/manageiq/providers/openstack/legacy/openstack_handle/identity_delegate.rb | 3 +-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comment 11 Jadh 2018-11-18 15:50:58 UTC
Verified on 5.10.0.24


Note You need to log in before you can comment on or make changes to this bug.