Description of problem: On OSP side we have multiple domains "local domain, and AD domain", we created local domain account with the admin role in the local domain, and also has admin role on AD domain. We added OSP to CloudForms using that account and we use the AD domain ID. Version-Release number of selected component (if applicable): 4.6 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: The user can see all the objects in OSP side except the instances. Expected results: The user should only see objects within the AD domain Additional info:
https://github.com/ManageIQ/manageiq-providers-openstack/pull/342
New commit detected on ManageIQ/manageiq-providers-openstack/master: https://github.com/ManageIQ/manageiq-providers-openstack/commit/34b7d6e0d9f55da72207dbe7f447eedb2d5ee8fc commit 34b7d6e0d9f55da72207dbe7f447eedb2d5ee8fc Author: Marek Aufart <maufart> AuthorDate: Tue Sep 4 07:41:50 2018 -0400 Commit: Marek Aufart <maufart> CommitDate: Tue Sep 4 07:41:50 2018 -0400 Filter Keystone Projects by domain_id OpenStack provides list of all projects accessible for a user. MIQ allows to specify domain_id in Add provider form, so it is expected see only project within such domain. Filtering of projects available for the user by domain_id was added. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1593923 lib/manageiq/providers/openstack/legacy/openstack_handle/identity_delegate.rb | 3 +- 1 file changed, 2 insertions(+), 1 deletion(-)
Verified on 5.10.0.24