Description of problem: Unable to view AWS keypair list as tenant_administrator Version-Release number of selected component (if applicable): CloudForms 4.7/CFME 5.10.6 How reproducible: Every time Steps to Reproduce: 1. Copy the EvmRole_tenant_admin role to a new role (Since this role does not have the Auth Key Pairs feature enabled) 2. In the role, enable the Auth Key Pairs feature 3. Add either new or existing groups to the newly created tenant admin role 4. If the added groups belong to the Top-Level Tenant (Parent Tenant), then users in that group will be able to see the WAS Key Pairs 5. Otherwise, if the added groups belong to one of the sub-tenant (Children tenant), users in those groups will not be able to see the AWS Key Pairs Actual results: Since the EvmRole_tenant_admin role does not have the Auth Key Pairs feature enabled, we need to copy this role, enable the feature, and add groups to the newly created role. We have noticed that users in groups that belong to the children tenants cannot see the AWS Key Pairs, whereas users in groups that belong to the parent tenant( Top-level) can see the key Pairs. Expected results: Users in groups that belong to either the top-level tenant or any of the children tenants (sub-tenants) should be able to see the key Pairs. Additional info: We tested the same scenario in Cloudforms 4.6 /CFME5.9.9, and the result was that users in groups that belong to sub-tenants ( children tenants) are able to see the key pairs. Therefore it works in Cloudforms4.6/CFME5.9.9 but in Cloudforms4.7/CFME5.10.6 Additionally, in the past, we (customer) were able to view AWS keypair list. All of our catalogs created by users with the tenant_administrator role. What information can you provide around timeframes and the business impact? We are unable to add/modify service catalogs properly.
New commit detected on ManageIQ/manageiq/ivanchuk: https://github.com/ManageIQ/manageiq/commit/af239756f15f6c3a043cae70ae49790c5d2c3057 commit af239756f15f6c3a043cae70ae49790c5d2c3057 Author: Harpreet Kataria <hkataria> AuthorDate: Tue Aug 13 09:24:50 2019 -0400 Commit: Harpreet Kataria <hkataria> CommitDate: Tue Aug 13 09:24:50 2019 -0400 Merge pull request #19124 from PanSpagetka/add-keypair-ownership-feature Add Auth KeyPair Ownership feature (cherry picked from commit 25019761510360eebd43844de99129b430122647) https://bugzilla.redhat.com/show_bug.cgi?id=1589766 https://bugzilla.redhat.com/show_bug.cgi?id=1730066 db/fixtures/miq_product_features.yml | 4 + 1 file changed, 4 insertions(+)
New commit detected on ManageIQ/manageiq-ui-classic/ivanchuk: https://github.com/ManageIQ/manageiq-ui-classic/commit/f0b1b500f1a029429b58716af3cf64a31bc79fa6 commit f0b1b500f1a029429b58716af3cf64a31bc79fa6 Author: Harpreet Kataria <hkataria> AuthorDate: Tue Aug 13 10:25:55 2019 -0400 Commit: Harpreet Kataria <hkataria> CommitDate: Tue Aug 13 10:25:55 2019 -0400 Merge pull request #5973 from PanSpagetka/add-ownership-keypair Add Set Ownership to Key Pairs (cherry picked from commit 5692b46ca8720ede8deb67c343f92aba39bd3456) https://bugzilla.redhat.com/show_bug.cgi?id=1589766 https://bugzilla.redhat.com/show_bug.cgi?id=1730066 app/controllers/auth_key_pair_cloud_controller.rb | 8 +- app/controllers/mixins/actions/vm_actions/ownership.rb | 2 + app/helpers/application_helper/toolbar/auth_key_pair_cloud_center.rb | 6 + app/helpers/application_helper/toolbar/auth_key_pair_clouds_center.rb | 9 + app/helpers/auth_key_pair_cloud_helper/textual_summary.rb | 15 + app/views/auth_key_pair_cloud/show.html.haml | 2 + config/routes.rb | 3 + 7 files changed, 44 insertions(+), 1 deletion(-)
New commit detected on ManageIQ/manageiq/ivanchuk: https://github.com/ManageIQ/manageiq/commit/e618ece9121fe5dec4d1c5a2ab28ace2b112ef9b commit e618ece9121fe5dec4d1c5a2ab28ace2b112ef9b Author: Gregg Tanzillo <gtanzill> AuthorDate: Mon Aug 26 14:38:05 2019 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Mon Aug 26 14:38:05 2019 -0400 Merge pull request #19202 from lpichler/set_tenant_from_group_for_keypairs Set tenant from group in Authentification(KeyPairs) model (cherry picked from commit f30f40854bcffdd2ccee2231cf0f6c8bc3722fde) https://bugzilla.redhat.com/show_bug.cgi?id=1730066 app/models/authentication.rb | 6 + spec/models/authentication_spec.rb | 13 + 2 files changed, 19 insertions(+)
Verified in 5.11.1.0. User with tenant_admininstrator role with extra key pairs access set with group that belongs to subtenant can access key pairs.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:4201