VMware Cloud Community
rmav01
Enthusiast
Enthusiast
‎08-16-2016 02:29 PM

Potential Bug: Different Tenants can 'Steal' Matching XaaS Resources if IDs Match

Hi all,

I ran into a potential bug today with vRA, Dynamic Types, and multiple tenants. In our environment we have two tenants A and B. On both tenants I have exposed an XaaS resource called CoolDynamicOffering. The workflows and actions that provision CoolDynamicOffering objects for both tenants utilize the same logic, but the coding assets themselves are on separate vRO instances. Let's say I provision a CoolDynamicOffering in Tenant A that ends up being assigned an id of '1'. Now let's say I order a CoolDynamicOffering from Tenant B, which also get's an id of '1' from it's vRO environment. We found that the item provisioned in B is stolen from Tenant A. The item disappears from the items list view in A, and goes to B, and is assigned a new owner.

We have since added some logic to make sure the ID's are unique no matter what tenant. However, I would expect a multi-tenant solution to be able to correctly segregate the two IDs based on their point of origin. This might be because all of the information for both tenants is stored within the cat_resource table in the Postgres DB on the appliance. Might be something to look into for a future version.

Tags (2)
0 Kudos
2 Replies
GrantOrchardVMw
Commander
Commander
‎08-17-2016 04:51 PM

This is one reason that you are able to assign a different vRO per tenant for ASD/XaaS.

Grant http://grantorchard.com
0 Kudos
rmav01
Enthusiast
Enthusiast
‎08-18-2016 06:16 AM

This is one reason that you are able to assign a different vRO per tenant for ASD/XaaS.

Hi Grant,  the same logic is stored in two separate vRO instances. Each tenant is pointing to it's own unique vRO instance out of these two.

0 Kudos