The quota of administrator doesn't work if quantum.db.quota_db.DbQuotaDriver.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
fujioka yuuichi |
Bug Description
Administrator can create resource, even if the tenant of resource is different from the one of authentication. For example, administrator can operate 'quantum net-create' command with different tenant between --os-tenant-name and --tenant-id.
In this case, quota cannot be restricted with the resource tenant, because it is restricted with --os-tenant-name.
So administrator can create a resource over the quota of resource tenant.
Example:
quota of network for demo tenant is 10.
quota of network for demo2 tenant is 5.
demo2 tenant has 5 networks already.
Expect:
$ quantum --os-tenant-name ${demo1_name} net-create --tenant-id ${demo2_id} private6 Quota exceeded for resources: ['network']
Actual:
$ quantum --os-tenant-name ${demo1_name} net-create --tenant-id ${demo2_id} private6 Created a new network:
+------
| Field | Value |
+------
| admin_state_up | True |
| id | c52eb67d-
| name | private6 |
| provider:
| provider:
| provider:
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 0958e49135d24e2
+------
Changed in quantum: | |
assignee: | nobody → fujioka yuuichi (fujioka-yuuichi-d) |
tags: | added: grizzly-backport-potential |
Changed in quantum: | |
milestone: | none → havana-1 |
importance: | Undecided → Medium |
Changed in quantum: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | havana-1 → 2013.2 |
tags: | removed: grizzly-backport-potential |
Fix proposed to branch: master /review. openstack. org/29024
Review: https:/