Cloned volume is associated with wrong SolidFire account
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
High
|
Mathieu Gagné | ||
Grizzly |
Fix Released
|
High
|
John Griffith |
Bug Description
When cloning a volume owned by a tenant (A) to an other tenant (B), the cloned volume is associated with the wrong SolidFire account (A).
Steps to reproduce the problem:
1. Have volume 1 owned by tenant A
2. Have a keystone user member of tenant A and tenant B with admin role
3. Clone volume 1 to tenant B, therefore creating volume 2.
Actual results:
* Cinder associates the (cloned) volume 2 to tenant B.
* SolidFire driver does not create any SolidFire account for tenant B.
* If tenant B does NOT already have a SolidFire account on SolidFire cluster
* The cloning process fails at create_export because it cannot find the corresponding SolidFire account (B).
* If tenant B DOES already have a SolidFire account on SolidFire cluster
* SolidFire driver associates volume 2 to SolidFire account of tenant A.
* Cloned volume CANNOT be cloned twice, it fails because SolidFire driver cannot find the volume in the SolidFire account of tenant B.
Expected results:
* Cinder associates (cloned) volume 2 to tenant B.
* SolidFire driver creates a SolidFire account for tenant B. (if it does not exist)
* SolidFire driver associates volume 2 to SolidFire account of tenant B.
* SolidFire driver is able to clone twice (or more) a cloned volume.
Changed in cinder: | |
importance: | Medium → High |
tags: | added: grizzly-backport-potential |
Changed in cinder: | |
milestone: | none → havana-1 |
status: | Fix Committed → Fix Released |
tags: | removed: grizzly-backport-potential |
tags: | removed: in-stable-grizzly |
Changed in cinder: | |
milestone: | havana-1 → 2013.2 |
This isn't intended to work. We're in the process of introducing tenant-transfers of volumes that will address this but in the current driver this is not expected to work. We've looked at doing a "super-tenant" sort of along the lines of what you've done but instead we're working on adding API calls specifically to deal with this and include some key management as well as some cleanup routines for volumes that were released, but never claimed.