flavor-access-add doesn't validate the tenant id
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned | ||
OpenStack Compute (nova) |
Confirmed
|
Low
|
Thang Pham |
Bug Description
I can use a random string to represent the tenant when calling flavor-access-add, and it will be shown in the flavor-access-list output even though it has no meaning and won't work. This causes confusion for users, who use the command to add tenants by name and then wonder why they can't access the new flavour (e.g. bug 1083602, bug 1315479).
Steps to reproduce:
1. Create a private flavour
$ nova flavor-create --is-public false abcdef auto 1 1 1
+------
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+------
| f349c9a1-
+------
2. Give access to a tenant by name
$ nova flavor-access-add f349c9a1-
3. It looks like it was added correctly, but if I do 'nova flavor-list' with a user from the demo tenant it will not show the flavour.
$ nova flavor-access-list --flavor f349c9a1-
+------
| Flavor_ID | Tenant_ID |
+------
| f349c9a1-
+------
The name doesn't need to exist at all, I can successfully add random strings:
$ nova flavor-access-add f349c9a1-
+------
| Flavor_ID | Tenant_ID |
+------
| f349c9a1-
| f349c9a1-
+------
I think we shouldn't allow invalid IDs when running "nova flavor-access-add".
description: | updated |
tags: | added: compute |
tags: |
added: api removed: compute |
Changed in nova: | |
status: | New → Confirmed |
Changed in nova: | |
importance: | Undecided → Low |
Changed in nova: | |
assignee: | Thang Pham (thang-pham) → Abhishek Talwar (abhishek-talwar) |
Changed in nova: | |
assignee: | Abhishek Talwar (abhishek-talwar) → Thang Pham (thang-pham) |
Changed in nova: | |
status: | Confirmed → In Progress |
no longer affects: | neutron |
I am hoping to get my blueprint accepted so that tenant/user IDs are validated through keystone: https:/ /blueprints. launchpad. net/nova/ +spec/validate- tenant- user-with- keystone. I have a similar problem with quota tenant/user IDs. I will be glad to handle this bug once the BP is accepted.