Cinder

Filtering bootable volumes are not working for non-admin users

Bug #1524450 reported by Victor Morales
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Medium
Sheel Rana

Bug Description

I have two volumes, only one of them is bootable . I have also two users and only one has admin role. So, I reproduced this from horizon but I saw that HTTP calls are the same, therefore I'm sure that horizon is not the problem.

Basically what I noticed is that the drop down list of bootable volumes is populated differently when I use non-admin users.

Steps:

1. Login with non-admin user.
2. Open Launch Instance form
3. Select "Boot from volume" option

Expect Behavior:

This must display only available bootable volumes.

Note: I've tested this with Kilo, I'm lacking of resources so I'm able to reproduce this one on master.

See original description
Revision history for this message
John Griffith (john-griffith) wrote :

I just checked this on latest and it appears to work as expected. Unsure about Juno, but we won't be able to fix it there or Kilo anyway (security only at this point). I'll check out Liberty here shortly but I suspect it's working there as well.

Revision history for this message
Victor Morales (electrocucaracha) wrote :

Great, Thanks for checking this. I'm going to continue digging on my environment about this behavior, more likely this could be useful in the future for someone else.

Victor Morales (electrocucaracha)
description: updated
Revision history for this message
Sheel Rana (ranasheel2000) wrote :

Hi John and Victor,

I confirmed this behavior in Liberty.

1. Login through admin
2. create 1bootable and 1 non bootable volume
3. check in launch instance form, only bootable volume is displayed in drop down.

4. Login to non admin user
5. create 1 non boo-table volume.
6. Check in launch instance form, non bootable volume is visible in drop down.

Changed in cinder:
status: New → Confirmed
Revision history for this message
Lisa Li (lisali) wrote :

By default, bootable can't be filter when getting volumes.
Only following fields can be filtered:
default=['name', 'status', 'metadata',
                                                'availability_zone'],

The following codes remove invalid filters:
https://github.com/openstack/cinder/blob/master/cinder/api/v2/volumes.py#L229

Did you set query_volume_filters in config file?
https://github.com/openstack/cinder/blob/master/cinder/api/v2/volumes.py#L39

Revision history for this message
Sheel Rana (ranasheel2000) wrote :

Dear Lisa Li,

Yes, you are right... its working fine after including same in default drivers or in configuration...

I am not sure if there was any background behind not keeping bootable in default options Or may be this is a miss!!!

In V1, only 'display_name', 'status', 'metadata' were kept under filter, even no configuration option was there :(

    def _get_volume_search_options(self):
           """Return volume search options allowed by non-admin."""
          return ('display_name', 'status', 'metadata')

Revision history for this message
Sheel Rana (ranasheel2000) wrote :

update
>Yes, you are right... its working fine after including same in default drivers or in configuration...
 *Yes, you are right... its working fine after including same in default filters or in configuration...

Changed in cinder:
assignee: nobody → Sheel Rana (ranasheel2000)
Revision history for this message
Sheel Rana (ranasheel2000) wrote :

I think bootable should be by default kept under allowed filters..

Its seems bug, so *thinking of adding 'bootable' as default filter options*...
(need to test thoroughly if there is any issue due to this :( )

Sheel Rana (ranasheel2000)
Changed in cinder:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/268322

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/268322
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=7ac7413ae31f1298af3d50f5b3e017f2af572ecd
Submitter: Jenkins
Branch: master

commit 7ac7413ae31f1298af3d50f5b3e017f2af572ecd
Author: Sheel Rana <email address hidden>
Date: Sat Jan 16 01:53:49 2016 +0530

    Added 'bootable volume' filter for non-admin user

    During launch instance from Horizon, if non-admin
    user selects volume as source for launching
    instance, drop down list for volumes will also
    show non-bootable volumes. It is wrong behaviour.

    To fix this, 'bootable volume' search filter is
    enabled so that only bootable volumes get
    displayed in drop down list of volume.

    APIImpact

    DocImpact:Need to add bootable against
    query_volume_filters in OpenStack Configuration
    Reference

    Closes-Bug: #1524450

    Change-Id: If5bfbd73bbe02b13b76d7169ea16424493ac5fca

Changed in cinder:
status: In Progress → Fix Released
Sheel Rana (ranasheel2000)
Changed in cinder:
importance: Undecided → Medium
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/cinder 8.0.0.0b3

This issue was fixed in the openstack/cinder 8.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.