Designate

Zone transfer fails for the targeted project using non admin creds

Bug #1627943 reported by Ashish Kumar Gupta on 2016-09-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Designate	Triaged	Medium	Unassigned	Designate ocata-1 "o1"

Bug Description

Zone transfer fails from source project to target project
Source a creds of a project/user with role non admin
For this usercase i have two member creds project1.osrc and project2.osrc
Using user1 created a zone .
source project1.osrc
stack@user1:~$ openstack zone list
+--------------------------------------+---------+---------+------------+--------+--------+
| id | name | type | serial | status | action |
+--------------------------------------+---------+---------+------------+--------+--------+
| 6aee0065-d87d-4521-85dc-0828dbca8e19 | u1.com. | PRIMARY | 1474954123 | ACTIVE | NONE |
+--------------------------------------+---------+---------+------------+--------+--------+

*Note tenant_id of project1.osrc creds : 67850ec5eba444ec87e3e2ef2f8be376

Transfer request is made to transfer the zone from project1 to project2 (3307862989444a19a4c4b79a0f583d87)
stack@user1:~$ openstack zone transfer request create --target-project-id 3307862989444a19a4c4b79a0f583d87 6aee0065-d87d-4521-85dc-0828dbca8e19
+-------------------+--------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------------------------------------------------------------+
| created_at | 2016-09-27T05:37:07.000000 |
| description | None |
| id | 6606d411-53e8-41de-b249-e3e68288c4e4 |
| key | OMZ0CP4T |
| links | {u'self': u'https://172.168.1.5:9001/v2/zones/tasks/transfer_requests/6606d411-53e8-41de-b249-e3e68288c4e4'} |
| project_id | 67850ec5eba444ec87e3e2ef2f8be376 |
| status | ACTIVE |
| target_project_id | 3307862989444a19a4c4b79a0f583d87 |
| updated_at | None |
| zone_id | 6aee0065-d87d-4521-85dc-0828dbca8e19 |
| zone_name | None |
+-------------------+--------------------------------------------------------------------------------------------------------------+

While trying to made accept request
stack@user1:~$ openstack zone transfer accept request --transfer-id 6606d411-53e8-41de-b249-e3e68288c4e4 --key OMZ0CP4T
forbidden
Reason: https://bugs.launchpad.net/designate/+bug/1627941

Hence using the admin creds
stack@user1:~$ source service.osrc
stack@user1:~$ openstack zone transfer accept request --transfer-id 6606d411-53e8-41de-b249-e3e68288c4e4 --key OMZ0CP4T
+--------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+--------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2016-09-27T05:37:46.000000 |
| id | 48c116cc-b145-4ac0-be0b-ff3f4e34da14 |
| key | OMZ0CP4T |
| links | {u'self': u'https://172.168.1.5:9001/v2/zones/tasks/transfer_accepts/48c116cc-b145-4ac0-be0b-ff3f4e34da14', u'zone': |
| | u'https://172.166.1.4:9001/v2/zones/6aee0065-d87d-4521-85dc-0828dbca8e19'} |
| project_id | 79d05e929d0441789bc4955d35131897 |
| status | COMPLETE |
| updated_at | 2016-09-27T05:37:46.000000 |
| zone_id | 6aee0065-d87d-4521-85dc-0828dbca8e19 |
| zone_transfer_request_id | 6606d411-53e8-41de-b249-e3e68288c4e4 |
+--------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
Now using the project2/prject1 creds trying listing the zone

stack@user1:~$ source project2.osrc
stack@user1:~$ openstack zone list

stack@user1:~$ source project1.osrc
stack@user1:~$ openstack zone list

Rather the zone get transferred to But using admin (79d05e929d0441789bc4955d35131897) creds the zone is tr

stack@user1:~$ openstack zone show u1.com.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | NONE |
| attributes | {} |
| created_at | 2016-09-27T05:27:30.000000 |
| description | None |
| email | <email address hidden> |
| id | 6aee0065-d87d-4521-85dc-0828dbca8e19 |
| masters | |
| name | u1.com. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 79d05e929d0441789bc4955d35131897 |
| serial | 1474954123 |
| status | ACTIVE |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | 2016-09-27T05:37:46.000000 |
| version | 5 |
+----------------+--------------------------------------+

See original description

Ashish Kumar Gupta (ashish-kumar-gupta) on 2016-09-27

description:

updated

Tim Simmons (timsim) on 2016-09-28

Changed in designate:
status:	New → Triaged
importance:	Undecided → Medium
milestone:	none → ocata-1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.