Incorrect limit for private type volumes

Bug #1952456 reported by Gorka Eguileor
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
In Progress
Low
Gorka Eguileor

Bug Description

Cinder allows admins to make private a volume type that already has volumes, and if the admin doesn't give permission to the project for the type the quota limits and usage will not reflect that the user can't create new resources and instead show as unlimited (-1), which is wrong.

The quota limits and usage should reflect that the number of volumes they can create for that type is 0 (no access to the type) while at the same time correctly report the current usage.

Following steps show this behavior:

$ cinder create --volume-type lvmdriver-1 --name test 1
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2021-11-26T14:18:02.000000 |
| description | None |
| encrypted | False |
| id | 4af87103-8218-4d67-92f8-396df8b0d56c |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | test |
| os-vol-host-attr:host | None |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | a41464e54125407aab09e0236cce2c3c |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| updated_at | None |
| user_id | b076a33c2e4240b4ac9e8fbb3ba24fee |
| volume_type | lvmdriver-1 |
+--------------------------------+--------------------------------------+

$ cinder type-update --is-public false 08bb263a-470c-4088-a921-1e2b7bd84b26
+--------------------------------------+-------------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+-------------+-------------+-----------+
| 08bb263a-470c-4088-a921-1e2b7bd84b26 | lvmdriver-1 | - | False |
+--------------------------------------+-------------+-------------+-----------+

$ cinder quota-usage a41464e54125407aab09e0236cce2c3c
+-----------------------+--------+----------+-------+-----------+
| Type | In_use | Reserved | Limit | Allocated |
+-----------------------+--------+----------+-------+-----------+
| backup_gigabytes | 1 | 0 | 1000 | |
| backups | 1 | 0 | 10 | |
| gigabytes | 1 | 0 | 1000 | |
| gigabytes___DEFAULT__ | 0 | 0 | -1 | |
| gigabytes_lvmdriver-1 | 1 | 0 | -1 | |
| groups | 0 | 0 | 10 | |
| per_volume_gigabytes | 0 | 0 | -1 | |
| snapshots | 0 | 0 | 10 | |
| snapshots___DEFAULT__ | 0 | 0 | -1 | |
| snapshots_lvmdriver-1 | 0 | 0 | -1 | |
| volumes | 1 | 0 | 10 | |
| volumes___DEFAULT__ | 0 | 0 | -1 | |
| volumes_lvmdriver-1 | 1 | 0 | -1 | |
+-----------------------+--------+----------+-------+-----------+

Tags: private type
Gorka Eguileor (gorka)
summary: - A project can have resources of a type they don't have access to
+ Incorrect limit for private type volumes
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/819691

Changed in cinder:
status: New → In Progress
Changed in cinder:
importance: Undecided → Low
tags: added: private type
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/907152

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on cinder (master)

Change abandoned by "Rajat Dhasmana <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/819691
Reason: in favor of https://review.opendev.org/c/openstack/cinder/+/907152 (since i thought doing it over master would be better, it wasn't)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.