Don't have permission to delete a volume in error state

Hi Sam,

Seems odd, I just tried this out again to verify and didn't have any issues. Any chance there's some mix-up in the tenant ID being used here?

Just did another test, here is my terminal output below.

I'm using the version from the Ubuntu cloud archive: 2012.2-0ubuntu2~cloud0
Maybe it has been fixed since then?

~$cinder create 5
+---------------------+--------------------------------------+
| Property | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| created_at | 2012-11-29T21:46:52.084236 |
| display_description | None |
| display_name | None |
| id | 46f99376-674b-4c77-9977-881c33c94dbc |
| metadata | {} |
| size | 5 |
| snapshot_id | None |
| status | creating |
| volume_type | None |
+---------------------+--------------------------------------+

~$ cinder list
+--------------------------------------+--------+--------------+------+-------------+-------------+
| ID | Status | Display Name | Size | Volume Type | Attached to |
+--------------------------------------+--------+--------------+------+-------------+-------------+
| 46f99376-674b-4c77-9977-881c33c94dbc | error | None | 5 | None | |
+--------------------------------------+--------+--------------+------+-------------+-------------+

~$ cinder delete 46f99376-674b-4c77-9977-881c33c94dbc
ERROR: User does not have admin privileges (HTTP 403) (Request-ID: req-ef35808a-e0b4-4ae7-9a31-6079f2a3b971)

Fix proposed to branch: master
Review: https://review.openstack.org/23196

Sorry for the delay Sam,

So the issue was in my test I was actually creating the volume and setting it's status to 'error' in the db manually. The fact is however if the volume wasn't deployed the api delete call doesn't call the same path (doesn't need to) and and just goes directly to db.volume_destroy which needed admin context.

Reviewed: https://review.openstack.org/23196
Committed: http://github.com/openstack/cinder/commit/a2830e5417539980249e3ab12d8bf9538d8956c4
Submitter: Jenkins
Branch: master

commit a2830e5417539980249e3ab12d8bf9538d8956c4
Author: John Griffith <email address hidden>
Date: Thu Feb 28 19:01:39 2013 +0000

    Elevate context for delete volume with no host.

    So in the case of a volume that is placed in error state
    on create and never actually deployed, the cinder.volume.api delete
    call does a short cut call to db.destroy_volume which is fine because
    all we have is a DB entry (scheduler never deployed the volume).

    Unfortunately, this requires admin context, so just add an elevate
    context to the db.destroy_volume call.

    Fixes bug: 1084273

    Change-Id: I0ef8bf4356047c385bef703b8dce7d5edf537bf6

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/25571

Reviewed: https://review.openstack.org/25571
Committed: http://github.com/openstack/cinder/commit/2e7f71738d2f695e8079ef0cd3b6c248ee67187e
Submitter: Jenkins
Branch: stable/folsom

commit 2e7f71738d2f695e8079ef0cd3b6c248ee67187e
Author: John Griffith <email address hidden>
Date: Thu Feb 28 19:01:39 2013 +0000

    Elevate context for delete volume with no host.

    So in the case of a volume that is placed in error state
    on create and never actually deployed, the cinder.volume.api delete
    call does a short cut call to db.destroy_volume which is fine because
    all we have is a DB entry (scheduler never deployed the volume).

    Unfortunately, this requires admin context, so just add an elevate
    context to the db.destroy_volume call.

    Fixes bug: 1084273

    Change-Id: I0ef8bf4356047c385bef703b8dce7d5edf537bf6
    (cherry picked from commit a2830e5417539980249e3ab12d8bf9538d8956c4)