neutron

The quota of administrator doesn't work if quantum.db.quota_db.DbQuotaDriver.

Bug #1179729 reported by fujioka yuuichi on 2013-05-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	fujioka yuuichi	neutron 2013.2 "havana"

Bug Description

Administrator can create resource, even if the tenant of resource is different from the one of authentication. For example, administrator can operate 'quantum net-create' command with different tenant between --os-tenant-name and --tenant-id.

In this case, quota cannot be restricted with the resource tenant, because it is restricted with --os-tenant-name.
So administrator can create a resource over the quota of resource tenant.

Example:

quota of network for demo tenant is 10.
quota of network for demo2 tenant is 5.
demo2 tenant has 5 networks already.

Expect:

$ quantum --os-tenant-name ${demo1_name} net-create --tenant-id ${demo2_id} private6 Quota exceeded for resources: ['network']

Actual:
$ quantum --os-tenant-name ${demo1_name} net-create --tenant-id ${demo2_id} private6 Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | c52eb67d-4953-45ce-aa06-69d21e481050 |
| name | private6 |
| provider:network_type | local |
| provider:physical_network | |
| provider:segmentation_id | |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 0958e49135d24e248cc39f76b48a9f13 |
+---------------------------+--------------------------------------+

fujioka yuuichi (fujioka-yuuichi-d) on 2013-05-13

Changed in quantum:
assignee:	nobody → fujioka yuuichi (fujioka-yuuichi-d)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-14: Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/29024

Changed in quantum:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-17: Fix merged to quantum (master)

Reviewed: https://review.openstack.org/29024
Committed: http://github.com/openstack/quantum/commit/84f65f387c873d7d342a56f081f7bf8025500bf9
Submitter: Jenkins
Branch: master

commit 84f65f387c873d7d342a56f081f7bf8025500bf9
Author: fujioka yuuichi <email address hidden>
Date: Tue May 14 09:01:17 2013 +0900

fix reference to tenant id.

    Administrator can create resource, even if the tenant of resource is
    different from the one of authentication. For example, administrator
    can operate 'quantum net-create' command with different tenant
    between the authentication tenant(--os-tenant-name) and --tenant-id.

In this case, quota cannot be restricted with the resource tenant,
because it is restricted with --os-tenant-name.

This patch fixes this problem.

Fixes: bug #1179729

Change-Id: I8ce893bb583d52f81c661082372d725bebf9c1be

Changed in quantum:
status:	In Progress → Fix Committed

Mark McClain (markmcclain) on 2013-05-21

tags:	added: grizzly-backport-potential
Changed in quantum:
milestone:	none → havana-1
importance:	Undecided → Medium

Thierry Carrez (ttx) on 2013-05-29

Changed in quantum:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in neutron:
milestone:	havana-1 → 2013.2

Alan Pevec (apevec) on 2014-03-31

tags:

removed: grizzly-backport-potential

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.