nova quota-update can update quota for a non-exist tenant
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
New
|
Undecided
|
David Geng | ||
Bug Description
Test procedure:
1. check the tenant of your openstack
[root@sco-svt opt]# keystone tenant-list
+------
| id | name | enabled |
+------
| 26df64cc1d2d4df
| 84ca1c4ffb8d4aa
+------
2. run nova quota-update to update a quota for a non-exist tenant.
nova quota-update --instance 40 --cores 40 --ram 409600 --volumes 160 --floating-ips 100 diaojuan
[root@sco-svt opt]# nova quota-show diaojuan
+------
| Property | Value |
+------
| cores | 40 |
| floating_ips | 100 |
| gigabytes | 1000 |
| injected_
| injected_files | 5 |
| instances | 40 |
| metadata_items | 128 |
| ram | 409600 |
| volumes | 160 |
+------
3. Expected result: the update will failed Because diaojuan is not the exist tenant-id.
Actual result: it can be successfully executed.
| information type: | Private Security → Public Security |
| Changed in python-glanceclient: | |
| assignee: | nobody → diaojuan (diaojuan) |
| assignee: | diaojuan (diaojuan) → nobody |
| Changed in python-glanceclient: | |
| assignee: | nobody → David Geng (genggjh) |
| affects: | python-glanceclient → nova |
| Changed in nova: | |
| assignee: | David Geng (genggjh) → nobody |
| assignee: | nobody → David Geng (genggjh) |
| ZhiQiang Fan (aji-zqfan) wrote | #1 |
| ZhiQiang Fan (aji-zqfan) wrote | #2 |
| information type: | Public Security → Public |
this needs keystone's cooperation since the tenant_id is checked by it
however, from api to db/sqlalchemy/
the quota on non-exsist tenant will not cause security problem, just cause unnecessary SQL storage