OpenStack Compute (nova)

Quota update should add check to avoid update projects tenant_id or user_id

Bug #1333571 reported by zhu zhu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Confirmed
Wishlist
Unassigned

Bug Description

For now the nova quota-update will not give any constraints for the values provided(user_id, tenant_id) when updates.

Actually if user 'nova quota-update service --ram=90000' and it will get successfully. But it could give user some confusion that quota-show --tenant <tenant-name> is different with quota-show --tenant <tenant-uuid>.

It is suggested that checks can be added to only allow the uuid-hex format tenant-id or user-id to get quota updated.

[root@openstack-zz ~]# keystone tenant-list|grep -i service
| 6194feba2f7d4ba38871cbae316c0dc5 | ServicesAdminNegativeV3Test-1222585335 | True |
| 342e8af8e9e14d5cb432c2b4caea31a2 | ServicesAdminNegativeV3Test-26338885 | True |
| 9abbd7d89f724425878dfedca3e62d73 | ServicesAdminNegativeV3Test-828904988 | True |
| 9648314c9e72430586297ec98d92ef8e | ServicesAdminV3Test-1556513182 | True |
| 134ba2bec4e8412688868d879cb05399 | ServicesAdminV3Test-1805549103 | True |
| ca5f77e01d4f45739e67abfbfd478ec9 | ServicesAdminV3Test-567239400 | True |
| 02bbd8a72c7a4615866077132011c963 | service | True |
[root@openstack-zz ~]# nova quota-update service --ram 94000
[root@openstack-zz ~]# nova quota-show --tenant service
+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 94000 |
| floating_ips | 10 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+-------+
[root@openstack-zz ~]# nova quota-show --tenant 02bbd8a72c7a4615866077132011c963
+-----------------------------+--------+
| Quota | Limit |
+-----------------------------+--------+
| instances | 10 |
| cores | 20 |
| ram | 100000 |
| floating_ips | 10 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
+-----------------------------+--------+

Tags: compute quotas
Revision history for this message
zhu zhu (zhuzhubj) wrote :

https://review.openstack.org/#/c/102147/

Revision history for this message
Thang Pham (thang-pham) wrote :

There is a blueprint and patch for this that is pending approval, https://blueprints.launchpad.net/nova/+spec/validate-tenant-user-with-keystone, which will take care of this bug better by validating the tenant-id and user-id against keystone.

Tracy Jones (tjones-i)
tags: added: compute
melanie witt (melwitt)
Changed in nova:
assignee: nobody → zhu zhu (zhuzhubj)
importance: Undecided → Wishlist
status: New → In Progress
Revision history for this message
zhu zhu (zhuzhubj) wrote :

Matt or anyone can take a look and help to remove -2 for the patches? Thanks.

Revision history for this message
Sean Dague (sdague) wrote :

Patch is -2 usptream, so not in progress.

Changed in nova:
status: In Progress → Confirmed
assignee: zhu zhu (zhuzhubj) → nobody
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by Zhu Zhu (<email address hidden>) on branch: master
Review: https://review.openstack.org/102147

Joe Gordon (jogo)
tags: added: quotas
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.