OpenStack Compute (nova)

nova quota-update should throw error if tenant-id is not correct

Bug #1551103 reported by Abhishek Talwar on 2016-02-29

This bug report is a duplicate of: Bug #1118066: Nova should confirm quota requests against Keystone. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Invalid	Wishlist	Unassigned
	python-novaclient	In Progress	Undecided	Abhilash Goyal

Bug Description

According to the help for “nova quota-update” the command works only with tenant-id.

But currently the command works with everything and doesn't check if the user entered a valid tenant-id or not.

The command should check if the tenant-id entered is a valid id and if it that is not the case should result in an error.

Steps to reproduce the bug :

1. Run “keystone tenant-list” command to get the list of the existing tenants

stack@stack:~/devstack$ keystone tenant-list

2. Run the “nova quota-update” command with a valid tenant-id from the list you got using the keystone command

stack@stack:~/devstack$ nova quota-update --instances 8 5484649a676547a0b63db23c2e7abaec

3. Check if the quota got updated

stack@stack:~/devstack$ nova quota-show --tenant 5484649a676547a0b63db23c2e7abaec

+-----------------------------+-------+
| Quota | Limit |
+-----------------------------+-------+
| instances | 8 |
| cores | 20 |
| ram | 51200 |
| floating_ips | 10 |
| fixed_ips | -1 |
| metadata_items | 128 |
| injected_files | 5 |
| injected_file_content_bytes | 10240 |
| injected_file_path_bytes | 255 |
| key_pairs | 100 |
| security_groups | 10 |
| security_group_rules | 20 |
| server_groups | 10 |
| server_group_members | 10 |
+-----------------------------+-------+

As we can see the quota got updated when we used a valid tenant-id. Now lets check what happens if we use a tenant-id that doesn't exits.

4. Run the “nova quota-update” command again using an incorrect tenant-id

stack@stack:~/devstack$ nova quota-update --instances 8 123123123123

5. Check if the quota got updated for this tenant-id

stack@stack:~/devstack$ nova quota-show --tenant 123123123123

So the command updates the quota for a tenant that doesn't exists resulting in a bug for OpenStack.

Abhilash Goyal (abhilash-goyal) on 2016-02-29

Changed in python-novaclient:
assignee:	nobody → Abhilash Goyal (abhilash-goyal)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-04: Fix proposed to python-novaclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/288396

Changed in python-novaclient:
status:	New → In Progress

Revision history for this message

Andriy Kurilin (andreykurilin) wrote on 2016-03-09:

imo, it is problem on nova-api side. there is no validation for tenant-id

Revision history for this message

Kristi Nikolla (knikolla) wrote on 2016-03-09:

Should this validation be implemented even though it would require a call to Keystone to check if such a project exists?

Revision history for this message

Matt Riedemann (mriedem) wrote on 2016-03-10:

This should be fixed as part of this blueprint:

https://blueprints.launchpad.net/nova/+spec/validate-project-with-keystone

There are several duplicate bugs for this (see the blueprint).

Changed in nova:
status:	New → Invalid
importance:	Undecided → Wishlist

Abhilash Goyal (abhilash-goyal) on 2016-04-20

Changed in nova:
assignee:	nobody → Abhilash Goyal (abhilash-goyal)
assignee:	Abhilash Goyal (abhilash-goyal) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1118066 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Validate project with Keystone

Remote bug watches

Bug watches keep track of this bug in other bug trackers.