the log record the wrong user_id who actually do the operation to the vm

Bug #1744658 reported by shuangyang.qian on 2018-01-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Wishlist
shuangyang.qian

Bug Description

I have a vm that created by admin user.
Then i switch one common user, and do the shutdown action to the vm.
When i check up the log, i found that it record that the admin user is the one who do the shutdown action.
In my submission, the user_id that record in the log should be the real one who do the action, not the one that the vm belong to.

Fix proposed to branch: master
Review: https://review.openstack.org/536243

Changed in nova:
assignee: nobody → shuangyang.qian (shuangyang.qian)
status: New → In Progress
melanie witt (melwitt) wrote :

I'm not sure this is actually a bug. That is, in the area of the code where user_id is added from instance info, it's intended to show the instance owner properties, not the user/project of the user who performed the action on the instance.

So far, it appears that notifications don't include the user/project of the action initiator and this would be a request for enhancement.

tags: added: notifications

thank you for your comments, melwitt. I think we should dig deeper for this question. Or just like you said this would be a request for enhancement.

Also i would like other people can come to discuss this.:)

Balazs Gibizer (balazs-gibizer) wrote :

This is a new feature. We even have an approved blueprint for Rocky to make this happen.
https://blueprints.launchpad.net/nova/+spec/add-action-initiator-to-instance-action-notifications So I set this bug as Wishlist but I'm totally supportive to continue the work adding what is missing here.

Changed in nova:
importance: Undecided → Wishlist
Changed in nova:
assignee: shuangyang.qian (shuangyang.qian) → jiang wei (timjiang)
Changed in nova:
assignee: jiang wei (timjiang) → Matt Riedemann (mriedem)
Matt Riedemann (mriedem) on 2018-07-04
Changed in nova:
assignee: Matt Riedemann (mriedem) → jiang wei (timjiang)
assignee: jiang wei (timjiang) → shuangyang.qian (shuangyang.qian)

Reviewed: https://review.openstack.org/536243
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2bca6431e69bf2c6e657736b7fe11f5a2fbb9433
Submitter: Zuul
Branch: master

commit 2bca6431e69bf2c6e657736b7fe11f5a2fbb9433
Author: shuangyang.qian <email address hidden>
Date: Mon Jan 22 15:55:14 2018 +0800

    Add action initiator attribute to the instance payload

    The instance action notifications contain the user id and the
    project id of the owner of the instance. However an instance
    action might be initiated by another user. It could be another
    user from the same project or can be an admin from the admin project.
    To be able to distinguish between the user who initiated the instance
    action from the user owning the instance we need to add two new
    fields to the instance action notifications, action_initiator_user
    and action_initiator_project

    Change-Id: I649d8a27baa8840bc1bb567fef027c749c663432
    Closes-bug: #1744658
    Blueprint: add-action-initiator-to-instance-action-notifications

Changed in nova:
status: In Progress → Fix Released

This issue was fixed in the openstack/nova 18.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers