OpenStack Compute (nova)

Bug #701121
Comment #5

Comment 5 for bug 701121

Revision history for this message

Vish Ishaya (vishvananda) wrote on 2011-01-10: Re: [Bug 701121] Re: Getting instances by ID when admin only returns deleted instances

that does seem very odd. Are you sure you aren't hitting two different databases? There was a recently fixed bug that was causing the workers to access a local db instead of the normal one.

Vish

On Jan 10, 2011, at 12:05 PM, Ed Leafe wrote:

> Correction: the default is actually False. I was confused because it was
> not returning the Instance even though the ID is present in the
> instances table. Looking in MySQL, I see:
>
>
> mysql> select id, admin_pass, deleted from instances;
> +----+------------+---------+
> | id | admin_pass | deleted |
> +----+------------+---------+
> | 1 | NULL | 0 |
> +----+------------+---------+
> 1 row in set (0.00 sec)
>
> But if I set a break in the code, and execute the call directly, I get
> the following:
>
> In [1]: result =
> session.query(models.Instance).filter_by(id=1).filter_by(deleted=False).first()
>
> In [2]: result
>
> In [3]: result =
> session.query(models.Instance).filter_by(id=1).filter_by(deleted=True).first()
>
> In [4]: result
> Out[4]: <nova.db.sqlalchemy.models.Instance object at 0x4195a90>
>
> In [5]: result.id, result.deleted
> Out[5]: (1, True)
>
> So it seems that the original bug I reported is not valid. However,
> there is a different problem: why is sqlalchemy returning deleted=True
> for this record?
>
>
> ** Changed in: nova
> Status: New => Invalid
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/701121
>
> Title:
> Getting instances by ID when admin only returns deleted instances
>
> Status in OpenStack Compute (Nova):
> Invalid
>
> Bug description:
> In nova/db/sqlalchemy/api.py, the instance_get_by_id() method checks for admin context. If not an admin, it limits queries to non-deleted records. That's correct behavior.
>
> If it is called with admin rights, it should allow you to see both deleted and non-deleted records if 'can_read_deleted(context)' returns True. However, the code as written filters the results on 'deleted = can_read_deleted(context)'. This means that if you are allowed to access deleted records, all queries will add 'deleted=True' to the filter, which means that you cannot access non-deleted records.
>
>

that does seem very odd.  Are you sure you aren't hitting two different databases?  There was a recently fixed bug that was causing the workers to access a local db instead of the normal one.

Vish

On Jan 10, 2011, at 12:05 PM, Ed Leafe wrote:

> Correction: the default is actually False. I was confused because it was
> not returning the Instance even though the ID is present in the
> instances table. Looking in MySQL, I see:
> 
> 
> mysql> select id, admin_pass, deleted from instances;
> +----+------------+---------+
> | id | admin_pass | deleted |
> +----+------------+---------+
> |  1 | NULL       |       0 |
> +----+------------+---------+
> 1 row in set (0.00 sec)
> 
> But if I set a break in the code, and execute the call directly, I get
> the following:
> 
> In [1]: result =
> session.query(models.Instance).filter_by(id=1).filter_by(deleted=False).first()
> 
> In [2]: result
> 
> In [3]: result =
> session.query(models.Instance).filter_by(id=1).filter_by(deleted=True).first()
> 
> In [4]: result
> Out[4]: <nova.db.sqlalchemy.models.Instance object at 0x4195a90>
> 
> In [5]: result.id, result.deleted
> Out[5]: (1, True)
> 
> So it seems that the original bug I reported is not valid. However,
> there is a different problem: why is sqlalchemy returning deleted=True
> for this record?
> 
> 
> ** Changed in: nova
>       Status: New => Invalid
> 
> -- 
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/701121
> 
> Title:
>  Getting instances by ID when admin only returns deleted instances
> 
> Status in OpenStack Compute (Nova):
>  Invalid
> 
> Bug description:
>  In nova/db/sqlalchemy/api.py, the instance_get_by_id() method checks for admin context. If not an admin, it limits queries to non-deleted records. That's correct behavior.
> 
> If it is called with admin rights, it should allow you to see both deleted and non-deleted records if 'can_read_deleted(context)' returns True. However, the code as written filters the results on 'deleted = can_read_deleted(context)'. This means that if you are allowed to access deleted records, all queries will add 'deleted=True' to the filter, which means that you cannot access non-deleted records.
> 
>