OpenStack Compute (nova)

Nova should not return quota information for non-existent projects

Bug #897326 reported by Gavin B
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Confirmed
Wishlist
Unassigned

Bug Description

Bug or feature ?

root@az1-nv-schedule-0000:~# nova-manage project quota nosuchproject
metadata_items: 35
instances: 20
injected_file_content_bytes: 10240
injected_files: 5
volumes: 0
gigabytes: 1000
cores: 20
ram: 204800
floating_ips: 20
root@az1-nv-schedule-0000:~#

useful to see the default values I suppose, but ...

diablo-final

Revision history for this message
Thierry Carrez (ttx) wrote : Re: nova-manage should not return quota information for non-existent projects

I think that's a confusing feature :)

summary: - nova-manage returns quota information for non-existent projects
+ nova-manage should not return quota information for non-existent
+ projects
Changed in nova:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Thierry Carrez (ttx) wrote :

From duplicate bug:

Request(GET):
URL: /v1.1/unknown/os-quota-sets/defaults

Response(200 OK):
{u'quota_set': {u'cores': 20,
  u'floating_ips': 10,
  u'gigabytes': 1000,
  u'id': u'defaults',
  u'injected_file_content_bytes': 10240,
  u'injected_files': 5,
  u'instances': 10,
  u'metadata_items': 128,
  u'ram': 51200,
  u'volumes': 10}}

summary: - nova-manage should not return quota information for non-existent
- projects
+ Nova should not return quota information for non-existent projects
Revision history for this message
Johnny Boy (balboah) wrote :

This still applies in Folsom.
Really easy to get confused by this and also affects quota-update, not only quota-show. So I can actually set quotas for a tenant/project which does not exist

li,chen (chen-li)
Changed in nova:
assignee: nobody → li,chen (chen-li)
Revision history for this message
li,chen (chen-li) wrote :

 I guess the reason nova do not check if the tenant/project exist is because nova do not maintain tenant information by itself,.

nova-manage command will directly change nova database, so looks really difficult to add tenant/project check.

On the other side, actually, I think, for a nova client, no matter what role the user is, it can only show, update quota for its own tenant. So, the easiest way to fix this is to remove the input parameter in nova-client, make sure it will only operate on its own tenant.

Or, nova-api should check with keystone if the tenant exist before excute quota related command.

Is this correct?

li,chen (chen-li)
Changed in nova:
assignee: li,chen (chen-li) → nobody
Revision history for this message
Michael Still (mikal) wrote :

I think its important that nova reports that a admin has typoed a project / tenant descriptor. Otherwise life will be pretty confusing...

Revision history for this message
Jeffrey Zhang (jeffrey4l) wrote :

I prefer to add param --project <project/project_id>. It will handle the project name and project id. Just like what the keystone behavior.

# keystone user-role-add
usage: keystone user-role-add --user <user> --role <role> [--tenant <tenant>]

When changing the quota
1. If using nova quota, checking is needed and raise exception if the project is not exist.
2. If using nova-manage. Checking is hard, because the the keystone and nova db may located in different server. So just document it.

Abhijeet Malawade (abhijeet-malawade)
Changed in nova:
assignee: nobody → Abhijeet Malawade (abhijeet-malawade)
Revision history for this message
Tom Fifield (fifieldt) wrote :

De-assigning as we have not heard from Abhijeet in a while. If this was done in error, please re-assign.

Changed in nova:
assignee: Abhijeet Malawade (abhijeet-malawade) → nobody
Revision history for this message
Thang Pham (thang-pham) wrote :

There is a blueprint to validate tenant and user IDs that is pending: https://blueprints.launchpad.net/nova/+spec/validate-tenant-user-with-keystone. It should resolve this bug and well as many other identical bugs.

Sean Dague (sdague)
tags: added: nova-manage
Joe Gordon (jogo)
tags: added: quotas
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.