octavia

Octavia should ignore project_id on API create commands (except load_balancer)

Bug #1624145 reported by Stephen Balukoff on 2016-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	octavia	Fix Released	High	Michael Johnson

Bug Description

Right now, the Octavia API allows the specification of the project_id on the create commands for the following objects:

listener
health_monitor
member
pool

However, all of these objects should be inheriting their project_id from the ancestor load_balancer object. Allowing the specification of project_id when we create these objects could lead to a situation where the descendant object's project_id is different from said object's ancestor load_balancer project_id.

We don't want to break our API's backward compatibility for at least two release cycles, so for now we should simply ignore this parameter if specified (and get it from the load_balancer object in the database directly), and insert TODO notes in the API code to remove the ability to specify project_id after a certain openstack release.

We should also update the Octavia driver in neutron_lbaas to stop specifying the project_id on descendant object creation.

This bug is related to https://bugs.launchpad.net/octavia/+bug/1624113

Tags:

Stephen Balukoff (sbalukoff) on 2016-09-15

affects:	octavia → neutron
affects:	neutron → octavia

Revision history for this message

Michael Johnson (johnsom) wrote on 2016-09-15:

I think this all needs to change as part of the merge activity. project_id should come from keystone when the token is validated, so we should not be accepting project_id at all on the Octavia API going forward.

Hirofumi Ichihara (ichihara-hirofumi) on 2016-09-16

tags:

added: api

Michael Johnson (johnsom) on 2016-09-19

tags:	added: lbaas lbaas-merge
Changed in octavia:
importance:	Undecided → High

Michael Johnson (johnsom) on 2016-12-06

no longer affects:

neutron

Michael Johnson (johnsom) on 2017-02-08

Changed in octavia:
assignee:	nobody → Michael Johnson (johnsom)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-08: Fix proposed to octavia (master)

Fix proposed to branch: master
Review: https://review.openstack.org/431207

Changed in octavia:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-14: Fix merged to octavia (master)

Reviewed: https://review.openstack.org/431207
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=108ab279524d323552d825387e34d5ef0520292b
Submitter: Jenkins
Branch: master

commit 108ab279524d323552d825387e34d5ef0520292b
Author: johnsom <email address hidden>
Date: Wed Feb 8 11:21:52 2017 -0800

Fix Octavia v1 API project_id for POST

    This patch corrects the project_id handling for POST calls to the
    Octavia v1 API. For load balancer create calls we use the specified
    project_id if the user is an admin or noauth is specified. If no
    project_id is specified in the request we use the project_id from
    the context. If no project_id can be found we raise an exception.
    For the other object POST methods we use the project_id
    from the parent load balancer.

Change-Id: Ibf59541b8811e3bbe36cfec039f91e20036102e4
Closes-Bug: #1624145

Changed in octavia:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-14: Fix included in openstack/octavia 1.0.0.0b1

This issue was fixed in the openstack/octavia 1.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.