python-neutronclient

fail to update security group quota use neutronclient

Bug #1627604 reported by hujin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-neutronclient
Won't Fix
Undecided
Unassigned

Bug Description

[root@controller ~(keystone_admin)]# neutron quota-update --security_group 2000
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 50 |
| network | 10 |
| port | 50 |
| rbac_policy | 10 |
| router | 10 |
| security_group | 1 |
| security_group_rule | 100 |
| subnet | 10 |
| subnetpool | -1 |
+---------------------+-------+
[root@controller ~(keystone_admin)]#

MariaDB [neutron]> select * from quotas;
+--------------------------------------+----------------------------------+----------------+-------+
| id | tenant_id | resource | limit |
+--------------------------------------+----------------------------------+----------------+-------+
| 169771fd-c26b-4e0d-a346-92ce1df654b9 | bd8a3fa0c3994178a5771d7c20c7eaea | security_group | 20 |
| c06831e2-8006-45bd-acaf-4fac3d464ac5 | 2000 | security_group | 1 |
| f42720d0-dded-40de-9ab6-6840e12d8a81 | 20 | security_group | 1 |
+--------------------------------------+----------------------------------+----------------+-------+

I want to update securitygroup quota to 2000, but create a record and it's tenant_id is 2000 in db.

hujin (hujin)
Changed in python-neutronclient:
assignee: nobody → hujin (hujin)
Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote :

Since quota API is admin-only, I'm not sure this really qualifies as a security vulnerability. Is there a reason this report has been filled as private security?

Revision history for this message
hujin (hujin) wrote :

It is just a usage bug, not security vulnerability.
The correct cmd is "neutron quota-update --security-group 2000"

hujin (hujin)
information type: Private Security → Private
information type: Private → Public
information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
hujin (hujin) wrote :

https://review.openstack.org/#/c/376216/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on python-neutronclient (master)

Change abandoned by Kevin Benton (<email address hidden>) on branch: master
Review: https://review.openstack.org/376216
Reason: focus on OSC improvements instead of the deprecated client

Revision history for this message
Akihiro Motoki (amotoki) wrote :

neutron CLI is deprecated and there is a way to update quota if a correct command line is used. We do not fix this.

Changed in python-neutronclient:
status: New → Won't Fix
assignee: hujin (hujin) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.