tacker

default vim in another tenant is selected

Bug #1958197 reported by Masaki Oyama
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tacker
Fix Released
Low
Manpreet Kaur

Bug Description

When instantiation is executed without specifying VIM, the VIM selected by default is not from a tenant of the VNF but from a tenant of the user who executes instantiation.
Therefore, if a VNF's tenant is different from a tenant of the user who executes instantiation, the VNF would be created in a vim that belongs to another tenant than the VNF.

Details are as follows:

1. Prerequisites:
- "test_user_1" belongs to "test_tenant_1" and has a "member" role.
- "test_user_2" belongs to "test_tenant_2" and has a "admin" role.

$ openstack role assignment list --user test_user_1
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| b1807726dcbc41aebf97e2d1ecbf6e3f | cab2a7ead14b419ab11c9ced90a9b0ec | | 3cd5d53ecb4946bba9da3816421c39c4 | | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+

$ openstack role assignment list --user test_user_2
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| 01c6eed9e0a749d49e4c36b8d6e4b840 | fdf5be83e2504210b5a3a928d90fd18c | | 69fcd0db6f9c4ff49b12fbcbdbbfe1e3 | | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+

$ openstack project list
+----------------------------------+--------------------+
| ID | Name |
+----------------------------------+--------------------+
| 3cd5d53ecb4946bba9da3816421c39c4 | test_tenant_1 |
| 69fcd0db6f9c4ff49b12fbcbdbbfe1e3 | test_tenant_2 |
| ff046723dffa42779525494bd63a12da | admin |
+----------------------------------+--------------------+

$ openstack role list
+----------------------------------+---------------------------+
| ID | Name |
+----------------------------------+---------------------------+
| 01c6eed9e0a749d49e4c36b8d6e4b840 | admin |
| b1807726dcbc41aebf97e2d1ecbf6e3f | member |
+----------------------------------+---------------------------+

- the vim of "test_vim_1" is created by "test_user_1" in a "test_tenant_1".
- the vim of "test_vim_2" is created by "test_user_2" in a "test_tenant_2".

$ openstack vim list (this command is executed by "test_user_1")
+--------------------------------------+------------+----------------------------------+-----------+------------+-----------+
| ID | Name | Tenant_id | Type | Is Default | Status |
+--------------------------------------+------------+----------------------------------+-----------+------------+-----------+
| b64dadaf-0232-4a3e-bbb5-321cb41399de | test_vim_1 | 3cd5d53ecb4946bba9da3816421c39c4 | openstack | True | REACHABLE |
+--------------------------------------+------------+----------------------------------+-----------+------------+-----------+

$ openstack vim list (this command is executed by "test_user_2")
+--------------------------------------+------------+----------------------------------+-----------+------------+-----------+
| ID | Name | Tenant_id | Type | Is Default | Status |
+--------------------------------------+------------+----------------------------------+-----------+------------+-----------+
| b64dadaf-0232-4a3e-bbb5-321cb41399de | test_vim_1 | 3cd5d53ecb4946bba9da3816421c39c4 | openstack | True | REACHABLE |
| 430de338-af86-4af8-b873-d3bb7e997afc | test_vim_2 | 69fcd0db6f9c4ff49b12fbcbdbbfe1e3 | openstack | True | REACHABLE |
+--------------------------------------+------------+----------------------------------+-----------+------------+-----------+

2. Create VNF
- "test_user_1" created "test_vnf" . So the VNF is in "test_tenant_1".

$ openstack vnflcm list (this command is executed by "test_user_1")
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| ID | VNF Instance Name | Instantiation State | VNF Provider | VNF Software Version | VNF Product Name | VNFD ID |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| babdfb89-b95e-4c34-950e-a527b077dddf | test_vnf | NOT_INSTANTIATED | xxx | xxx | xxx | xxx |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+

$ openstack vnflcm list (this command is executed by "test_user_2")
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| ID | VNF Instance Name | Instantiation State | VNF Provider | VNF Software Version | VNF Product Name | VNFD ID |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| babdfb89-b95e-4c34-950e-a527b077dddf | test_vnf | NOT_INSTANTIATED | xxx | xxx | xxx | xxx |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+

3. Instantiate VNF
- "test_user_2" instantiated "test_vnf" with a request that doesn't have specified vim.

4. Result
- "test_vim_2" is selected.

logs in tacker.log is as follows:
DEBUG tacker.vnfm.vim_client ... test_tenant_2 test_user_2] VIM id not provided. Attempting to find default VIM information from (pid=2569391) get_vim /opt/stack/tacker/tacker/vnfm/vim_client.py:45
DEBUG tacker.vnfm.vim_client ... test_tenant_2 test_user_2] VIM info found for vim id None from (pid=2569391) get_vim /opt/stack/tacker/tacker/vnfm/vim_client.py:58
DEBUG tacker.vnfm.vim_client ... test_tenant_2 test_user_2] VIM id is 430de338-af86-4af8-b873-d3bb7e997afc from (pid=2569391) _build_vim_auth /opt/stack/tacker/tacker/vnfm/vim_client.py:76

- "test_vnf" is instantiated successfully in "test_vim_2".

$ openstack vnflcm list (this command is executed by "test_user_1")
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| ID | VNF Instance Name | Instantiation State | VNF Provider | VNF Software Version | VNF Product Name | VNFD ID |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| babdfb89-b95e-4c34-950e-a527b077dddf | test_vnf | INSTANTIATED | xxx | xxx | xxx | xxx |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+

$ openstack vnflcm list (this command is executed by "test_user_2")
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| ID | VNF Instance Name | Instantiation State | VNF Provider | VNF Software Version | VNF Product Name | VNFD ID |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+
| babdfb89-b95e-4c34-950e-a527b077dddf | test_vnf | INSTANTIATED | xxx | xxx | xxx | xxx |
+--------------------------------------+------------------------------------+---------------------+--------------+----------------------+------------------+--------------------------------------+

Yasufumi Ogawa (yasufum)
Changed in tacker:
importance: Undecided → Low
Revision history for this message
Manpreet Kaur (manpreetk) wrote :

This issue has been addressed in https://review.opendev.org/c/openstack/tacker/+/813396.
Marking bug as fixed.

Changed in tacker:
assignee: nobody → Manpreet Kaur (manpreetk)
status: New → Confirmed
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.