Ubuntu
python-openstackclient package

Comands with admin user over vms in other tenants work with ID, but no with name

Bug #1821766 reported by Candido Campos Rivas on 2019-03-26

10

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	python-openstackclient (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

OSP 14

(undercloud) [stack@undercloud-0 ~]$ openstack --version
openstack 3.16.2
(undercloud) [stack@undercloud-0 ~]$

Comands with admin user over vms in other tenants work with ID, but no with name:
(overcloud) [stack@undercloud-0 ~]$ . overcloudrc
(overcloud) [stack@undercloud-0 ~]$ openstack server list
+--------------------------------------+-------------------+--------+----------------------+--------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+----------------------+--------+--------+
| 8e242a1d-a4a8-4e85-bce6-061438c03f3e | provider-instance | ACTIVE | selfservice=10.1.0.8 | cirros | cirros |
+--------------------------------------+-------------------+--------+----------------------+--------+--------+
(overcloud) [stack@undercloud-0 ~]$ openstack server list --all
+--------------------------------------+--------------------+--------+-----------------------------------+--------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+--------------------+--------+-----------------------------------+--------+--------+
| 8e242a1d-a4a8-4e85-bce6-061438c03f3e | provider-instance | ACTIVE | selfservice=10.1.0.8 | cirros | cirros |
| ed6e504f-bc47-4685-912d-e96639fb404c | provider-instance | ACTIVE | selfservice=10.1.0.23 | cirros | cirros |
| a59815b1-9b5b-4d2f-a0f3-16b99b1c82ea | provider-instance3 | ACTIVE | selfservice=10.1.0.12, 10.0.0.215 | cirros | cirros |
| 0b0066e8-fdfe-46e7-85ad-03aa59ea8daa | provider-instance1 | ACTIVE | selfservice=10.1.0.6 | cirros | cirros |
| c59ea9d2-9aeb-4dd5-86ff-7d7c0c185664 | provider-instance | ACTIVE | selfservice=10.1.0.17 | cirros | cirros |
+--------------------------------------+--------------------+--------+-----------------------------------+--------+--------+
(overcloud) [stack@undercloud-0 ~]$ openstack server show provider-instance3
No server with a name or ID of 'provider-instance3' exists.
(overcloud) [stack@undercloud-0 ~]$ openstack server show a59815b1-9b5b-4d2f-a0f3-16b99b1c82ea
+-------------------------------------+----------------------------------------------------------+
| Field | Value |
+-------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | compute-2.localdomain |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute-2.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000089 |
| OS-EXT-STS:power_state | Running |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2019-03-07T16:19:10.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | selfservice=10.1.0.12, 10.0.0.215 |
| config_drive | |
| created | 2019-03-07T16:18:55Z |
| flavor | cirros (0) |
| hostId | de406aa667510aae422503b79d80663cd48c126a810292af891404d5 |
| id | a59815b1-9b5b-4d2f-a0f3-16b99b1c82ea |
| image | cirros (10fb27dc-7894-4fc1-95ec-443b74077a73) |
| key_name | mykey |
| name | provider-instance3 |
| progress | 0 |
| project_id | 0dcb502bdb6f4f3683c51557b443168e |
| properties | |
| security_groups | name='default' |
| status | ACTIVE |
| updated | 2019-03-07T16:24:18Z |
| user_id | 47bb2cdfa9734038a2a3f2e5cc1876e6 |
| volumes_attached | |
+-------------------------------------+----------------------------------------------------------+
(overcloud) [stack@undercloud-0 ~]$

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-06-01:

#1

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python-openstackclient (Ubuntu):
status:	New → Confirmed

Revision history for this message

Gabriel Ramirez (gabriel1109) wrote on 2020-06-05:

#2

Hi,

I don't believe this would be the right way to go about it based off keystone's scoping

With the 'cloud-admin' role

openstack server list --all-projects

works becasue the 'cloud-admin' has the ability view all server's for all tenant's within his domain, meaning

Project/tenant A uuid | servername
uuidA | provider-instance

Project/tenant B uuid | servername
uuidB | provider-instance

will be returned by 'openstack server list --all-projects'

But when executing

openstack server show provider-instance

either
1) Domain-scoped tokens: You'll get an authentication error (because it won't know if it should return the instance in Tenant A or tenant B due to having identical names)

or

2) Project-scoped tokens: If that same user is also a member of Tenant C and no server in tenant C with the name 'provider-instance' exists, then it won't return anything.

The best way to get around this is to either define the tenant when doing the openstack server show --os-project-id, or to define the project within the openrc file

Changed in python-openstackclient (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.