yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #14262
[Bug 1317515] [NEW] flavor-access-add doesn't validate the tenant id
Public bug reported:
I can use a random string to represent the tenant when calling flavor-
access-add, and it will be shown in the flavor-access-list output even
though it has no meaning and won't work. This causes confusion for
users, who use the command to add tenants by name and then wonder why
they can't access the new flavour (e.g. bug 1083602, bug 1315479).
Steps to reproduce:
1. Create a private flavour
$ nova flavor-create --is-public false abcdef auto 1 1 1
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | abcdef | 1 | 1 | 0 | | 1 | 1.0 | False |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
2. Give access to a tenant by name
$ nova flavor-access-add f349c9a1-ce16-4511-9da0-eeced2f1baa4 demo
3. It looks like it was added correctly, but if I do 'nova flavor-list'
with a user from the demo tenant it will not show the flavour.
$ nova flavor-access-list --flavor f349c9a1-ce16-4511-9da0-eeced2f1baa4
+--------------------------------------+-----------+
| Flavor_ID | Tenant_ID |
+--------------------------------------+-----------+
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | demo |
+--------------------------------------+-----------+
The name doesn't need to exist at all, I can successfully add random
strings:
$ nova flavor-access-add f349c9a1-ce16-4511-9da0-eeced2f1baa4 this-tenant-does-not-exist
+--------------------------------------+----------------------------+
| Flavor_ID | Tenant_ID |
+--------------------------------------+----------------------------+
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | demo |
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | this-tenant-does-not-exist |
+--------------------------------------+----------------------------+
I think we shouldn't allow invalid IDs when running "nova flavor-access-
add".
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1317515
Title:
flavor-access-add doesn't validate the tenant id
Status in OpenStack Compute (Nova):
New
Bug description:
I can use a random string to represent the tenant when calling flavor-
access-add, and it will be shown in the flavor-access-list output even
though it has no meaning and won't work. This causes confusion for
users, who use the command to add tenants by name and then wonder why
they can't access the new flavour (e.g. bug 1083602, bug 1315479).
Steps to reproduce:
1. Create a private flavour
$ nova flavor-create --is-public false abcdef auto 1 1 1
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | abcdef | 1 | 1 | 0 | | 1 | 1.0 | False |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
2. Give access to a tenant by name
$ nova flavor-access-add f349c9a1-ce16-4511-9da0-eeced2f1baa4 demo
3. It looks like it was added correctly, but if I do 'nova flavor-
list' with a user from the demo tenant it will not show the flavour.
$ nova flavor-access-list --flavor f349c9a1-ce16-4511-9da0-eeced2f1baa4
+--------------------------------------+-----------+
| Flavor_ID | Tenant_ID |
+--------------------------------------+-----------+
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | demo |
+--------------------------------------+-----------+
The name doesn't need to exist at all, I can successfully add random
strings:
$ nova flavor-access-add f349c9a1-ce16-4511-9da0-eeced2f1baa4 this-tenant-does-not-exist
+--------------------------------------+----------------------------+
| Flavor_ID | Tenant_ID |
+--------------------------------------+----------------------------+
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | demo |
| f349c9a1-ce16-4511-9da0-eeced2f1baa4 | this-tenant-does-not-exist |
+--------------------------------------+----------------------------+
I think we shouldn't allow invalid IDs when running "nova flavor-
access-add".
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1317515/+subscriptions
Follow ups
References