yahoo-eng-team team mailing list archive

[hossein zabolzadeh <zabolzadeh@xxxxxxxxx>]

Public bug reported:

There is no quota check for snapshots getting from instances both via
APIs and horizon. Imagine a situation in which a normal user can fill-
out whole of the cinder(ceph) storage space by calling the
get_instance_snapshot() API. But its need to control the amount of
instance snapshots by defining instance-snapshot-quota.

How to check the bug?
1- In specific project, launch a new instance.
2- Set the project's quota all the way down(e.g. instances: 1, volume_snapshots: 0, ...).
3- Get snapshots from running instance as much as you can.

You see that there is no quota check and user can fill-out the whole of
the storage space.

** Affects: horizon
     Importance: Undecided
         Status: New


** Tags: horizon-core keystone

** Description changed:

  There is no quota check for snapshots getting from instances both via
- APIs and horizon. Imagine a situation where a normal user can fill out
- the whole of the cinder(ceph) storage space by calling the
- get_instance_snapshot() API, which should be restricted using project
- quota checks.
+ APIs and horizon. Imagine a situation in which a normal user can fill-
+ out whole of the cinder(ceph) storage space by calling the
+ get_instance_snapshot() API. But its need to control the amount of
+ instance snapshots by defining instance-snapshot-quota.
  
  How to check the bug?
  1- In specific project, launch a new instance.
  2- Set the project's quota all the way down(e.g. instances: 1, volume_snapshots: 0, ...).
  3- Get snapshots from running instance as much as you can.
  
  You see that there is no quota check and user can fill out the whole of
  the storage space.

** Description changed:

  There is no quota check for snapshots getting from instances both via
  APIs and horizon. Imagine a situation in which a normal user can fill-
  out whole of the cinder(ceph) storage space by calling the
  get_instance_snapshot() API. But its need to control the amount of
  instance snapshots by defining instance-snapshot-quota.
  
  How to check the bug?
  1- In specific project, launch a new instance.
  2- Set the project's quota all the way down(e.g. instances: 1, volume_snapshots: 0, ...).
  3- Get snapshots from running instance as much as you can.
  
- You see that there is no quota check and user can fill out the whole of
+ You see that there is no quota check and user can fill-out the whole of
  the storage space.

** Tags added: quota-check

** Tags removed: quota-check
** Tags added: horizon-core keystone

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1493122

Title:
  There is no quota check for instance snapshot

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  There is no quota check for snapshots getting from instances both via
  APIs and horizon. Imagine a situation in which a normal user can fill-
  out whole of the cinder(ceph) storage space by calling the
  get_instance_snapshot() API. But its need to control the amount of
  instance snapshots by defining instance-snapshot-quota.

  How to check the bug?
  1- In specific project, launch a new instance.
  2- Set the project's quota all the way down(e.g. instances: 1, volume_snapshots: 0, ...).
  3- Get snapshots from running instance as much as you can.

  You see that there is no quota check and user can fill-out the whole
  of the storage space.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1493122/+subscriptions