yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1675791] Re: Instance created by demo user(non-admin), shelved by admin and unshelved by demo user --> ends up in error state

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1675791@xxxxxxxxxxxxxxxxxx>
Date: Tue, 12 Mar 2019 18:43:24 -0000
Reply-to: Bug 1675791 <1675791@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/630769
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=35cc0f5e943642dd8d9dacbf0dac6e260f708d7d
Submitter: Zuul
Branch:    master

commit 35cc0f5e943642dd8d9dacbf0dac6e260f708d7d
Author: Matt Riedemann <mriedem.os@xxxxxxxxx>
Date:   Mon Jan 14 15:29:37 2019 -0500

    Share snapshot image membership with instance owner
    
    When an admin creates a snapshot of another project owners
    instance, either via the createImage API directly, or via the
    shelve or createBackup APIs, the admin project is the owner
    of the image and the owner of the instance (in another project)
    cannot "see" the image. This is a problem, for example, if an
    admin shelves a tenant user's server and then the user tries to
    unshelve the server because the user will not have access to
    get the shelved snapshot image.
    
    This change fixes the problem by leveraging the sharing feature [1]
    in the v2 image API. When a snapshot is created where the request
    context project_id does not match the owner of the instance project_id,
    the instance owner project_id is granted sharing access to the image.
    By default, this means the instance owner (tenant user) can get the
    image directly via the image ID if they know it, but otherwise the image
    is not listed for the user to avoid spamming their image listing. In the
    case of unshelve, the end user does not need to know the image ID since
    it is stored in the instance system_metadata. Regardless, the user could
    accept the pending image membership if they want to see the snapshot
    show up when listing available images.
    
    Note that while the non-admin project has access to the snapshot
    image, they cannot delete it. For example, if the user tries to
    delete or unshelve a shelved offloaded server, nova will try to
    delete the snapshot image which will fail and log a warning since
    the user does not own the image (the admin does). However, the
    delete/unshelve operations will not fail because the image cannot
    be deleted, which is an acceptable trade-off.
    
    Due to some very old legacy virt driver code which started in the
    libvirt driver and was copied to several other drivers, several virt
    drivers had to be modified to not overwrite the "visibility=shared"
    image property by passing "is_public=False" when uploading the image
    data. There was no point in the virt drivers setting is_public=False
    since the API already controls that. It does mean, however, that
    the bug fix is not really in effect until both the API and compute
    service code has this fix.
    
    A functional test is added which depends on tracking the owner/member
    values in the _FakeImageService fixture. Impacted unit tests are
    updated accordingly.
    
    [1] https://developer.openstack.org/api-ref/image/v2/index.html#sharing
    
    Change-Id: If53bc8fa8ab4a8a9072061af7afed53fc12c97a5
    Closes-Bug: #1675791


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1675791

Title:
  Instance created by demo user(non-admin), shelved by admin and
  unshelved by demo user --> ends up in error state

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) pike series:
  Triaged
Status in OpenStack Compute (nova) queens series:
  Triaged
Status in OpenStack Compute (nova) rocky series:
  Triaged

Bug description:
  Steps to reproduce
  ===========
  1) Login as demo user and create an instance. 
  2) Login as a admin user navigate to admin panel and shelve the instance (as admin user is able shelve any instance).
  3) Login as demo user and try to unshelve the instance shelved by admin user.

  Expected : instance should be unshelved 
  Actual : instance is not shelved but is went to error state. 

  Concerns 
  ===========
  There are two conditions here 1.If this scenarios is not valid admin user should not have an option to shelve the instance , this option should be removed .
  2.If this is a valid flow , instance should be unsheleved by the demo user. During the shelve process a snap shot will be created in the instance panel and it will be removed automatically when instance is unshelved. But when admin user is trying to shelve instance a snapshot is created under admin projects instead of demo project . This may be the reason for unshelve failure
  Admin user is able to unsheleve an instance shelved by demo user as he is seeing both snapshots.

  
  Environment
  ===========
  Reproduced it with pure stable/Newton in devstack environment 
  Also reproduced it with Liberty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1675791/+subscriptions

References

[Bug 1675791] [NEW] Instance created by demo user(non-admin), shelved by admin and unshelved by demo user --> ends up in error state
From: Nikolai Korablin, 2017-03-24