← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #83852

[Bug 1893284] Re: Per-user quotas not scoped correctly when creating a server

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/748550
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=4c11d5467a30506a82dd5d32dd22b8958a187c0b
Submitter: Zuul
Branch:    master

commit 4c11d5467a30506a82dd5d32dd22b8958a187c0b
Author: melanie witt <melwittt@xxxxxxxxx>
Date:   Thu Aug 27 23:34:18 2020 +0000

    Default user_id when not specified in check_num_instances_quota
    
    The Quotas.check_deltas method needs a user_id keyword arg in order to
    scope a quota check to a particular user. However, when we call
    check_num_instances_quota we don't pass a project_id or user_id because
    at the time of the quota check, we have not yet created an instance
    record and thus will not use that to determine the appropriate project
    and user.
    
    Instead, we should rely on the RequestContext.project_id and
    RequestContext.user_id as defaults in this case, but
    check_num_instances_quota only defaults project_id and not user_id.
    
    check_num_instances_quota should also default user_id to the
    RequestContext.user_id when user_id is not explicitly passed.
    
    check_num_instances_quota should also check whether any per-user quota
    limits are defined for instance-related resources before passing along
    the user_id to scope resource counting and limit checking. Counting
    resources across a user is costly, so we should avoid it if it's not
    needed.
    
    Closes-Bug: #1893284
    
    Change-Id: I3cfb1edc30b0bda4671e0d2cc2a8993055dcc9ff


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1893284

Title:
  Per-user quotas not scoped correctly when creating a server

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) pike series:
  New
Status in OpenStack Compute (nova) queens series:
  New
Status in OpenStack Compute (nova) rocky series:
  New
Status in OpenStack Compute (nova) stein series:
  New
Status in OpenStack Compute (nova) train series:
  New
Status in OpenStack Compute (nova) ussuri series:
  New

Bug description:
  While looking into an issue reported on the ML [1] around per-user
  quotas not working properly, I found a bug where quota checking is not
  scoped correctly when creating a server.

  This causes per-user quota limits not to be honored during these API
  requests.

  The problem is in a utility function we use for checking quota when
  creating servers:

  https://github.com/openstack/nova/blob/f521f4dbace0e35bedd089369da6f6969da5ca32/nova/compute/utils.py#L1104-L1120

  The Quotas.check_deltas method needs a user_id keyword arg in order to
  scope a quota check to a particular user. However, when we call
  check_num_instances_quota we don't pass a project_id or user_id
  because at the time of the quota check, we have not yet created an
  instance record and thus will not use that to determine the
  appropriate project and user. Instead, we should rely on the
  RequestContext.project_id and RequestContext.user_id as defaults in
  this case, but check_num_instances_quota only defaults project_id and
  not user_id.

  check_num_instances_quota should also default user_id to the
  RequestContext.user_id when user_id is not explicitly passed.

  [1] http://lists.openstack.org/pipermail/openstack-
  discuss/2020-August/016861.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1893284/+subscriptions

References

  Thread PreviousDate PreviousThread Next