Bug 1600399

Summary: Project purge deletes ALL images
Product: Red Hat OpenStack Reporter: Sandeep Yadav <sandyada>
Component: python-openstackclientAssignee: Julie Pichon <jpichon>
Status: CLOSED ERRATA QA Contact: Shai Revivo <srevivo>
Severity: medium Docs Contact:
Priority: medium    
Version: 12.0 (Pike)CC: apevec, jamsmith, lhh, srevivo
Target Milestone: z3Keywords: Triaged, ZStream
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-openstackclient-3.12.1-1.el7ost Doc Type: Bug Fix
Doc Text:
Prior to this update, the "project purge" command deleted all images regardless of which project owned it. This update fixes a mismatch between deletion code for Glance V1 and V2. It adds code specific to Glance V2 to handle the deletion correctly. Now the "project purge" command only deletes images owned by the specified project ID when run by an admin user.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-20 12:54:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sandeep Yadav 2018-07-12 07:46:41 UTC 
Description of problem:

"openstack project purge --project projectName" command began to delete all images, including ones the project did not own.

This issue is reported in upstream bugzilla:-

~~~
https://bugs.launchpad.net/python-openstackclient/+bug/1717130
~~~

As per the Upstream bug, This issue was fixed in the openstack/python-openstackclient 3.13.0 release.

I found till OSP 12, we are still shipping python-openstackclient-3.12.0-1.el7ost.noarch.rpm 

~~~
https://access.redhat.com/downloads/content/rhel---7/x86_64/5904/python-openstackclient/3.12.0-1.el7ost/noarch/fd431d51/package
~~~

From OSP 13, We are shipping python-openstackclient-3.14.1-1.el7ost.src.rpm , Where issue is resolved:-

~~~
https://access.redhat.com/downloads/content/rhel---7/x86_64/6671/python2-openstackclient/3.14.1-1.el7ost/noarch/fd431d51/package
~~~


Version-Release number of selected component (if applicable): OSP 12


How reproducible: Everytime


Steps to Reproduce:

======

In prior OSP version, before OSP 12

Purge command began to delete all images, including ones the project did not own.

[stack@undercloud-0 ~]$ openstack role add --project new_test_project --user test admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 31450a154ae24d8bb34b4077320f293b |
| name      | admin                            |
+-----------+----------------------------------+

I created a private image in admin project:-

[stack@undercloud-0 ~]$ . overcloudrc 
[stack@undercloud-0 ~]$ openstack image list --long
+--------------------------------------+--------+-------------+------------------+----------+----------------------------------+--------+------------+-----------+----------------------------------+------+
| ID                                   | Name   | Disk Format | Container Format |     Size | Checksum                         | Status | Visibility | Protected | Project                          | Tags |
+--------------------------------------+--------+-------------+------------------+----------+----------------------------------+--------+------------+-----------+----------------------------------+------+
| 5e547efd-4de2-4869-b6b7-16314fe9b9f0 | cirros | qcow2       | bare             | 13287936 | ee1eca47dc88f4879d8a229cc70a07c6 | active | private    | False     | 125870e89d8e42bc89900e87eb9a08a3 |      |
+--------------------------------------+--------+-------------+------------------+----------+----------------------------------+--------+------------+-----------+----------------------------------+------+

[stack@undercloud-0 ~]$ . testrc 
[stack@undercloud-0 ~]$ openstack image list --long
+--------------------------------------+--------+-------------+------------------+----------+----------------------------------+--------+------------+-----------+----------------------------------+------+
| ID                                   | Name   | Disk Format | Container Format |     Size | Checksum                         | Status | Visibility | Protected | Project                          | Tags |
+--------------------------------------+--------+-------------+------------------+----------+----------------------------------+--------+------------+-----------+----------------------------------+------+
| 5e547efd-4de2-4869-b6b7-16314fe9b9f0 | cirros | qcow2       | bare             | 13287936 | ee1eca47dc88f4879d8a229cc70a07c6 | active | private    | False     | 125870e89d8e42bc89900e87eb9a08a3 |      |
+--------------------------------------+--------+-------------+------------------+----------+----------------------------------+--------+------------+-----------+----------------------------------+------+

[stack@undercloud-0 ~]$ openstack project list
+----------------------------------+-------------------+
| ID                               | Name              |
+----------------------------------+-------------------+
| 125870e89d8e42bc89900e87eb9a08a3 | admin             |
| 6289a548a9e64daa885da90eba5eb688 | service           |
| 92b23854a8b84735aca7b16760a512dc | new_test_project  |
| 9d4062946f6e45ce9b2833616b396c17 | new_test_project2 |
+----------------------------------+-------------------+

[stack@undercloud-0 ~]$ openstack project purge --project 92b23854a8b84735aca7b16760a512dc
Deleting image : 5e547efd-4de2-4869-b6b7-16314fe9b9f0  -------> Image cirros got deleted, But this image was not owned by "new_test_project" project.
Deleting project: 92b23854a8b84735aca7b16760a512dc


[stack@undercloud-0 ~]$ rpm -qa | grep -i openstackclient
python-openstackclient-3.12.0-1.el7ost.noarch
python-openstackclient-lang-3.12.0-1.el7ost.noarch


In Latest OSP 13:- Issue is solved only particular images got purged which is owned by project.
=================

(overcloud) [stack@undercloud-0 ~]$ openstack image list
+--------------------------------------+---------------------------------+--------+
| ID                                   | Name                            | Status |
+--------------------------------------+---------------------------------+--------+
| fefadf1d-cfac-4afd-a48c-5820335a780c | cirros                          | active |
| 2954c877-491d-4ad9-b29b-078f4378bc38 | cirros_sandy                    | active |
| 30548ea2-a01a-4d14-b195-3e93a4cfeee5 | octavia-amphora-13.0-20180703.1 | active |
+--------------------------------------+---------------------------------+--------+
(overcloud) [stack@undercloud-0 ~]$ openstack project list
+----------------------------------+--------------+
| ID                               | Name         |
+----------------------------------+--------------+
| 317086217930443faa6530517bf52452 | service      |
| 4b398d7bdc224533bfcadb0d8546bb76 | test_project |
| e18484fae08a42ee99d7b89a4b10ee1b | admin        |
| f661ba5aa600491088ce3655e2b5b8da | sandy        |
+----------------------------------+--------------+

(overcloud) [stack@undercloud-0 ~]$ . sandy 
(overcloud) [stack@undercloud-0 ~]$ openstack project purge --project f661ba5aa600491088ce3655e2b5b8da
Deleting image : 2954c877-491d-4ad9-b29b-078f4378bc38
Deleting project: f661ba5aa600491088ce3655e2b5b8da

(overcloud) [stack@undercloud-0 ~]$ . overcloudrc 
(overcloud) [stack@undercloud-0 ~]$ openstack image list
+--------------------------------------+---------------------------------+--------+
| ID                                   | Name                            | Status |
+--------------------------------------+---------------------------------+--------+
| fefadf1d-cfac-4afd-a48c-5820335a780c | cirros                          | active |
| 30548ea2-a01a-4d14-b195-3e93a4cfeee5 | octavia-amphora-13.0-20180703.1 | active |
+--------------------------------------+---------------------------------+--------+
(overcloud) [stack@undercloud-0 ~]$ rpm -qa | grep -i openstackclient
python-openstackclient-lang-3.14.1-1.el7ost.noarch
python2-openstackclient-3.14.1-1.el7ost.noarch

Actual results:

This command began to delete All images, including ones the project did not own.

Expected results:

Only Images which are part of intended project should be deleted.


Additional info:
Comment 2 Julie Pichon 2018-07-12 08:25:21 UTC 
Thank you for the detailed bug report. Unfortunately 3.13 is a Queens/OSP13 release ( https://releases.openstack.org/teams/openstackclient.html#team-queens-python-openstackclient ) and can't be included in OSP12. However it looks like this particular patch was already backported to Pike and is included in the next point release, 3.12.1. I can see the package for this is already built downstream and would expect it to be included in the next OSP12 maintenance release.
Comment 5 errata-xmlrpc 2018-08-20 12:54:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2521