Bug 1574431 - cinder quota-update command accepts incorrect project IDs
Summary: cinder quota-update command accepts incorrect project IDs
Keywords:
Status: ON_DEV
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 10.0 (Newton)
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
: ---
Assignee: Rajat Dhasmana
QA Contact: Evelina Shames
Andy Stillman
URL:
Whiteboard:
: 1650027 1653755 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-03 10:20 UTC by Alex Stupnikov
Modified: 2023-07-30 06:52 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
Currently, quota commands do not work as expected in the Block Storage service (cinder). The Block Storage CLI does not verify if the project ID that you specify is valid. Therefore, you can use the Block Storage CLI to create quota entries with invalid project IDs. These quota entries are dummy records that contain invalid data. Until this issue is fixed, if you are a CLI user, you must specify a valid project ID when you create quota entries and monitor Block Storage for dummy records.
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1307491 0 None None None 2020-03-19 15:16:57 UTC
OpenStack gerrit 784763 0 None NEW Add project validation in quotas 2022-10-04 14:32:03 UTC
Red Hat Issue Tracker OSP-718 0 None None None 2021-12-10 16:21:01 UTC

Internal Links: 1574439

Description Alex Stupnikov 2018-05-03 10:20:46 UTC 
Description of problem:

It is possible to successfully create quota entry with any text word instead of valid project ID. This is misleading for customers: they successfully create quotas with project names instead of project IDs, but those quotas are not enforced.


How reproducible:

The following command may look like a command that adds a quota for admin tenant, but instead it creates a dummy record in cinder DB:

cinder quota-update --volumes 3 admin

MariaDB [cinder]> SELECT * FROM quotas WHERE project_id="admin";
+----+---------------------+------------+------------+---------+------------+----------+------------+-----------+
| id | created_at          | updated_at | deleted_at | deleted | project_id | resource | hard_limit | allocated |
+----+---------------------+------------+------------+---------+------------+----------+------------+-----------+
|  6 | 2018-05-03 09:41:49 | NULL       | NULL       |       0 | admin      | volumes  |          3 |         0 |
+----+---------------------+------------+------------+---------+------------+----------+------------+-----------+


Here is an entry for valid cinder quota:

MariaDB [cinder]> SELECT * FROM quotas WHERE project_id="602c2a16e060483f997193a314d0b9c7" AND resource="volumes";
+----+---------------------+---------------------+------------+---------+----------------------------------+----------+------------+-----------+
| id | created_at          | updated_at          | deleted_at | deleted | project_id                       | resource | hard_limit | allocated |
+----+---------------------+---------------------+------------+---------+----------------------------------+----------+------------+-----------+
|  9 | 2018-05-03 10:02:00 | 2018-05-03 10:09:06 | NULL       |       0 | 602c2a16e060483f997193a314d0b9c7 | volumes  |          9 |         0 |
+----+---------------------+---------------------+------------+---------+----------------------------------+----------+------------+-----------+


Actual results:

cinder creates misleading quota entries in DB


Expected results:

cinder asks to use valid project_id
Comment 2 Eric Harney 2018-11-15 08:04:19 UTC 
*** Bug 1650027 has been marked as a duplicate of this bug. ***
Comment 3 Alan Bishop 2018-11-28 13:49:42 UTC 
*** Bug 1653755 has been marked as a duplicate of this bug. ***
Comment 8 Yaniv Kaul 2021-06-08 15:13:35 UTC 
It's interesting this is low/low, considering we have 2 customer cases here, and it's a usability issue. Do we have any forecast for fixing this?
Comment 9 Luigi Toscano 2021-06-08 15:28:03 UTC 
(In reply to Yaniv Kaul from comment #8)
> It's interesting this is low/low, considering we have 2 customer cases here,
> and it's a usability issue. Do we have any forecast for fixing this?

Not at the moment, but it still useful to be fixed.
Comment 11 Vincent S. Cojot 2021-07-15 19:14:42 UTC 
Also seeing that on OSP13:

overcloud) [stack@director ~]$ cinder quota-update --volumes -1 ma_soeur
+----------------------+-------+
| Property             | Value |
+----------------------+-------+
| backup_gigabytes     | 1000  |
| backups              | 10    |
| gigabytes            | 1000  |
| gigabytes_ontap      | -1    |
| gigabytes_solidfire  | -1    |
| groups               | 10    |
| per_volume_gigabytes | -1    |
| snapshots            | 10    |
| snapshots_ontap      | -1    |
| snapshots_solidfire  | -1    |
| volumes              | -1    |
| volumes_ontap        | -1    |
| volumes_solidfire    | -1    |
+----------------------+-------+
(overcloud) [stack@director ~]$ 
3:11
(overcloud) [stack@director ~]$ cinder quota-show ma_soeur
+----------------------+-------+
| Property             | Value |
+----------------------+-------+
| backup_gigabytes     | 1000  |
| backups              | 10    |
| gigabytes            | 1000  |
| gigabytes_ontap      | -1    |
| gigabytes_solidfire  | -1    |
| groups               | 10    |
| per_volume_gigabytes | -1    |
| snapshots            | 10    |
| snapshots_ontap      | -1    |
| snapshots_solidfire  | -1    |
| volumes              | -1    |
| volumes_ontap        | -1    |
| volumes_solidfire    | -1    |
+----------------------+-------+
(overcloud) [stack@director ~]$ openstack project show ma_soeur
No project with a name or ID of 'ma_soeur' exists.
Note You need to log in before you can comment on or make changes to this bug.