2175217 – [16.2] Multiattach volumes should be created by volume type only

Bug 2175217 - [16.2] Multiattach volumes should be created by volume type only

Summary: [16.2] Multiattach volumes should be created by volume type only

Keywords:
Status:	MODIFIED
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z6
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Rajat Dhasmana
QA Contact:	Evelina Shames
Docs Contact:	Andy Stillman
URL:
Whiteboard:
Depends On:	2184834 2184844
Blocks:
TreeView+	depends on / blocked

Reported:	2023-03-03 15:14 UTC by jhardee
Modified:	2023-07-31 21:29 UTC (History)
CC List:	4 users (show)
Fixed In Version:	openstack-cinder-15.6.1-2.20230727141331.299553a.el8osttrunk
Doc Type:	Bug Fix
Doc Text:	Cause: In OSP 13, the ability to create a multiattach volume by passing a request parameter in the volume-create request was deprecated for removal as unsafe. The preferred method for creating a multiattach volume is to use a volume-type that enables multiattach. Consequence: Creating a multattach volume on a backend that does not provide proper multiattach support can lead to data loss. Fix: It is no longer possible to create a multiattach volume independently of using a volume-type that allows multiattach. Result: Some Block Storage API requests that were previously acceptable will be rejected with a 400 (Bad Request) response code accompanied by an informative error message.
Clone Of:
Clones:	2184834 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	2008259	None	None	None	2023-03-03 15:49:12 UTC
OpenStack gerrit	874865	None	NEW	Remove multiatttach request parameter	2023-03-13 08:55:58 UTC
Red Hat Issue Tracker	OSP-22857	None	None	None	2023-03-03 15:15:19 UTC

Internal Links: 2184840 2184844

Description jhardee 2023-03-03 15:14:33 UTC

Description of problem:
The multiattach functionality is restricted to a multiattach volume type that must be created by an admin. A cinder API bug allows non-admin users to create multiattach volumes without the multiattach volume type which can corrupt their data


Version-Release number of selected component (if applicable):
RHOSP 16.2

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
User can accidentally corrupt data by creating a multiattach volume without the correct volume type.


Expected results:


Additional info:

https://bugs.launchpad.net/cinder/+bug/2008259

Customer mentioned the community released a patch to fix this. Will  you please include the patch in RHOSP 16.2?

https://review.opendev.org/c/openstack/cinder/+/874865

Comment 1 jhardee 2023-03-06 19:05:22 UTC

Any informatoin that I can pass along to the customer?

Comment 17 Brian Rosmaita 2023-07-27 18:17:31 UTC

Set fixed-in version to openstack-cinder-15.6.1-2.20230727141331.299553a.el8osttrunk, which is tagged 'rhos-16.2-rhel-8-trunk-candidate'.
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2614550

Note You need to log in before you can comment on or make changes to this bug.