Bug 973459 - Quantum quota-update returns permission denied error
Summary: Quantum quota-update returns permission denied error
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: Unspecified Unspecified
high
high
Target Milestone: beta
: 4.0
Assignee: Assaf Muller
QA Contact: Ofer Blaut
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-12 00:17 UTC by Graeme Gillies
Modified: 2016-04-26 15:19 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-20 00:05:43 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2013:1859 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2013-12-21 00:01:48 UTC
Launchpad 1189671 None None None Never

Description Graeme Gillies 2013-06-12 00:17:44 UTC
Setting up a new environment with openstack grizzly, using quantum with quotas enabled, any attempt to modify the quotas using quantum quota-update gives a permission denied error

env | grep OS
OS_PASSWORD=<REMOVED>
OS_AUTH_URL=http://<REMOVED>:35357/v2.0
OS_USERNAME=admin
OS_TENANT_NAME=admin

# quantum quota-update --port 1000 --tenant_id b0785756ead14a6d8b9855769a58ee9e
{"QuantumError": "Access was denied to this resource."}
# quantum quota-update --port 1000
{"QuantumError": "Access was denied to this resource."}

The quantum-server log shows

2013-06-12 00:12:28    ERROR [quantum.api.v2.resource] update failed
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/quantum/api/v2/resource.py", line 82, in resource
    result = method(request=request, **args)
  File "/usr/lib/python2.6/site-packages/quantum/extensions/quotasv2.py", line 102, in update
    self._driver.update_quota_limit(request.context, id, key, value)
  File "/usr/lib/python2.6/site-packages/quantum/quota.py", line 146, in update_quota_limit
    raise webob.exc.HTTPForbidden()
HTTPForbidden: Access was denied to this resource.

This seems odd as I am definitely an admin.

Regards,

Graeme

Comment 3 Julie Pichon 2013-08-13 08:37:45 UTC
Graeme -- I hit the same permission issue recently and came across https://bugs.launchpad.net/neutron/+bug/1189671. Changing the default quota driver as suggested resolved the problem for me, perhaps it will help here too.

Comment 4 lpeer 2013-09-06 16:42:40 UTC
Graeme,
Did the workaround as suggested in comment 3 worked for you?

Comment 5 Graeme Gillies 2013-10-27 22:08:19 UTC
Hi,

Sorry for not replying sooner. This resolves the issue.

Thanks,

Graeme

Comment 6 lpeer 2013-11-10 06:46:25 UTC
the fix was merged in u/s rc2 build and should be available in RHOS 4.0

Comment 7 Ofer Blaut 2013-11-10 07:52:44 UTC
tested updated both network and port numbers

root@rose11 ~(keystone_admin)]# neutron quota-update --network 20
+---------------------+-------+
| Field               | Value |
+---------------------+-------+
| floatingip          | 50    |
| network             | 20    | <<<<<<
| port                | 50    |<<<<<<<<
| router              | 10    |
| security_group      | 10    |
| security_group_rule | 100   |
| subnet              | 10    |
+---------------------+-------+



[root@rose11 ~(keystone_admin)]# neutron quota-update --port 1000 --tenant-id 80384d55b7554d9ab3d6190142a69d34
+---------------------+-------+
| Field               | Value |
+---------------------+-------+
| floatingip          | 50    |
| network             | 20    |
| port                | 1000  | <<<<<<<< 
| router              | 10    |
| security_group      | 10    |
| security_group_rule | 100   |
| subnet              | 10    |
+---------------------+-------+

python-neutronclient-2.3.1-1.el6ost.noarch
openstack-neutron-2013.2-3.el6ost.noarch

Comment 10 errata-xmlrpc 2013-12-20 00:05:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html


Note You need to log in before you can comment on or make changes to this bug.