Bug 973459 - Quantum quota-update returns permission denied error
Quantum quota-update returns permission denied error
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron (Show other bugs)
3.0
Unspecified Unspecified
high Severity high
: beta
: 4.0
Assigned To: Assaf Muller
Ofer Blaut
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-11 20:17 EDT by Graeme Gillies
Modified: 2016-04-26 11:19 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-19 19:05:43 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1189671 None None None Never
Red Hat Product Errata RHEA-2013:1859 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2013-12-20 19:01:48 EST

  None (edit)
Description Graeme Gillies 2013-06-11 20:17:44 EDT
Setting up a new environment with openstack grizzly, using quantum with quotas enabled, any attempt to modify the quotas using quantum quota-update gives a permission denied error

env | grep OS
OS_PASSWORD=<REMOVED>
OS_AUTH_URL=http://<REMOVED>:35357/v2.0
OS_USERNAME=admin
OS_TENANT_NAME=admin

# quantum quota-update --port 1000 --tenant_id b0785756ead14a6d8b9855769a58ee9e
{"QuantumError": "Access was denied to this resource."}
# quantum quota-update --port 1000
{"QuantumError": "Access was denied to this resource."}

The quantum-server log shows

2013-06-12 00:12:28    ERROR [quantum.api.v2.resource] update failed
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/quantum/api/v2/resource.py", line 82, in resource
    result = method(request=request, **args)
  File "/usr/lib/python2.6/site-packages/quantum/extensions/quotasv2.py", line 102, in update
    self._driver.update_quota_limit(request.context, id, key, value)
  File "/usr/lib/python2.6/site-packages/quantum/quota.py", line 146, in update_quota_limit
    raise webob.exc.HTTPForbidden()
HTTPForbidden: Access was denied to this resource.

This seems odd as I am definitely an admin.

Regards,

Graeme
Comment 3 Julie Pichon 2013-08-13 04:37:45 EDT
Graeme -- I hit the same permission issue recently and came across https://bugs.launchpad.net/neutron/+bug/1189671. Changing the default quota driver as suggested resolved the problem for me, perhaps it will help here too.
Comment 4 lpeer 2013-09-06 12:42:40 EDT
Graeme,
Did the workaround as suggested in comment 3 worked for you?
Comment 5 Graeme Gillies 2013-10-27 18:08:19 EDT
Hi,

Sorry for not replying sooner. This resolves the issue.

Thanks,

Graeme
Comment 6 lpeer 2013-11-10 01:46:25 EST
the fix was merged in u/s rc2 build and should be available in RHOS 4.0
Comment 7 Ofer Blaut 2013-11-10 02:52:44 EST
tested updated both network and port numbers

root@rose11 ~(keystone_admin)]# neutron quota-update --network 20
+---------------------+-------+
| Field               | Value |
+---------------------+-------+
| floatingip          | 50    |
| network             | 20    | <<<<<<
| port                | 50    |<<<<<<<<
| router              | 10    |
| security_group      | 10    |
| security_group_rule | 100   |
| subnet              | 10    |
+---------------------+-------+



[root@rose11 ~(keystone_admin)]# neutron quota-update --port 1000 --tenant-id 80384d55b7554d9ab3d6190142a69d34
+---------------------+-------+
| Field               | Value |
+---------------------+-------+
| floatingip          | 50    |
| network             | 20    |
| port                | 1000  | <<<<<<<< 
| router              | 10    |
| security_group      | 10    |
| security_group_rule | 100   |
| subnet              | 10    |
+---------------------+-------+

python-neutronclient-2.3.1-1.el6ost.noarch
openstack-neutron-2013.2-3.el6ost.noarch
Comment 10 errata-xmlrpc 2013-12-19 19:05:43 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.