Description of problem: I created several types with admin user, created tenants and user which is a member in one of the tenants that I created. I logged in with the user I created and was able to list and use all types. I can think of several reasons why we should not allow this, here are two from the top of my head: 1. if we simply manage groups in our company it may cause a problem if a volume created by someone in finance is tagged for someone in support. 2. if I use the type for customers name in a cloud, I may not want every one to see the customer names. Version-Release number of selected component (if applicable): openstack-cinder-2013.1.2-3.el6ost.noarch How reproducible: 100% Steps to Reproduce: 1. create a type as admin user 2. create a tenant with user which is member 3. log in as the user -> run: cinder type-list Actual results: we see all the types and can use them to create a volume Expected results: a user should only see types that are assigned to them Additional info: as admin: [root@opens-vdsb ~(keystone_admin)]# cinder type-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 14587c80-c106-42c7-93ed-2ceaa98f8eae | bla | | af06d9d6-23e1-4016-b5f9-ac5df4772c68 | blabla | | bd842e99-fba0-4fb9-9f04-83ebed28aa59 | dafna | | dd4c04ff-d3f5-4bba-92fa-c2d2cdc18660 | lvm | +--------------------------------------+--------+ as user: [dron@opens-vdsb ~(keystone_admin)]$ cinder type-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 14587c80-c106-42c7-93ed-2ceaa98f8eae | bla | | af06d9d6-23e1-4016-b5f9-ac5df4772c68 | blabla | | bd842e99-fba0-4fb9-9f04-83ebed28aa59 | dafna | | dd4c04ff-d3f5-4bba-92fa-c2d2cdc18660 | lvm | +--------------------------------------+--------+ create as user: [dron@opens-vdsb ~(keystone_admin)]$ cinder create 10 --volume-type blabla +---------------------+--------------------------------------+ | Property | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | created_at | 2013-07-23T11:29:18.437476 | | display_description | None | | display_name | None | | id | 5908f5ba-489a-4364-b280-346381cb3c2e | | metadata | {} | | size | 10 | | snapshot_id | None | | source_volid | None | | status | creating | | volume_type | blabla | +---------------------+--------------------------------------+ [dron@opens-vdsb ~(keystone_admin)]$ cinder list +--------------------------------------+-----------+--------------+------+-------------+----------+-------------+ | ID | Status | Display Name | Size | Volume Type | Bootable | Attached to | +--------------------------------------+-----------+--------------+------+-------------+----------+-------------+ | 13603de3-8435-4c37-9283-16a61c7bb4c7 | available | bla | 10 | bla | false | | | 5908f5ba-489a-4364-b280-346381cb3c2e | available | None | 10 | blabla | false | | | 5c066222-b8a9-4990-9d88-b1190aaf2d14 | available | None | 10 | blabla | false | | | 68eca3bb-61d2-4031-bdeb-8eea28232dd8 | error | bbhb | 10 | dafna | false | | | a597c6c3-3966-4675-94c2-00a335da2114 | available | bhbh | 10 | bla | false | | +--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
Neither Sean nor I see the need for per user volume types. If you have a use case, feel free to suggest upstream.
opened https://bugs.launchpad.net/cinder/+bug/1214747