[openstack-dev] [nova] no user/project validation in "nova quota-show"?

Matt Riedemann mriedem at linux.vnet.ibm.com
Tue Dec 8 15:06:18 UTC 2015



On 12/7/2015 6:55 PM, Alex Xu wrote:
>
>
> 2015-12-08 8:38 GMT+08:00 Kevin L. Mitchell
> <kevin.mitchell at rackspace.com <mailto:kevin.mitchell at rackspace.com>>:
>
>     On Mon, 2015-12-07 at 18:21 -0600, Chris Friesen wrote:
>     > Can someone explain why nova doesn't seem to be doing any validation in the
>     > "nova quota-show" command?  (At least in kilo/stable.)
>     >
>     > If I run:
>     > nova --debug quota-show  --tenant aprojectdoesnotexist --user nosuchuser
>     >
>     > the debug info shows:
>     >
>     > DEBUG (connectionpool:383) "GET
>     > /v2/ceddf233621f4772a8b4f17de3d45e31/os-quota-sets/aprojectdoesnotexist?user_id=nosuchuser
>     > HTTP/1.1" 200 359
>     >
>     > and it returns a reasonable-looking set of quota information.
>     >
>     >
>     >
>     > Shouldn't nova be complaining that the specified tenant/user don't actually exist?
>
>     1. Nova doesn't know what tenants and users exist; that's something only
>     Keystone knows.
>
>     2. There are defaults for quotas, which is how nova determines what
>     quotas to apply to a tenant when there's no specific quota for that
>     tenant in its database.  That's why you're getting a reasonable-looking
>     set of quota information.
>
>
>
> yes, but I found one spec we approved before
> https://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/validate-tenant-user-with-keystone.html
>
> But it doesn't finish.
>
>     --
>     Kevin L. Mitchell <kevin.mitchell at rackspace.com
>     <mailto:kevin.mitchell at rackspace.com>>
>     Rackspace
>
>
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

I can't seem to find the mailing list thread on this, if there ever was 
one, but I remember talking about this same problem a few months ago - 
related to how the quotas API will create new quotas for you on update 
if they don't yet exist [1]. Chatting in IRC some of us were talking 
about adding a new create method to the API so that could be explicit.

The same thing exists in nova-manage also [2].

There are several bugs related to the blueprint Alex pointed out [3].

I also found some discussion in a nova meeting [4]. That has most of the 
details (there might be more in one of the bugs related to the 
blueprint) if someone wants to take a run at this for the N release.

[1] 
https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/quota_sets.py#L140
[2] https://github.com/openstack/nova/blob/master/nova/cmd/manage.py#L283
[3] 
https://blueprints.launchpad.net/nova/+spec/validate-project-with-keystone
[4] 
http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2015-10-06.log.html#t2015-10-06T17:21:45

-- 

Thanks,

Matt Riedemann




More information about the OpenStack-dev mailing list