<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Jun 28, 2016 at 12:32 PM, Potter, Nathaniel <span dir="ltr"><<a href="mailto:nathaniel.potter@intel.com" target="_blank">nathaniel.potter@intel.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hi all,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I did some digging into this on the cinder side, and it gets a little complicated. So, before the target and context are passed into the _authorize_show method,
they’re retrieved through the get_project_hierarchy method in cinder.quota_utils [1]. In that method, they will only have their parent_id set if the parent_id isn’t the same as their domain_id [2] – if those two fields are equal the parent_id field for the
returned generic_project object will be None. Based on what Henry said it seems like those two fields being the same implies that the project is at the top level because its parent is the domain itself (I’m guessing that should be true of the admin project?).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">So in your example you have the admin project whose domain_id is default and whose parent_id is also default, meaning that the parent_id passed into _authorize_show
is going to be None. If the target project whose quota you want to show is a ‘brother’ project to it and has a parent of default in the default domain, it should also have no parent set. Do you happen to know which of the three exceptions in _authorize_show
you’re hitting?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">If the admin context project is the one you pasted, it definitely won’t have a set parent because its parent and domain are the same. That would rule out the
exceptions on line 130 and 134 for your issue because they both rely on the context project having a set parent_id [3]. That would just leave the case where the target project for the quota you want to be showing does have a non-domain parent and isn’t a
part of the subtree for the admin context you’re making the call with.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Sorry for a bit of a braindump here, I was just trying to look at all of the possibilities to see if any of them could be of help
</span><span style="font-size:11pt;font-family:Wingdings;color:rgb(31,73,125)">J</span><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">. I think it would definitely be useful to know how exactly it’s failing out for you so we can make
sure it works the way it should, because I believe the intent is definitely to have admins be able to view and set all user quotas.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Nate<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">[1]
<a href="https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L170-L175" target="_blank">
https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L170-L175</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">[2]
<a href="https://github.com/openstack/cinder/blob/master/cinder/quota_utils.py#L110-L112" target="_blank">
https://github.com/openstack/cinder/blob/master/cinder/quota_utils.py#L110-L112</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">[3]
<a href="https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L125-L134" target="_blank">
https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L125-L134</a></span></p></div></div></blockquote><div><br></div><div>We're hitting the first exception: </div><div><br></div><div><a href="https://github.com/openstack/cinder/blob/stable/liberty/cinder/api/contrib/quotas.py#L178-L180">https://github.com/openstack/cinder/blob/stable/liberty/cinder/api/contrib/quotas.py#L178-L180</a></div><div><br></div><div>In our environment currently everything should have the default domain as the parent except for some heat stuff. </div></div></div></div>