Open Stack

This is probably affecting other people as well, so hopefully message will
avoid some headaches.

[nova,cinder,neutron] will allow you to do a quota-update using the
tenant-name (instead of tenant-id). They will also allow you to do a
quota-show tenant-name and get the expected values back.

Then you go to the tenant and end up surprised that the quotas have not
been applied and you can still do things you were not supposed to.

It turns out that [nova,cinder,neutron] just created an entry on the quota
table, inserting the tenant-name on the tenant-id field.

"Surprise, surprise!"

Ops lessons learned: use the tenant-id!

Dev lessons learned: we need to validate better our inputs and refuse to
update a tenant-id that does not exist.

I have documented this behaviour on
https://bugs.launchpad.net/neutron/+bug/1399065 and
https://bugs.launchpad.net/neutron/+bug/1317515. I can reproduce it in
IceHouse.

Could someone please confirm if this is still the case on master? If not,
which version of OpenStack addressed that?

Thanks,
Bruno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150730/35d5a382/attachment.html>