On Tue, Jun 28, 2016 at 12:32 PM, Potter, Nathaniel < [email protected]> wrote:
> Hi all, > > > > I did some digging into this on the cinder side, and it gets a little > complicated. So, before the target and context are passed into the > _authorize_show method, they’re retrieved through the get_project_hierarchy > method in cinder.quota_utils [1]. In that method, they will only have their > parent_id set if the parent_id isn’t the same as their domain_id [2] – if > those two fields are equal the parent_id field for the returned > generic_project object will be None. Based on what Henry said it seems like > those two fields being the same implies that the project is at the top > level because its parent is the domain itself (I’m guessing that should be > true of the admin project?). > > > > So in your example you have the admin project whose domain_id is default > and whose parent_id is also default, meaning that the parent_id passed into > _authorize_show is going to be None. If the target project whose quota you > want to show is a ‘brother’ project to it and has a parent of default in > the default domain, it should also have no parent set. Do you happen to > know which of the three exceptions in _authorize_show you’re hitting? > > > > If the admin context project is the one you pasted, it definitely won’t > have a set parent because its parent and domain are the same. That would > rule out the exceptions on line 130 and 134 for your issue because they > both rely on the context project having a set parent_id [3]. That would > just leave the case where the target project for the quota you want to be > showing does have a non-domain parent and isn’t a part of the subtree for > the admin context you’re making the call with. > > > > Sorry for a bit of a braindump here, I was just trying to look at all of > the possibilities to see if any of them could be of help J. I think it > would definitely be useful to know how exactly it’s failing out for you so > we can make sure it works the way it should, because I believe the intent > is definitely to have admins be able to view and set all user quotas. > > > > Thanks, > > Nate > > > > [1] > https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L170-L175 > > [2] > https://github.com/openstack/cinder/blob/master/cinder/quota_utils.py#L110-L112 > > [3] > https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L125-L134 > We're hitting the first exception: https://github.com/openstack/cinder/blob/stable/liberty/cinder/api/contrib/quotas.py#L178-L180 In our environment currently everything should have the default domain as the parent except for some heat stuff.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
