Public bug reported: While looking into an issue reported on the ML [1] around per-user quotas not working properly, I found a bug where quota checking is not scoped correctly when creating a server.
This causes per-user quota limits not to be honored during these API requests. The problem is in a utility function we use for checking quota when creating servers: https://github.com/openstack/nova/blob/f521f4dbace0e35bedd089369da6f6969da5ca32/nova/compute/utils.py#L1104-L1120 The Quotas.check_deltas method needs a user_id keyword arg in order to scope a quota check to a particular user. However, when we call check_num_instances_quota we don't pass a project_id or user_id because at the time of the quota check, we have not yet created an instance record and thus will not use that to determine the appropriate project and user. Instead, we should rely on the RequestContext.project_id and RequestContext.user_id as defaults in this case, but check_num_instances_quota only defaults project_id and not user_id. check_num_instances_quota should also default user_id to the RequestContext.user_id when user_id is not explicitly passed. [1] http://lists.openstack.org/pipermail/openstack- discuss/2020-August/016861.html ** Affects: nova Importance: Medium Assignee: melanie witt (melwitt) Status: In Progress ** Affects: nova/pike Importance: Undecided Status: New ** Affects: nova/queens Importance: Undecided Status: New ** Affects: nova/rocky Importance: Undecided Status: New ** Affects: nova/stein Importance: Undecided Status: New ** Affects: nova/train Importance: Undecided Status: New ** Affects: nova/ussuri Importance: Undecided Status: New ** Tags: quotas ** Summary changed: - Per-user quotas not scoped correctly when creating or restoring a server + Per-user quotas not scoped correctly when creating a server ** Description changed: While looking into an issue reported on the ML [1] around per-user quotas not working properly, I found a bug where quota checking is not - scoped correctly when creating or restoring a server. + scoped correctly when creating a server. This causes per-user quota limits not to be honored during these API requests. The problem is in a utility function we use for checking quota when creating or restoring servers: https://github.com/openstack/nova/blob/f521f4dbace0e35bedd089369da6f6969da5ca32/nova/compute/utils.py#L1104-L1120 The Quotas.check_deltas method needs a user_id keyword arg in order to scope a quota check to a particular user. However, when we call check_num_instances_quota we don't pass a project_id or user_id because at the time of the quota check, we have not yet created an instance record and thus will not use that to determine the appropriate project and user. Instead, we should rely on the RequestContext.project_id and RequestContext.user_id as defaults in this case, but check_num_instances_quota only defaults project_id and not user_id. check_num_instances_quota should also default user_id to the RequestContext.user_id when user_id is not explicitly passed. [1] http://lists.openstack.org/pipermail/openstack- discuss/2020-August/016861.html ** Description changed: While looking into an issue reported on the ML [1] around per-user quotas not working properly, I found a bug where quota checking is not scoped correctly when creating a server. This causes per-user quota limits not to be honored during these API requests. The problem is in a utility function we use for checking quota when - creating or restoring servers: + creating servers: https://github.com/openstack/nova/blob/f521f4dbace0e35bedd089369da6f6969da5ca32/nova/compute/utils.py#L1104-L1120 The Quotas.check_deltas method needs a user_id keyword arg in order to scope a quota check to a particular user. However, when we call check_num_instances_quota we don't pass a project_id or user_id because at the time of the quota check, we have not yet created an instance record and thus will not use that to determine the appropriate project and user. Instead, we should rely on the RequestContext.project_id and RequestContext.user_id as defaults in this case, but check_num_instances_quota only defaults project_id and not user_id. check_num_instances_quota should also default user_id to the RequestContext.user_id when user_id is not explicitly passed. [1] http://lists.openstack.org/pipermail/openstack- discuss/2020-August/016861.html -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1893284 Title: Per-user quotas not scoped correctly when creating a server Status in OpenStack Compute (nova): In Progress Status in OpenStack Compute (nova) pike series: New Status in OpenStack Compute (nova) queens series: New Status in OpenStack Compute (nova) rocky series: New Status in OpenStack Compute (nova) stein series: New Status in OpenStack Compute (nova) train series: New Status in OpenStack Compute (nova) ussuri series: New Bug description: While looking into an issue reported on the ML [1] around per-user quotas not working properly, I found a bug where quota checking is not scoped correctly when creating a server. This causes per-user quota limits not to be honored during these API requests. The problem is in a utility function we use for checking quota when creating servers: https://github.com/openstack/nova/blob/f521f4dbace0e35bedd089369da6f6969da5ca32/nova/compute/utils.py#L1104-L1120 The Quotas.check_deltas method needs a user_id keyword arg in order to scope a quota check to a particular user. However, when we call check_num_instances_quota we don't pass a project_id or user_id because at the time of the quota check, we have not yet created an instance record and thus will not use that to determine the appropriate project and user. Instead, we should rely on the RequestContext.project_id and RequestContext.user_id as defaults in this case, but check_num_instances_quota only defaults project_id and not user_id. check_num_instances_quota should also default user_id to the RequestContext.user_id when user_id is not explicitly passed. [1] http://lists.openstack.org/pipermail/openstack- discuss/2020-August/016861.html To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1893284/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
