Page MenuHomePhabricator

Can't get quota information from Neutron API
Closed, ResolvedPublic

Description

T211391: Neutron API not properly exposed? derailed from our ferm rules problem (which did get fixed) over to the upstream problem of Neutron not actually providing the ability to view quota information without the user being an admin. It should be a configurable permission which is grantable to all users (separate to a permission allowing people to modify quotas, we wouldn't want that)
The upstream task is https://bugs.launchpad.net/neutron/+bug/1671448

Related Objects

StatusSubtypeAssignedTask
ResolvedAndrew
Resolvedtaavi
ResolvedAndrew
ResolvedAndrew
Resolveddcaro
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
Resolved Cmjohnson
Resolvedayounsi
Resolvedaborrero
Resolved Cmjohnson
ResolvedJclark-ctr
ResolvedJclark-ctr
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
Resolveddcaro
Resolvedaborrero
Declineddcaro
Resolveddcaro
OpenNone
OpenNone
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
Resolved Bstorm
Resolvedaborrero
Resolvedaborrero
Resolvedaborrero
InvalidNone
Resolvedaborrero

Event Timeline

bd808 changed the task status from Open to Stalled.Dec 27 2018, 2:29 AM
bd808 triaged this task as Medium priority.
bd808 subscribed.

I tried running the example script from a host in an allowed network and got a different error:

neutronclient.common.exceptions.Forbidden: User does not have admin privileges:
Only admin can view or configure quota.

A bit of googling to try and find out what RBAC rule to add to neutron's policy.json led me to https://bugs.launchpad.net/neutron/+bug/1671448 and two unmerged patches (https://review.openstack.org/#/c/507446 & https://review.openstack.org/#/c/505155). I'm tagging as Upstream because of that half of the problem.

I have just (accidentally) assigned myself to https://bugs.launchpad.net/neutron/+bug/1671448. In the meantime I'm not sure how best to approach this :( I can fix the firewall rules for neutron but that won't get us the ability to actually query quota usage.

Bstorm changed the task status from Stalled to Open.Dec 18 2019, 4:16 PM
Bstorm assigned this task to Andrew.
Bstorm moved this task from Blocked to Doing on the cloud-services-team (Kanban) board.

This is fixed in upstream, will ship in Victoria.

taavi subscribed.
>>> neutron = client.Client(session=keystone.session("deployment-prep"), timeout=2, region_name="eqiad1-r")
>>> neutron.show_quota_details("deployment-prep")
{'quota': {'network': {'limit': 100, 'used': 0, 'reserved': 0}, 'subnet': {'limit': 100, 'used': 0, 'reserved': 0}, 'subnetpool': {'limit': -1, 'used': 0, 'reserved': 0}, 'port': {'limit': 100, 'used': 68, 'reserved': 0}, 'router': {'limit': 10, 'used': 0, 'reserved': 0}, 'floatingip': {'limit': 8, 'used': 5, 'reserved': 0}, 'rbac_policy': {'limit': 10, 'used': 0, 'reserved': 0}, 'security_group': {'limit': 40, 'used': 27, 'reserved': 0}, 'security_group_rule': {'limit': 500, 'used': 131, 'reserved': 0}}}