Page MenuHomePhabricator

Can't get quota information from Neutron API
Closed, ResolvedPublic

Description

T211391: Neutron API not properly exposed? derailed from our ferm rules problem (which did get fixed) over to the upstream problem of Neutron not actually providing the ability to view quota information without the user being an admin. It should be a configurable permission which is grantable to all users (separate to a permission allowing people to modify quotas, we wouldn't want that)
The upstream task is https://bugs.launchpad.net/neutron/+bug/1671448

Related Objects

StatusSubtypeAssignedTask
OpenNone
ResolvedMajavah
ResolvedAndrew
ResolvedAndrew
Resolveddcaro
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedCmjohnson
Resolvedayounsi
Resolvedaborrero
ResolvedCmjohnson
ResolvedJclark-ctr
OpenCmjohnson
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
Opendcaro
Resolvedaborrero
Opendcaro
Resolveddcaro
Opendcaro
Opendcaro
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedAndrew
ResolvedBstorm
Resolvedaborrero
Resolvedaborrero
Resolvedaborrero
OpenNone
Resolvedaborrero

Event Timeline

bd808 changed the task status from Open to Stalled.Dec 27 2018, 2:29 AM
bd808 triaged this task as Medium priority.
bd808 added a subscriber: bd808.

I tried running the example script from a host in an allowed network and got a different error:

neutronclient.common.exceptions.Forbidden: User does not have admin privileges:
Only admin can view or configure quota.

A bit of googling to try and find out what RBAC rule to add to neutron's policy.json led me to https://bugs.launchpad.net/neutron/+bug/1671448 and two unmerged patches (https://review.openstack.org/#/c/507446 & https://review.openstack.org/#/c/505155). I'm tagging as Upstream because of that half of the problem.

I have just (accidentally) assigned myself to https://bugs.launchpad.net/neutron/+bug/1671448. In the meantime I'm not sure how best to approach this :( I can fix the firewall rules for neutron but that won't get us the ability to actually query quota usage.

Bstorm changed the task status from Stalled to Open.Dec 18 2019, 4:16 PM
Bstorm assigned this task to Andrew.
Bstorm moved this task from Blocked to Doing on the cloud-services-team (Kanban) board.

This is fixed in upstream, will ship in Victoria.

Majavah added a subscriber: Majavah.
>>> neutron = client.Client(session=keystone.session("deployment-prep"), timeout=2, region_name="eqiad1-r")
>>> neutron.show_quota_details("deployment-prep")
{'quota': {'network': {'limit': 100, 'used': 0, 'reserved': 0}, 'subnet': {'limit': 100, 'used': 0, 'reserved': 0}, 'subnetpool': {'limit': -1, 'used': 0, 'reserved': 0}, 'port': {'limit': 100, 'used': 68, 'reserved': 0}, 'router': {'limit': 10, 'used': 0, 'reserved': 0}, 'floatingip': {'limit': 8, 'used': 5, 'reserved': 0}, 'rbac_policy': {'limit': 10, 'used': 0, 'reserved': 0}, 'security_group': {'limit': 40, 'used': 27, 'reserved': 0}, 'security_group_rule': {'limit': 500, 'used': 131, 'reserved': 0}}}