add username in nova list response

Registered by Shraddha Pandhe on 2014-07-01

Currently nova list command does not show which user the particular
VM belong too. In enterprise deployments, knowing which user booted
the VM could be very useful for the cluster administrator.
This will save admin a lot of manual steps before knowing the owner
of the VM. In this blueprint, we plan to add an additional column
'username' to 'nova list' output which will facilitate cluster
maintenance for the administrator

Problem description
===================

There are various scenarios in an enterprise cluster when an
administrator needs to contact the owner/user of the VM,
e.g. tracking down the owner of a noisy VM to ask him about
the unexpected amount of traffic, or finding all VMs in
SHUTOFF/ERROR state and asking the owners for permission to delete
the VMs, etc. In the current implementation, nova list command does
not show any information about the user that booted the VM.
The administrator should have an easy way to get that information
without manually looking at the database. Hence, it will be nice to
have that in the output of 'nova list' command. In order to populate
user information, novaclient needs to query keystone to get the user list
each time it receives the request. Since it might be an expensive
operation, it makes sense to keep it 'admin' only.

Proposed change
===============

Following modifications to novaclient are expected

  * When a user runs a command 'nova list --owner', novaclient creates
    an object of keystoneclient with current auth_token and endpoint
    as the auth_url.
  * Using this keystoneclient object, novaclient queries users list
    for the requested tenant from keystone and creates a users dict.
  * While printing the response for 'nova list --owner', novaclient
    checks whether this information is available. If it is, novaclient
    shell displays it.
  * If the context is non-admin, keystoneclient returns Forbidden
    exception. Novaclient handles this exception and returns an
    empty users dict.
  * Seeing that users dict is empty, novaclient shell skips displaying
    Username column.

In order to achieve this, keystoneclient needs to be imported inside
novaclient, which means a dependency on keystoneclient would be added
in novaclient.

REST API impact
---------------

* Additional call to keystone from novaclient

    keystoneclient.users.list(tenant)

    GET /v2.0/users

Other end user impact
---------------------

End user will see an additional column in the output of
'nova list --owner' command, titled 'Username'

Performance Impact
------------------

Minor performance impact will be expected from keystoneclient query.
Everytime the admin runs this command, a new request will be sent to
keystoneclient. This might add minor performance impact depending on
the size of the output

Work Items
----------

* Import keystoneclient in novaclient
* If --owner is present in the args, create a keystoneclient object
  using the auth_key and the endpoint url
* call keystoneclient.users.list
* The call will fail if the user is non-admin. The exception will be
  handled and empty dictionary will be returned to the caller
* The call will succeed if the user is admin and a dictionary of
  usernames and user-id's will be returned to the caller
* For every user-id, novaclient will then fetch the username and display
  it in the output

Dependencies
============

* Keystoneclient would be a dependency for novaclient

Testing
=======

* The username information should be displayed in 'nova list --owner'
  output it the user is admin
* Make sure the username is returned only for admin role
  and not for any other role.

Documentation Impact
====================

Changes to be made to novaclient documentation to include the
additional argument to 'nova list' command and parameter
'username' in the response.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Shraddha Pandhe
Direction:
Needs approval
Assignee:
Shraddha Pandhe
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/username-in-nova-list-response,n,z

Addressed by: https://review.openstack.org/104049
    Currently nova list command does not show which user the particular VM belong too. In enterprise deployments, knowing which user booted the VM could be very useful for the cluster administrator. This will save admin a lot of manual steps before knowing th

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.