Encryption key is not deleted on encrypted volume creation revert (volume quota exceeded for example)

Bug #2117265 reported by Florent Le Lain
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
In Progress
High
Unassigned

Bug Description

If an encrypted volume fails to create -on volume quota exceeded for project for example- the encryption key that was created is not deleted. Project ends up with an orphaned key that has to be manually cleaned up.

To reproduce the issue on a given openstack project:
- set 'volumes' quota to 0 or to the number of volumes already present on the project
- check the number of encryption keys/secrets
- create an encrypted volume
- wait for error "VolumeLimitExceeded: Maximum number of volumes allowed (3) exceeded for quota 'volumes'."
- check out again the number of keys on the project - should be +1 compared to previous check
- you can also verify in cinder database that you can't find any volume with 'encryption_key_id'=<the-orphaned-encryption-key>

summary: Encryption key is not deleted on encrypted volume creation revert
- (volume quota exceeded for instance)
+ (volume quota exceeded for example)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/975303

Changed in cinder:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/975304

Eric Harney (eharney)
Changed in cinder:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on cinder (master)

Change abandoned by "Eric Harney <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/cinder/+/975303
Reason: Duplicate of https://review.opendev.org/c/openstack/cinder/+/975304

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.