Open Stack

Please could anyone else from nova team know the reason?

Best regards,
Lingxian Kong
Catalyst Cloud


On Fri, Jun 14, 2019 at 10:57 AM Lingxian Kong <anlin.kong at gmail.com> wrote:

> Another use case is coming from the services (e.g. Trove) which will
> create vms in the service tenant but using the resources (e.g. network or
> port) given by the non-admin user.
>
> Best regards,
> Lingxian Kong
> Catalyst Cloud
>
>
> On Fri, Jun 14, 2019 at 10:55 AM Lingxian Kong <anlin.kong at gmail.com>
> wrote:
>
>> On Thu, Jun 13, 2019 at 10:48 PM Sean Mooney <smooney at redhat.com> wrote:
>>
>>> On Thu, 2019-06-13 at 21:22 +1200, Lingxian Kong wrote:
>>> > Yeah, the api allows to specify port. What i mean is, the vm creation
>>> will
>>> > fail for admin user if port belongs to a non-admin user. An exception
>>> is
>>> > raised from nova-compute.
>>>
>>> i believe this is intentional.
>>>
>>> we do not currently allow you to trasfer ownerwhip of a vm form one user
>>> or proejct to another.
>>> but i also believe we currently do not allow a vm to be create from
>>> resouces with different owners
>>>
>>
>> That's not true. As the admin user, you are allowed to create a vm using
>> non-admin's network, security group, image, volume, etc but just not port.
>>
>> There is use case for admin user to create vms but using non-admin's
>> resources for debugging or other purposes.
>>
>> What's more, the exception is raised in nova-compute not nova-api, which
>> i assume it should be supported if it's allowed in the api layer.
>>
>> Best regards,
>> Lingxian Kong
>> Catalyst Cloud
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190617/e20448b8/attachment.html>