<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Please could anyone else from nova team know the reason?</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div><font face="monospace, monospace" color="#666666">Best regards,<br>Lingxian Kong</font></div><div><font face="monospace, monospace" color="#666666">Catalyst Cloud</font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jun 14, 2019 at 10:57 AM Lingxian Kong <<a href="mailto:anlin.kong@gmail.com">anlin.kong@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Another use case is coming from the services (e.g. Trove) which will create vms in the service tenant but using the resources (e.g. network or port) given by the non-admin user.</div><div><div dir="ltr" class="gmail-m_-3256513576432048969gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div><font face="monospace, monospace" color="#666666">Best regards,<br>Lingxian Kong</font></div><div><font face="monospace, monospace" color="#666666">Catalyst Cloud</font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jun 14, 2019 at 10:55 AM Lingxian Kong <<a href="mailto:anlin.kong@gmail.com" target="_blank">anlin.kong@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif">On Thu, Jun 13, 2019 at 10:48 PM Sean Mooney <<a href="mailto:smooney@redhat.com" target="_blank">smooney@redhat.com</a>> wrote:</span><br></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, 2019-06-13 at 21:22 +1200, Lingxian Kong wrote:<br>
> Yeah, the api allows to specify port. What i mean is, the vm creation will<br>
> fail for admin user if port belongs to a non-admin user. An exception is<br>
> raised from nova-compute.<br>
<br>
i believe this is intentional.<br>
<br>
we do not currently allow you to trasfer ownerwhip of a vm form one user or proejct to another.<br>
but i also believe we currently do not allow a vm to be create from resouces with different owners<br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">That's not true. As the admin user, you are allowed to create a vm using non-admin's network, security group, image, volume, etc but just not port.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">There is use case for admin user to create vms but using non-admin's resources for debugging or other purposes.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">What's more, the exception is raised in nova-compute not nova-api, which i assume it should be supported if it's allowed in the api layer.</div></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div style="font-family:Arial,Helvetica,sans-serif"><font face="monospace, monospace" color="#666666">Best regards,<br>Lingxian Kong</font></div><div style="font-family:Arial,Helvetica,sans-serif"><font face="monospace, monospace" color="#666666">Catalyst Cloud</font></div></div></div></div>
</blockquote></div>
</blockquote></div>