Please could anyone else from nova team know the reason? Best regards, Lingxian Kong Catalyst Cloud On Fri, Jun 14, 2019 at 10:57 AM Lingxian Kong <anlin.kong@gmail.com> wrote:
Another use case is coming from the services (e.g. Trove) which will create vms in the service tenant but using the resources (e.g. network or port) given by the non-admin user.
Best regards, Lingxian Kong Catalyst Cloud
On Fri, Jun 14, 2019 at 10:55 AM Lingxian Kong <anlin.kong@gmail.com> wrote:
On Thu, Jun 13, 2019 at 10:48 PM Sean Mooney <smooney@redhat.com> wrote:
On Thu, 2019-06-13 at 21:22 +1200, Lingxian Kong wrote:
Yeah, the api allows to specify port. What i mean is, the vm creation will fail for admin user if port belongs to a non-admin user. An exception is raised from nova-compute.
i believe this is intentional.
we do not currently allow you to trasfer ownerwhip of a vm form one user or proejct to another. but i also believe we currently do not allow a vm to be create from resouces with different owners
That's not true. As the admin user, you are allowed to create a vm using non-admin's network, security group, image, volume, etc but just not port.
There is use case for admin user to create vms but using non-admin's resources for debugging or other purposes.
What's more, the exception is raised in nova-compute not nova-api, which i assume it should be supported if it's allowed in the api layer.
Best regards, Lingxian Kong Catalyst Cloud