Thanks a lot
I tried associating the floating IP using:
curl -i "${NOVA_ENDPOINT_URL}/${TENANT_ID}/servers/${SERVER}/action" -X POST -H "X-Auth-Project-Id: ${TENANT_ID}" -H "User-Agent: python-novaclient" -H
"Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN" -d '{"addFloatingIp": {"address": "90.147.77.102"}}'
I hope this is what you mean with "using novas api to manage floating ips"
Then I locked the instance
However another user is then still able to disassociate that floating IP
Cheers, Massimo
On Thu, 2021-09-23 at 12:20 +0200, Massimo Sgaravatto wrote:
> Hello
>
> I have the following use case:
>
> A user creates a VM and associates a floating IP to such instance
>
> Is in some way possible to prevent that the floating IP is
> disassociated from that instance by another user of the same project ?
>
> If it helps, the user owning the instance could be admin (but allowing only
> the admin user to manage floating IPs is not an option)
if you are using novas api to manage floating ips then you might be able to lock the instnace which should prevent changing
the ip assocations and most other instnace actions however if you were to manage teh floating ips form neutron that ouls entirly bypass that.
we had talk about adding the ablity to lock ports for a different usecasue and haing nova lock the port whenever an instance is locked
that might be the way to adress this in the future but for now i dont think you can do this without custom midelware.
>
>
> Thanks, Massimo