[nova] Admin user cannot create vm with user's port?

Lingxian Kong anlin.kong at gmail.com
Thu Jun 13 22:55:45 UTC 2019


On Thu, Jun 13, 2019 at 10:48 PM Sean Mooney <smooney at redhat.com> wrote:

> On Thu, 2019-06-13 at 21:22 +1200, Lingxian Kong wrote:
> > Yeah, the api allows to specify port. What i mean is, the vm creation
> will
> > fail for admin user if port belongs to a non-admin user. An exception is
> > raised from nova-compute.
>
> i believe this is intentional.
>
> we do not currently allow you to trasfer ownerwhip of a vm form one user
> or proejct to another.
> but i also believe we currently do not allow a vm to be create from
> resouces with different owners
>

That's not true. As the admin user, you are allowed to create a vm using
non-admin's network, security group, image, volume, etc but just not port.

There is use case for admin user to create vms but using non-admin's
resources for debugging or other purposes.

What's more, the exception is raised in nova-compute not nova-api, which i
assume it should be supported if it's allowed in the api layer.

Best regards,
Lingxian Kong
Catalyst Cloud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190614/f5eb9a89/attachment.html>


More information about the openstack-discuss mailing list