[nova] Admin user cannot create vm with user's port?
anlin.kong at gmail.com
Thu Jun 13 22:55:45 UTC 2019
On Thu, Jun 13, 2019 at 10:48 PM Sean Mooney <smooney at redhat.com> wrote:
> On Thu, 2019-06-13 at 21:22 +1200, Lingxian Kong wrote:
> > Yeah, the api allows to specify port. What i mean is, the vm creation
> > fail for admin user if port belongs to a non-admin user. An exception is
> > raised from nova-compute.
> i believe this is intentional.
> we do not currently allow you to trasfer ownerwhip of a vm form one user
> or proejct to another.
> but i also believe we currently do not allow a vm to be create from
> resouces with different owners
That's not true. As the admin user, you are allowed to create a vm using
non-admin's network, security group, image, volume, etc but just not port.
There is use case for admin user to create vms but using non-admin's
resources for debugging or other purposes.
What's more, the exception is raised in nova-compute not nova-api, which i
assume it should be supported if it's allowed in the api layer.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openstack-discuss