yahoo-eng-team team mailing list archive

[Matt Riedemann <mriedem.os@xxxxxxxxx>]

Public bug reported:

Before microversion 2.37 the 'networks' key in the POST /servers request
body could be omitted if you just wanted a port automatically allocated
on an available network for the project.

With microversion >= 2.37, you must specify the networks key and it can
be a specific network, or one of two enums: 'auto' or 'none'.

The 'auto' case is semantically the same as not specifying networks
before microversion 2.37. If one is available to the project, it will be
used. If more than one is available, the server create request fails
since Nova can't decide which network to use. If none are available, the
server does not get any networking.

The 'none' case is for specifically saying you don't want networking
attached to the server.

The "os_compute_api:servers:create:attach_network" policy rule is
checked in the REST API here:

https://github.com/openstack/nova/blob/3d09b67205db06ce67f2ad84e973edc11b6cbb98/nova/api/openstack/compute/servers.py#L533

That is only checked if specific networks are requested, but it's not
accounting for the special 'auto' or 'none' cases.

This means that if you change the policy rule from it's default
admin_or_owner to say admin-only, for example, and you are using
microversion >= 2.37, where the "networks" key is required, server
creates will always fail for non-admins, even if 'auto' or 'none' are
specified.

** Affects: nova
     Importance: Low
         Status: Triaged


** Tags: api policy

** Summary changed:

- os_compute_api:servers:create:attach_network does not account for networks='none' and microversion 2.37
+ os_compute_api:servers:create:attach_network does not account for networks='none' (or 'auto') and microversion 2.37

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1686113

Title:
  os_compute_api:servers:create:attach_network does not account for
  networks='none' (or 'auto') and microversion 2.37

Status in OpenStack Compute (nova):
  Triaged

Bug description:
  Before microversion 2.37 the 'networks' key in the POST /servers
  request body could be omitted if you just wanted a port automatically
  allocated on an available network for the project.

  With microversion >= 2.37, you must specify the networks key and it
  can be a specific network, or one of two enums: 'auto' or 'none'.

  The 'auto' case is semantically the same as not specifying networks
  before microversion 2.37. If one is available to the project, it will
  be used. If more than one is available, the server create request
  fails since Nova can't decide which network to use. If none are
  available, the server does not get any networking.

  The 'none' case is for specifically saying you don't want networking
  attached to the server.

  The "os_compute_api:servers:create:attach_network" policy rule is
  checked in the REST API here:

  https://github.com/openstack/nova/blob/3d09b67205db06ce67f2ad84e973edc11b6cbb98/nova/api/openstack/compute/servers.py#L533

  That is only checked if specific networks are requested, but it's not
  accounting for the special 'auto' or 'none' cases.

  This means that if you change the policy rule from it's default
  admin_or_owner to say admin-only, for example, and you are using
  microversion >= 2.37, where the "networks" key is required, server
  creates will always fail for non-admins, even if 'auto' or 'none' are
  specified.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1686113/+subscriptions