yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1686113] Re: os_compute_api:servers:create:attach_network does not account for networks='none' (or 'auto') and microversion 2.37

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1686113@xxxxxxxxxxxxxxxxxx>
Date: Fri, 19 May 2017 04:32:49 -0000
Reply-to: Bug 1686113 <1686113@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/465903
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=36ef45edda4c5e8b357abb90ec6cd56ce945e783
Submitter: Jenkins
Branch:    master

commit 36ef45edda4c5e8b357abb90ec6cd56ce945e783
Author: jianghua wang <jianghua.wang@xxxxxxxxxx>
Date:   Thu May 18 10:29:13 2017 +0100

    Skip policy rules on attach_network for none network allocation
    
    With microversion >= 2.37 and change the value for policy
    "os_compute_api:servers:create:attach_network" from default -
    "admin_or_owner" e.g. admin_api, it will always fail the server
    create for non-admins, even when the network is "none".
    
    Change-Id: Ic21598f4f31f73ee319e1b58a55dadeeba2644b2
    Closes-bug: 1686113


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1686113

Title:
  os_compute_api:servers:create:attach_network does not account for
  networks='none' (or 'auto') and microversion 2.37

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Before microversion 2.37 the 'networks' key in the POST /servers
  request body could be omitted if you just wanted a port automatically
  allocated on an available network for the project.

  With microversion >= 2.37, you must specify the networks key and it
  can be a specific network, or one of two enums: 'auto' or 'none'.

  The 'auto' case is semantically the same as not specifying networks
  before microversion 2.37. If one is available to the project, it will
  be used. If more than one is available, the server create request
  fails since Nova can't decide which network to use. If none are
  available, the server does not get any networking.

  The 'none' case is for specifically saying you don't want networking
  attached to the server.

  The "os_compute_api:servers:create:attach_network" policy rule is
  checked in the REST API here:

  https://github.com/openstack/nova/blob/3d09b67205db06ce67f2ad84e973edc11b6cbb98/nova/api/openstack/compute/servers.py#L533

  That is only checked if specific networks are requested, but it's not
  accounting for the special 'auto' or 'none' cases.

  This means that if you change the policy rule from it's default
  admin_or_owner to say admin-only, for example, and you are using
  microversion >= 2.37, where the "networks" key is required, server
  creates will always fail for non-admins, even if 'auto' or 'none' are
  specified.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1686113/+subscriptions

References

[Bug 1686113] [NEW] os_compute_api:servers:create:attach_network does not account for networks='none' (or 'auto') and microversion 2.37
From: Matt Riedemann, 2017-04-25