Public bug reported: Before microversion 2.37 the 'networks' key in the POST /servers request body could be omitted if you just wanted a port automatically allocated on an available network for the project.
With microversion >= 2.37, you must specify the networks key and it can be a specific network, or one of two enums: 'auto' or 'none'. The 'auto' case is semantically the same as not specifying networks before microversion 2.37. If one is available to the project, it will be used. If more than one is available, the server create request fails since Nova can't decide which network to use. If none are available, the server does not get any networking. The 'none' case is for specifically saying you don't want networking attached to the server. The "os_compute_api:servers:create:attach_network" policy rule is checked in the REST API here: https://github.com/openstack/nova/blob/3d09b67205db06ce67f2ad84e973edc11b6cbb98/nova/api/openstack/compute/servers.py#L533 That is only checked if specific networks are requested, but it's not accounting for the special 'auto' or 'none' cases. This means that if you change the policy rule from it's default admin_or_owner to say admin-only, for example, and you are using microversion >= 2.37, where the "networks" key is required, server creates will always fail for non-admins, even if 'auto' or 'none' are specified. ** Affects: nova Importance: Low Status: Triaged ** Tags: api policy ** Summary changed: - os_compute_api:servers:create:attach_network does not account for networks='none' and microversion 2.37 + os_compute_api:servers:create:attach_network does not account for networks='none' (or 'auto') and microversion 2.37 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1686113 Title: os_compute_api:servers:create:attach_network does not account for networks='none' (or 'auto') and microversion 2.37 Status in OpenStack Compute (nova): Triaged Bug description: Before microversion 2.37 the 'networks' key in the POST /servers request body could be omitted if you just wanted a port automatically allocated on an available network for the project. With microversion >= 2.37, you must specify the networks key and it can be a specific network, or one of two enums: 'auto' or 'none'. The 'auto' case is semantically the same as not specifying networks before microversion 2.37. If one is available to the project, it will be used. If more than one is available, the server create request fails since Nova can't decide which network to use. If none are available, the server does not get any networking. The 'none' case is for specifically saying you don't want networking attached to the server. The "os_compute_api:servers:create:attach_network" policy rule is checked in the REST API here: https://github.com/openstack/nova/blob/3d09b67205db06ce67f2ad84e973edc11b6cbb98/nova/api/openstack/compute/servers.py#L533 That is only checked if specific networks are requested, but it's not accounting for the special 'auto' or 'none' cases. This means that if you change the policy rule from it's default admin_or_owner to say admin-only, for example, and you are using microversion >= 2.37, where the "networks" key is required, server creates will always fail for non-admins, even if 'auto' or 'none' are specified. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1686113/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
