Public bug reported: Description =========== Change the rule of 'os_compute_api:servers:create:forced_host' to 'rule:admin_or_owner' in policy file. But when creating one server with member role, still got "Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)"
Steps to reproduce ================== * Change policy file os_compute_api:servers:create:forced_host: rule:admin_or_owner * Reboot nova-api service * Create one server with specified host in member role openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1 Expected result =============== Create server successfully Actual result ============= Got "Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)" Environment =========== git log commit 0d1fd02b301bbc25c75cb2476b24f3be5d7cda77 (HEAD -> stable/rocky, origin/stable/rocky) Merge: 837baac9fd c438fd9a0e Author: Zuul <[email protected]> Date: Thu Sep 3 15:15:47 2020 +0000 Merge "libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live migration" into stable/rocky Logs & Configs ============== /etc/nova/policy.yaml os_compute_api:servers:create:forced_host: rule:admin_or_owner /etc/nova/nova.conf [oslo_policy] policy_file = /etc/nova/policy.yaml root@mgt01:~# openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1 Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745) ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1894975 Title: Cannot overwrite policy rule for 'os_compute_api:servers:create:forced_host:' Status in OpenStack Compute (nova): New Bug description: Description =========== Change the rule of 'os_compute_api:servers:create:forced_host' to 'rule:admin_or_owner' in policy file. But when creating one server with member role, still got "Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)" Steps to reproduce ================== * Change policy file os_compute_api:servers:create:forced_host: rule:admin_or_owner * Reboot nova-api service * Create one server with specified host in member role openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1 Expected result =============== Create server successfully Actual result ============= Got "Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745)" Environment =========== git log commit 0d1fd02b301bbc25c75cb2476b24f3be5d7cda77 (HEAD -> stable/rocky, origin/stable/rocky) Merge: 837baac9fd c438fd9a0e Author: Zuul <[email protected]> Date: Thu Sep 3 15:15:47 2020 +0000 Merge "libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live migration" into stable/rocky Logs & Configs ============== /etc/nova/policy.yaml os_compute_api:servers:create:forced_host: rule:admin_or_owner /etc/nova/nova.conf [oslo_policy] policy_file = /etc/nova/policy.yaml root@mgt01:~# openstack server create --image cirros051 --network cps_pxe --flavor m1.tiny --availability-zone :compute01: vm-0909-1 Policy doesn't allow os_compute_api:servers:create:forced_host to be performed. (HTTP 403) (Request-ID: req-199cb105-4c4d-405d-89cf-9059182ec745) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1894975/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
