network:attach_external_network policy check outside nova-api
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Confirmed
|
Low
|
Unassigned |
Bug Description
The "network:
1) Only the api process should be doing policy checks.
2) Someone who wants to override policy for this would have to put a policy.json file on each host, which is certainly problematic.
3) There's talk of splitting nova-compute out of nova into its own project, which obviously shouldn't rely on nova's policy file.
This apparently came up on the mailing list [1] a while ago, but it doesn't seem like anything has been done about it so far. Still this way in master. See that mailing list thread for much more information and talk of possible solutions.
johnthetubaguy also noted via irc [2] that the neutron refactor work is heading in a direction that may fix this.
[1] https:/
[2] http://
Changed in nova: | |
status: | New → Confirmed |
importance: | Undecided → Low |
tags: | added: network policy |
Changed in nova: | |
assignee: | nobody → space (fengzhr) |
Fix proposed to branch: master /review. openstack. org/449598
Review: https:/