)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"c10b1b41f986bd7c059314772cba7dfe33ecf76d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"87af8570_2a266931","updated":"2024-01-05 08:59:43.000000000","message":"As commented in the bug, we cannot forbid this IPAM allocation. If what you need is to prevent that a regular user (non-admin) creates a FIP with a specific IP (the GW IP address, for example) we already have a default policy rule for that [1]. Only an admin can create a FIP defining a specific IP address. In that case, the admin is responsible of this assignation.\n\nI\u0027ve added this topic to the drivers meeting today at 1400UTC.\n\n[1]https://github.com/openstack/neutron/blob/0c251cce604477e07f145cb78980e31e6b9a787c/neutron/conf/policies/floatingip.py#L59-L75","commit_id":"ffa80ad9d26b6d9d7d68bbb52abd275a660eeffc"},{"author":{"_account_id":30314,"name":"Sebastian Lohff","email":"sebastian.lohff@sap.com","username":"seba"},"change_message_id":"03c9d5830e9bd4e46e6b82f62c65f2af5bf6617c","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"e40a17f9_ccfd441b","in_reply_to":"87af8570_2a266931","updated":"2024-01-05 11:29:07.000000000","message":"Oh, I must have read over this in the bug report. In my OpenStack setup creating FIPs with a specific IP is allowed for users under certain circumstances, which explains why we have different views on this.\n\nIf you think this might be a problem for someone else (with modified policies) I can put this check behind a config flag (disallow_allocating_extnet_gateway_ips_as_floating_ips with a help text explaining that this is normally an admin only option or something like that), else I\u0027ll keep this patch downstream. Let\u0027s hash out the details in inside the meeting, as you proposed.","commit_id":"ffa80ad9d26b6d9d7d68bbb52abd275a660eeffc"}]}