I thought about this issue and it may not be actually a bug. For example, if I set "ngpu == 2" in extra_specs, any machine that does not have ngpu=2 must be rejected. Likewise, if I set "trusted_host == trusted" in extra_specs, any machine that does not have "trusted_host == trusted" must be rejected. So, simply setting "trusted_host=trusted" on a trusted machine would solve the problem. A problem at this time is that there is no easy way to add it to capability. But, we may add that function relatively easily if we aim a simple addition. An example is using a flag and the value from the flag is added to capability (that was implemented in early patches in https://review.openstack.org/#/c/8089/).
At the same time, Patrick raised the issue of scope, and that is a good point as Don discussed. So, having a well designed scope is a good solution, too.
I thought about this issue and it may not be actually a bug. For example, if I set "ngpu == 2" in extra_specs, any machine that does not have ngpu=2 must be rejected. Likewise, if I set "trusted_host == trusted" in extra_specs, any machine that does not have "trusted_host == trusted" must be rejected. So, simply setting "trusted_ host=trusted" on a trusted machine would solve the problem. A problem at this time is that there is no easy way to add it to capability. But, we may add that function relatively easily if we aim a simple addition. An example is using a flag and the value from the flag is added to capability (that was implemented in early patches in https:/ /review. openstack. org/#/c/ 8089/).
At the same time, Patrick raised the issue of scope, and that is a good point as Don discussed. So, having a well designed scope is a good solution, too.