Skip to content

project create for public projects returns 400 NetworkArea error when required scope and billingReference labels are missing #1452

Description

@emorfam

Description

There is a validation misalignment between the Resource Manager API backend, the STACKIT CLI, and the STACKIT Portal regarding the provisioning of "Public" projects.

When creating a public project via the CLI or API without a STACKIT Network Area (SNA) association, the backend returns the following error: 400 Bad Request: Sent NetworkArea configuration is invalid.

Analysis of the Portal's network payload indicates that an SNA is not mandatory. Instead, the backend governance policy requires specific labels (scope=PUBLIC and billingReference=...) to validate a standalone public project. If these labels are omitted, the API validation returns a network area error.

Neither the CLI help text, the OpenAPI specification, nor the public developer documentation references this behavior or these required schemas.

To Reproduce

Attempt to create a public project using standard documentation syntax:

stackit project create --parent-id <parent_id> --name <project_name>

Actual Behavior

The CLI returns a network validation error:

{
  "timeStamp": "2026-07-01T10:13:55.641997512Z",
  "path": "/resource-management/v2/projects",
  "status": 400,
  "error": "Bad Request",
  "message": "Sent NetworkArea configuration is invalid."
}

Expected Behavior

  1. Successfully provision the public project if authorization allows.
  2. Return a 400 validation error indicating that the required governance metadata labels (scope, billingReference) are missing from the payload.

Workaround

Including the required labels in the command successfully creates a public project via the CLI:

stackit project create \
  --parent-id <parent_id> \
  --name <project_name> \
  --label scope=PUBLIC \
  --label billingReference=<billing_reference>

Proposed Technical Solutions

  • Backend Validation Refactoring (API): Update the API validator for /v2/projects. If the request fails folder-level compliance due to missing metadata tags, the error message should reflect the missing key-value pairs (e.g., Missing mandatory label: scope) instead of returning a network area validation error.
  • Documentation Update: Update the Resource Manager API specification and CLI manuals to state that when targeting folders with active organizational policies, specific labeling schemas are required to qualify for a PUBLIC scope alignment.
  • CLI Ergonomics: Implement an explicit --public wrapper flag or prompt for required metadata context interactively if the target parent folder requires it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions