Description
There is a validation misalignment between the Resource Manager API backend, the STACKIT CLI, and the STACKIT Portal regarding the provisioning of "Public" projects.
When creating a public project via the CLI or API without a STACKIT Network Area (SNA) association, the backend returns the following error: 400 Bad Request: Sent NetworkArea configuration is invalid.
Analysis of the Portal's network payload indicates that an SNA is not mandatory. Instead, the backend governance policy requires specific labels (scope=PUBLIC and billingReference=...) to validate a standalone public project. If these labels are omitted, the API validation returns a network area error.
Neither the CLI help text, the OpenAPI specification, nor the public developer documentation references this behavior or these required schemas.
To Reproduce
Attempt to create a public project using standard documentation syntax:
stackit project create --parent-id <parent_id> --name <project_name>
Actual Behavior
The CLI returns a network validation error:
{
"timeStamp": "2026-07-01T10:13:55.641997512Z",
"path": "/resource-management/v2/projects",
"status": 400,
"error": "Bad Request",
"message": "Sent NetworkArea configuration is invalid."
}
Expected Behavior
- Successfully provision the public project if authorization allows.
- Return a 400 validation error indicating that the required governance metadata labels (
scope, billingReference) are missing from the payload.
Workaround
Including the required labels in the command successfully creates a public project via the CLI:
stackit project create \
--parent-id <parent_id> \
--name <project_name> \
--label scope=PUBLIC \
--label billingReference=<billing_reference>
Proposed Technical Solutions
- Backend Validation Refactoring (API): Update the API validator for
/v2/projects. If the request fails folder-level compliance due to missing metadata tags, the error message should reflect the missing key-value pairs (e.g., Missing mandatory label: scope) instead of returning a network area validation error.
- Documentation Update: Update the Resource Manager API specification and CLI manuals to state that when targeting folders with active organizational policies, specific labeling schemas are required to qualify for a
PUBLIC scope alignment.
- CLI Ergonomics: Implement an explicit
--public wrapper flag or prompt for required metadata context interactively if the target parent folder requires it.
Description
There is a validation misalignment between the Resource Manager API backend, the STACKIT CLI, and the STACKIT Portal regarding the provisioning of "Public" projects.
When creating a public project via the CLI or API without a STACKIT Network Area (SNA) association, the backend returns the following error:
400 Bad Request: Sent NetworkArea configuration is invalid.Analysis of the Portal's network payload indicates that an SNA is not mandatory. Instead, the backend governance policy requires specific labels (
scope=PUBLICandbillingReference=...) to validate a standalone public project. If these labels are omitted, the API validation returns a network area error.Neither the CLI help text, the OpenAPI specification, nor the public developer documentation references this behavior or these required schemas.
To Reproduce
Attempt to create a public project using standard documentation syntax:
Actual Behavior
The CLI returns a network validation error:
{ "timeStamp": "2026-07-01T10:13:55.641997512Z", "path": "/resource-management/v2/projects", "status": 400, "error": "Bad Request", "message": "Sent NetworkArea configuration is invalid." }Expected Behavior
scope,billingReference) are missing from the payload.Workaround
Including the required labels in the command successfully creates a public project via the CLI:
Proposed Technical Solutions
/v2/projects. If the request fails folder-level compliance due to missing metadata tags, the error message should reflect the missing key-value pairs (e.g.,Missing mandatory label: scope) instead of returning a network area validation error.PUBLICscope alignment.--publicwrapper flag or prompt for required metadata context interactively if the target parent folder requires it.