Cannot create routers

Summary

I want to create a router, but I cannot create a router with the latest version of this role.

Verified with Ansible 2.5.5, 2.7.0, 2.7.1, whatever.

Steps to reproduce

Try to create a router like that:

- name: "gimme router"
  hosts: "localhost"
  gather_facts: no
  tasks:
    - include_role:
        name: "openstack"
        tasks_from: "network"
      vars:
        openstack_project_routers:
          - name: "my-router"
            network: "ext-net-task"
            interfaces:
              - "my-subnetwork"

Expected behavior

Router.

Actual behavior

No router.

Relevant logs and/or screenshots

failed: [localhost -> localhost] (item=secrets-router) => {
    "_openstack_router": {
        "interfaces": [
            "secrets-subnetwork"
        ], 
        "name": "secrets-router", 
        "network": "ext-net-task"
    }, 
    "changed": false, 
    "invocation": {
        "module_args": {
            "admin_state_up": true, 
            "api_timeout": null, 
            "auth": null, 
            "auth_type": null, 
            "availability_zone": null, 
            "cacert": null, 
            "cert": null, 
            "enable_snat": true, 
            "external_fixed_ips": null, 
            "interface": "public", 
            "interfaces": [
                "secrets-subnetwork"
            ], 
            "key": null, 
            "name": "secrets-router", 
            "network": "ext-net-task", 
            "project": null, 
            "region_name": null, 
            "state": "present", 
            "timeout": 180, 
            "verify": null, 
            "wait": true
        }
    }, 
    "msg": "Error creating router secrets-router: Client Error for url: https://cloud.task.gda.pl:9696/v2.0/routers.json, (rule:create_router and (rule:create_router:external_gateway_info and (rule:create_router:external_gateway_info:network_id and rule:create_router:external_gateway_info:enable_snat))) on {u'external_gateway_info': {u'network_id': u'643f1fd7-27b9-40bd-9baf-c08416719b40', u'enable_snat': True}, 'availability_zone_hints': [], u'name': u'secrets-router', u'admin_state_up': True, 'tenant_id': u'42010df79b3946968efd8375997f100e', 'distributed': <object object at 0x7fe5ce29b380>, 'ha': <object object at 0x7fe5ce29b380>, 'description': ''} by {'domain': None, 'project_name': u'san-escobar', 'tenant_name': u'san-escobar', 'project_domain': None, 'timestamp': '2018-10-26 05:46:50.184267', 'auth_token': '3599017626b0446787ac4531c9775afe', 'resource_uuid': None, 'is_admin': False, 'user': u'28a981b72e274842870563a7cfadd2e9', 'tenant': u'42010df79b3946968efd8375997f100e', 'read_only': False, 'project_id': u'42010df79b3946968efd8375997f100e', 'user_id': u'28a981b72e274842870563a7cfadd2e9', 'show_deleted': False, 'roles': [u'_member_'], 'user_identity': '28a981b72e274842870563a7cfadd2e9 42010df79b3946968efd8375997f100e - - -', 'tenant_id': u'42010df79b3946968efd8375997f100e', 'request_id': 'req-c2e35fa8-e9a4-4d68-9756-87439ca57d10', 'user_domain': None, 'user_name': u'tziol'} disallowed by policy"
}

I don't know, but disallowed by policy seems important.

Possible fixes

Removing enable_snat: yes from os_router module call solves the issue.