Update attach_volume and detach_volume policy rules
The prior commit for this was functional but not quite correct. The policy rules currently in Horizon for attach and detach of volumes don't exist in Nova and are missing from the local copy of nova_policy.json and from Nova generated policy files. The fix to use the create instance copy of the rule only worked for attach and not detach ( https://review.openstack.org/#/c/570071/ ) This commit updates detach as well, and should be correct going forward based on the Nova policy rules at: https://git.openstack.org/cgit/openstack/nova/tree/nova/policies/volumes_attachments.py Change-Id: I07fccd6f12149cd88a049c46aa113dfd2b60bbaa Closes-bug: 1772759
This commit is contained in:
parent
3ca4a5deb8
commit
b9a1c445d9
|
@ -893,7 +893,7 @@ class AttachVolume(tables.LinkAction):
|
|||
url = "horizon:project:instances:attach_volume"
|
||||
classes = ("ajax-modal",)
|
||||
policy_rules = (
|
||||
("compute", "os_compute_api:servers:create:attach_volume"),)
|
||||
("compute", "os_compute_api:os-volumes-attachments:create"),)
|
||||
|
||||
# This action should be disabled if the instance
|
||||
# is not active, or the instance is being deleted
|
||||
|
@ -908,7 +908,8 @@ class DetachVolume(AttachVolume):
|
|||
name = "detach_volume"
|
||||
verbose_name = _("Detach Volume")
|
||||
url = "horizon:project:instances:detach_volume"
|
||||
policy_rules = (("compute", "os_compute_api:servers:detach_volume"),)
|
||||
policy_rules = (
|
||||
("compute", "os_compute_api:os-volumes-attachments:delete"),)
|
||||
|
||||
# This action should be disabled if the instance
|
||||
# is not active, or the instance is being deleted
|
||||
|
|
|
@ -188,12 +188,12 @@ class EditAttachments(tables.LinkAction):
|
|||
project_id = getattr(volume, "os-vol-tenant-attr:tenant_id", None)
|
||||
attach_allowed = \
|
||||
policy.check((("compute",
|
||||
"os_compute_api:servers:create:attach_volume"),),
|
||||
"os_compute_api:os-volumes-attachments:create"),),
|
||||
request,
|
||||
{"project_id": project_id})
|
||||
detach_allowed = \
|
||||
policy.check((("compute",
|
||||
"os_compute_api:servers:detach_volume"),),
|
||||
"os_compute_api:os-volumes-attachments:delete"),),
|
||||
request,
|
||||
{"project_id": project_id})
|
||||
|
||||
|
|
Loading…
Reference in New Issue