Update attach_volume and detach_volume policy rules

The prior commit for this was functional but not quite correct. The policy rules currently in Horizon for attach and detach of volumes don't exist in Nova and are missing from the local copy of nova_policy.json and from Nova generated policy files. The fix to use the create instance copy of the rule only worked for attach and not detach ( https://review.openstack.org/#/c/570071/ ) This commit updates detach as well, and should be correct going forward based on the Nova policy rules at: https://git.openstack.org/cgit/openstack/nova/tree/nova/policies/volumes_attachments.py Change-Id: I07fccd6f12149cd88a049c46aa113dfd2b60bbaa Closes-bug: 1772759
2018-05-23 15:05:47 -07:00 · 2018-05-23 15:05:47 -07:00 · b9a1c445d9
parent 3ca4a5deb8
commit b9a1c445d9
2 changed files with 5 additions and 4 deletions
--- a/openstack_dashboard/dashboards/project/instances/tables.py
+++ b/openstack_dashboard/dashboards/project/instances/tables.py
@ -893,7 +893,7 @@ class AttachVolume(tables.LinkAction):
    url = "horizon:project:instances:attach_volume"
    classes = ("ajax-modal",)
    policy_rules = (
-        ("compute", "os_compute_api:servers:create:attach_volume"),)
+        ("compute", "os_compute_api:os-volumes-attachments:create"),)

    # This action should be disabled if the instance
    # is not active, or the instance is being deleted
@ -908,7 +908,8 @@ class DetachVolume(AttachVolume):
    name = "detach_volume"
    verbose_name = _("Detach Volume")
    url = "horizon:project:instances:detach_volume"
-    policy_rules = (("compute", "os_compute_api:servers:detach_volume"),)
+    policy_rules = (
+        ("compute", "os_compute_api:os-volumes-attachments:delete"),)

    # This action should be disabled if the instance
    # is not active, or the instance is being deleted
--- a/openstack_dashboard/dashboards/project/volumes/tables.py
+++ b/openstack_dashboard/dashboards/project/volumes/tables.py
@ -188,12 +188,12 @@ class EditAttachments(tables.LinkAction):
            project_id = getattr(volume, "os-vol-tenant-attr:tenant_id", None)
            attach_allowed = \
                policy.check((("compute",
-                             "os_compute_api:servers:create:attach_volume"),),
+                             "os_compute_api:os-volumes-attachments:create"),),
                             request,
                             {"project_id": project_id})
            detach_allowed = \
                policy.check((("compute",
-                             "os_compute_api:servers:detach_volume"),),
+                             "os_compute_api:os-volumes-attachments:delete"),),
                             request,
                             {"project_id": project_id})