diff options
Diffstat (limited to 'nova/api/openstack/compute/assisted_volume_snapshots.py')
-rw-r--r-- | nova/api/openstack/compute/assisted_volume_snapshots.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nova/api/openstack/compute/assisted_volume_snapshots.py b/nova/api/openstack/compute/assisted_volume_snapshots.py index ea6ebc8359..ae7213884b 100644 --- a/nova/api/openstack/compute/assisted_volume_snapshots.py +++ b/nova/api/openstack/compute/assisted_volume_snapshots.py @@ -39,6 +39,11 @@ class AssistedVolumeSnapshotsController(wsgi.Controller): def create(self, req, body): """Creates a new snapshot.""" context = req.environ['nova.context'] + # NOTE(gmann) We pass empty target to policy enforcement. This API + # is called by cinder which does not have correct project_id. + # By passing the empty target, we make sure that we do not check + # the requester project_id and allow users with + # allowed role to create snapshot. context.can(avs_policies.POLICY_ROOT % 'create', target={}) snapshot = body['snapshot'] @@ -69,6 +74,11 @@ class AssistedVolumeSnapshotsController(wsgi.Controller): def delete(self, req, id): """Delete a snapshot.""" context = req.environ['nova.context'] + # NOTE(gmann) We pass empty target to policy enforcement. This API + # is called by cinder which does not have correct project_id. + # By passing the empty target, we make sure that we do not check + # the requester project_id and allow users with allowed role to + # delete snapshot. context.can(avs_policies.POLICY_ROOT % 'delete', target={}) delete_metadata = {} |