Fix v2 API dataframes get policy check

oslo.policy expects the key project_id, not tenant_id anymore. This was causing the GET /v2/dataframes policy check to fail: $ openstack --rating-api-version 2 rating dataframes get {"message": "You are not authorized to perform this action"} (HTTP 403) In the v1 API, the storage:list_data_frames operation was not affected because it uses project_id. Change-Id: Ie4aa6a21e3829223aab0f91d809e311e0f0318cb Story: 2009879 Task: 44618 (cherry picked from commit 32bf128b81)
2022-02-04 11:51:12 +11:00 · 2022-02-04 11:51:12 +11:00 · c589409f2e
parent f2c4fd963d
commit c589409f2e
2 changed files with 7 additions and 1 deletions
--- a/cloudkitty/api/v2/dataframes/dataframes.py
+++ b/cloudkitty/api/v2/dataframes/dataframes.py
@ -72,7 +72,7 @@ class DataFrameList(base.BaseResource):
        policy.authorize(
            flask.request.context,
            'dataframes:get',
-            {'tenant_id': flask.request.context.project_id},
+            {'project_id': flask.request.context.project_id},
        )

        begin = begin or tzutils.get_month_start()
--- a/releasenotes/notes/dataframes-get-v2-policy-check-6070fc047b2e1496.yaml
+++ b/releasenotes/notes/dataframes-get-v2-policy-check-6070fc047b2e1496.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes policy check when getting dataframes using the v2 API, causing the
+    operation to fail when run by a non-admin user. See story 2009879
+    <https://storyboard.openstack.org/#!/story/2009879>`_ for more details.