diff --git a/cinder/api/contrib/types_extra_specs.py b/cinder/api/contrib/types_extra_specs.py index a20d2602a..b09270a14 100644 --- a/cinder/api/contrib/types_extra_specs.py +++ b/cinder/api/contrib/types_extra_specs.py @@ -66,7 +66,7 @@ class VolumeTypeExtraSpecsController(wsgi.Controller): def index(self, req, type_id): """Returns the list of extra specs for a given volume type.""" context = req.environ['cinder.context'] - authorize(context) + authorize(context, action="index") self._check_type(context, type_id) return self._get_extra_specs(context, type_id) @@ -89,7 +89,7 @@ class VolumeTypeExtraSpecsController(wsgi.Controller): def create(self, req, type_id, body=None): context = req.environ['cinder.context'] - authorize(context) + authorize(context, action='create') self._allow_update(context, type_id) self.assert_valid_body(body, 'extra_specs') @@ -114,7 +114,7 @@ class VolumeTypeExtraSpecsController(wsgi.Controller): def update(self, req, type_id, id, body=None): context = req.environ['cinder.context'] - authorize(context) + authorize(context, action='update') self._allow_update(context, type_id) if not body: @@ -147,7 +147,7 @@ class VolumeTypeExtraSpecsController(wsgi.Controller): def show(self, req, type_id, id): """Return a single extra spec item.""" context = req.environ['cinder.context'] - authorize(context) + authorize(context, action='show') self._check_type(context, type_id) specs = self._get_extra_specs(context, type_id) if id in specs['extra_specs']: @@ -160,7 +160,7 @@ class VolumeTypeExtraSpecsController(wsgi.Controller): """Deletes an existing extra spec.""" context = req.environ['cinder.context'] self._check_type(context, type_id) - authorize(context) + authorize(context, action='delete') self._allow_update(context, type_id) # Not found exception will be handled at the wsgi level diff --git a/cinder/tests/unit/policy.json b/cinder/tests/unit/policy.json index bbb4b7a50..0912de6b2 100644 --- a/cinder/tests/unit/policy.json +++ b/cinder/tests/unit/policy.json @@ -56,7 +56,11 @@ "volume_extension:volume_actions:upload_image": "", "volume_extension:volume_actions:upload_public": "rule:admin_api", "volume_extension:types_manage": "", - "volume_extension:types_extra_specs": "", + "volume_extension:types_extra_specs:create": "", + "volume_extension:types_extra_specs:delete": "", + "volume_extension:types_extra_specs:index": "", + "volume_extension:types_extra_specs:show": "", + "volume_extension:types_extra_specs:update": "", "volume_extension:access_types_qos_specs_id": "rule:admin_api", "volume_extension:access_types_extra_specs": "rule:admin_api", "volume_extension:volume_type_access": "", diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json index 091b655ef..c51f564af 100644 --- a/etc/cinder/policy.json +++ b/etc/cinder/policy.json @@ -32,7 +32,11 @@ "volume:revert_to_snapshot": "rule:admin_or_owner", "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:types_extra_specs:create": "rule:admin_api", + "volume_extension:types_extra_specs:delete": "rule:admin_api", + "volume_extension:types_extra_specs:index": "rule:admin_api", + "volume_extension:types_extra_specs:show": "rule:admin_api", + "volume_extension:types_extra_specs:update": "rule:admin_api", "volume_extension:access_types_qos_specs_id": "rule:admin_api", "volume_extension:access_types_extra_specs": "rule:admin_api", "volume_extension:volume_type_access": "rule:admin_or_owner",