diff --git a/nova/api/openstack/compute/ips.py b/nova/api/openstack/compute/ips.py index 858340435258..2809396c715f 100644 --- a/nova/api/openstack/compute/ips.py +++ b/nova/api/openstack/compute/ips.py @@ -38,16 +38,18 @@ class IPsController(wsgi.Controller): @wsgi.expected_errors(404) def index(self, req, server_id): context = req.environ["nova.context"] - context.can(ips_policies.POLICY_ROOT % 'index') instance = common.get_instance(self._compute_api, context, server_id) + context.can(ips_policies.POLICY_ROOT % 'index', + target={'project_id': instance.project_id}) networks = common.get_networks_for_instance(context, instance) return self._view_builder.index(networks) @wsgi.expected_errors(404) def show(self, req, server_id, id): context = req.environ["nova.context"] - context.can(ips_policies.POLICY_ROOT % 'show') instance = common.get_instance(self._compute_api, context, server_id) + context.can(ips_policies.POLICY_ROOT % 'show', + target={'project_id': instance.project_id}) networks = common.get_networks_for_instance(context, instance) if id not in networks: msg = _("Instance is not a member of specified network") diff --git a/nova/tests/unit/api/openstack/compute/test_serversV21.py b/nova/tests/unit/api/openstack/compute/test_serversV21.py index 712fd4d34c7f..05fee0109f84 100644 --- a/nova/tests/unit/api/openstack/compute/test_serversV21.py +++ b/nova/tests/unit/api/openstack/compute/test_serversV21.py @@ -8109,6 +8109,10 @@ class IPsPolicyEnforcementV21(test.NoDBTestCase): super(IPsPolicyEnforcementV21, self).setUp() self.controller = ips.IPsController() self.req = fakes.HTTPRequest.blank("/v2/%s" % fakes.FAKE_PROJECT_ID) + self.mock_get = self.useFixture( + fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock + self.mock_get.return_value = fake_instance.fake_instance_obj( + self.req.environ['nova.context']) def test_index_policy_failed(self): rule_name = "os_compute_api:ips:index"