4aa55f3edf
The os-volume_attachments APIs have their own policy settings defined, yet were also checking the policy settings defined for the os-volumes APIs. This should never have been the case, but especially not now that the os-volumes APIs are deprecated and don't even work anymore with newer microversions. This change removes the os-volumes policy checks for os-volume_attachment API requests. The code will continue to make os-volumes policy checks for os-volumes APIs, and os-volume_attachment policy checks for os-volume_attachment APIs. Removed the _items method, which was only being called from one place, to resolve comments that policy checks should always happen immediately upon entering the API methods. Change-Id: I35aaedf5c4c49cb568fa06c2974f9a35aa2ffcc5 Closes-Bug: #1635358 UpgradeImpact
9 lines
328 B
YAML
9 lines
328 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The os-volume_attachments APIs no longer check
|
|
``os_compute_api:os-volumes`` policy. They do still check
|
|
``os_compute_api:os-volumes-attachments`` policy rules. Deployers
|
|
who have customized policy should confirm that their settings for
|
|
os-volume_attachments policy checks are sufficient.
|