This issue still exists in nova.
How to reproduce:
1. Set non-default policy.yaml, so user will be able to create private flavor, but it will never be able to add tenant access:
"os_compute_api:os-flavor-manage": "rule:admin_or_owner"
"os_compute_api:os-flavor-manage:create": "rule:os_compute_api:os-flavor-manage"
"os_compute_api:os-flavor-manage:delete": "rule:os_compute_api:os-flavor-manage"
"os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api"
"os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api"
2. Create private flavor within tenant's project.
3. See, that there is no flavor access at all for this flavor.
This issue still exists in nova. api:os- flavor- manage" : "rule:admin_ or_owner" api:os- flavor- manage: create" : "rule:os_ compute_ api:os- flavor- manage" api:os- flavor- manage: delete" : "rule:os_ compute_ api:os- flavor- manage" api:os- flavor- access: add_tenant_ access" : "rule:admin_api" api:os- flavor- access: remove_ tenant_ access" : "rule:admin_api"
How to reproduce:
1. Set non-default policy.yaml, so user will be able to create private flavor, but it will never be able to add tenant access:
"os_compute_
"os_compute_
"os_compute_
"os_compute_
"os_compute_
2. Create private flavor within tenant's project.
3. See, that there is no flavor access at all for this flavor.