Fix v2 API dataframes get policy check

sorrison · priteau · commit a7c010e05454 · 2022-02-25T22:26:28.000Z
oslo.policy expects the key project_id, not tenant_id anymore. This was causing the GET /v2/dataframes policy check to fail: $ openstack --rating-api-version 2 rating dataframes get {"message": "You are not authorized to perform this action"} (HTTP 403) In the v1 API, the storage:list_data_frames operation was not affected because it uses project_id. Change-Id: Ie4aa6a21e3829223aab0f91d809e311e0f0318cb Story: 2009879 Task: 44618 (cherry picked from commit 32bf128)
diff --git a/cloudkitty/api/v2/dataframes/dataframes.py b/cloudkitty/api/v2/dataframes/dataframes.py
@@ -72,7 +72,7 @@ def get(self,
         policy.authorize(
             flask.request.context,
             'dataframes:get',
-            {'tenant_id': flask.request.context.project_id},
+            {'project_id': flask.request.context.project_id},
         )
 
         begin = begin or tzutils.get_month_start()
diff --git a/releasenotes/notes/dataframes-get-v2-policy-check-6070fc047b2e1496.yaml b/releasenotes/notes/dataframes-get-v2-policy-check-6070fc047b2e1496.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes policy check when getting dataframes using the v2 API, causing the
+    operation to fail when run by a non-admin user. See story 2009879
+    <https://storyboard.openstack.org/#!/story/2009879>`_ for more details.

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ def get(self,`
`72`	`72`	`policy.authorize(`
`73`	`73`	`flask.request.context,`
`74`	`74`	`'dataframes:get',`
`75`		`- {'tenant_id': flask.request.context.project_id},`
	`75`	`+ {'project_id': flask.request.context.project_id},`
`76`	`76`	`)`
`77`	`77`
`78`	`78`	`begin = begin or tzutils.get_month_start()`