Okay, but it *does* create a server in nova and uses that uuid for the attachment. So if cinder does check nova, it will find an instance. I haven't looked deeply at the cinder patch, but you're saying because nova doesn't think the instance is actually attached to the volume, it will allow the delete? If so, then cool.
Presumably we want to also have a tempest test added to ensure that if we create/attach through nova and try to delete the attachment as a user, we get the expected 409. Not critical before disclosure I suppose, but I think we probably want that eventually.
Okay, but it *does* create a server in nova and uses that uuid for the attachment. So if cinder does check nova, it will find an instance. I haven't looked deeply at the cinder patch, but you're saying because nova doesn't think the instance is actually attached to the volume, it will allow the delete? If so, then cool.
Presumably we want to also have a tempest test added to ensure that if we create/attach through nova and try to delete the attachment as a user, we get the expected 409. Not critical before disclosure I suppose, but I think we probably want that eventually.