Comment 3 for bug 1610069

This is not related to the policy in code work, though that is where the detach_interface policy was removed from the sample file. The actual check was removed in https://review.openstack.org/#/c/320752/4/nova/compute/api.py@3187 which was apparently a mistake since there is no corresponding check in the API code.

The thought behind removing the compute/api.py checks was that there should be a corresponding check in the API. There is a check to allow or disallow actions in the attach_interface extension, but there is no distinction between an attach and a detach. They all look like http://git.openstack.org/cgit/openstack/nova/tree/nova/api/openstack/compute/attach_interfaces.py#n147. So we have inadvertently removed the ability to allow one and not the other.