Open Stack

mordred at camelot:~$ neutron net-create test-net-mt
Policy doesn't allow create_network to be performed.

Thank you neutron. Excellent job.

Here's what that looks like at the REST layer:

DEBUG: keystoneclient.session RESP: [403] date: Fri, 04 Sep 2015 
13:55:47 GMT connection: close content-type: application/json; 
charset=UTF-8 content-length: 130 x-openstack-request-id: 
req-ba05b555-82f4-4aaf-91b2-bae37916498d
RESP BODY: {"NeutronError": {"message": "Policy doesn't allow 
create_network to be performed.", "type": "PolicyNotAuthorized", 
"detail": ""}}

As a user, I am not confused. I do not think that maybe I made a mistake 
with my credentials. The cloud in question simply does not allow user 
creation of networks. I'm fine with that. (as a user, that might make 
this cloud unusable to me - but that's a choice I can now make with 
solid information easily. Turns out, I don't need to create networks for 
my application, so this actually makes it easier for me personally)

In any case- rather than complaining and being a whiny brat about 
something that annoys me - I thought I'd say something nice about 
something that the neutron team has done that especially pleases me. I 
would love it if this became the experience across the board in 
OpenStack for times when a feature of the API is disabled by local 
policy. It's possible it already is and I just haven't directly 
experienced it - so please don't take this as a backhanded condemnation 
of anyone else.

Monty