[openstack-dev] This is what disabled-by-policy should look like to the user
Mathieu Gagné
mgagne at internap.com
Fri Sep 4 17:35:11 UTC 2015
On 2015-09-04 12:50 PM, Monty Taylor wrote:
> On 09/04/2015 10:55 AM, Morgan Fainberg wrote:
>>
>> Obviously the translation of errors
>> would be more difficult if the enforcer is generating messages.
>
> The type: "PolicyNotAuthorized" is a good general key. Also - even
> though the command I sent was:
>
> neutron net-create
>
> On the command line, the entry in the policy_file is "create_network" -
> so honestly I think that policy.json and oslo.policy should have (or be
> able to have) all of the info needed to create almost the exact same
> message. Perhaps "NeutronError" would just need to be
> "OpenStackPolicyError"?
>
> Oh. Wait. You meant translation like i18n translation. In that case, I
> think it's easy:
>
> message=_("Policy doesn't allow %(policy_key)s to be performed",
> policy_key="create_network")
>
> /me waves hands
>
I don't feel like this error message would be user-friendly:
"Policy doesn't allow os_compute_api:os-instance-actions to be performed"
Policy name aren't human readable and match nothing on the client side.
--
Mathieu
More information about the OpenStack-dev
mailing list