[openstack-dev] This is what disabled-by-policy should look like to the user

John Griffith john.griffith8 at gmail.com
Fri Sep 4 17:42:25 UTC 2015 

On Fri, Sep 4, 2015 at 11:35 AM, Mathieu Gagné <mgagne at internap.com> wrote:

> On 2015-09-04 12:50 PM, Monty Taylor wrote:
> > On 09/04/2015 10:55 AM, Morgan Fainberg wrote:
> >>
> >> Obviously the translation of errors
> >> would be more difficult if the enforcer is generating messages.
> >
> > The type: "PolicyNotAuthorized" is a good general key. Also - even
> > though the command I sent was:
> >
> > neutron net-create
> >
> > On the command line, the entry in the policy_file is "create_network" -
> > so honestly I think that policy.json and oslo.policy should have (or be
> > able to have) all of the info needed to create almost the exact same
> > message. Perhaps "NeutronError" would just need to be
> > "OpenStackPolicyError"?
> >
> > Oh. Wait. You meant translation like i18n translation. In that case, I
> > think it's easy:
> >
> > message=_("Policy doesn't allow %(policy_key)s to be performed",
> > policy_key="create_network")
> >
> > /me waves hands
> >
>
> I don't feel like this error message would be user-friendly:
>
> "Policy doesn't allow os_compute_api:os-instance-actions to be performed"
>
> Policy name aren't human readable and match nothing on the client side.
>
> --
> Mathieu
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

​Ok, so this:

ubuntu at devbox:~$ cinder reset-state 9dee0fae-864c-44f9-bdd7-3330a0f4e899
Reset state for volume 9dee0fae-864c-44f9-bdd7-3330a0f4e899 failed: Policy
doesn't allow volume_extension:volume_admin_actions:reset_status to be
performed. (HTTP 403) (Request-ID: req-8ed2c895-0d1f-4b2c-9859-ee15c19267de)
ERROR: Unable to reset the state for the specified volume(s).
ubuntu at devbox:~$​

​Is no good?  You would like to see "less" in the output; like just the
command name itself and "Policy doesn't allow"?

To Mathieu's point, fair statement WRT the visibility of the policy name.

​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150904/1043b3af/attachment.html>

More information about the OpenStack-dev mailing list