[Openstack-operators] Better error messages for API policy enforcements

Robert Starmer robert at kumul.us
Wed Dec 2 23:24:08 UTC 2015

I can't think of a case where better error response and log messages are
not useful/desired.


On Wed, Dec 2, 2015 at 2:39 PM, Mike Dorman <mdorman at godaddy.com> wrote:

> We use some custom API policies (as in policy.json) to restrict certain
> operations to particular roles or requiring some fields on calls (i.e. we
> require that users give us an availability zone when booting an instance.)
> When the policy causes the operation to be denied, the only response that
> goes back to the user is something like “operation is denied by policy.”
>  This is confusing and it’d be really nice if we could send back a response
> like “you need to have xxxx role to do this”, or “availability zone is
> required.”
> I was thinking about writing up a RFE bug for a feature that would allow
> configuration of a custom “policy denied” message in policy.json.  Would
> this be useful/desired by others?
> Mike
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151202/51c38663/attachment.html>

More information about the OpenStack-operators mailing list