[openstack-dev] [nova] Which error code should we return when OverQuota

Sean Dague sean at dague.net
Wed May 6 10:43:05 UTC 2015


It does, however I looked through the history of that repo, and that's
just in one of Jay's documents that predates the group. I'm a little
cautious to give it a lot of weight without rationale.

Honestly, there is this obsession of assuming that there *are* good fits
for HTTP status codes for non webbrowser interaction patterns. There are
not. The error code set was based around a specific expected web browser
/ website model from 20 years ago.

I honestly think we'd be better served by limiting our use of non 200 or
400 codes to really narrow conditions (the ones that you'd expect from
the browser interaction pattern). This would approach the whole problem
from the "least surprise" perspective.

404 - resource doesn't exist (appropriate for GET /foo/ID_NUMBER where
the thing isn't there)

403 - permissions error. Appropriate for a resource that exists, but you
do not have enough permissions for it. I.e. it's an admin URL or someone
else's resource.

All other client errors, just be a 400. And use the emerging error
reporting json to actually tell the client what's going on.

	-Sean


On 05/05/2015 09:48 PM, Alex Xu wrote:
> From API-WG guideline, exceed quota should be 403
> 
> https://github.com/openstack/api-wg/blob/master/guidelines/http.rst
> 
> 2015-05-06 3:30 GMT+08:00 Chen CH Ji <jichenjc at cn.ibm.com
> <mailto:jichenjc at cn.ibm.com>>:
> 
>     In doing patch [1], A suggestion is submitted that we should return
>     400 (bad Request) instead of 403 (Forbidden)
>     I take a look at [2], seems 400 is not a good candidate because
>     /'//The request could not be understood by the server due to
>     malformed syntax. The client SHOULD NOT repeat the request without
>     modifications. //'/
> 
>     may be a 409 (conflict) error if we really don't think 403 is a good
>     one?
>     Thanks
> 
> 
>     [1] https://review.openstack.org/#/c/173985/
>     [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
> 
>     Best Regards!
> 
>     Kevin (Chen) Ji 纪 晨
> 
>     Engineer, zVM Development, CSTL
>     Notes: Chen CH Ji/China/IBM at IBMCN   Internet: jichenjc at cn.ibm.com
>     <mailto:jichenjc at cn.ibm.com>
>     Phone: +86-10-82454158 <tel:%2B86-10-82454158>
>     Address: 3/F Ring Building, ZhongGuanCun Software Park, Haidian
>     District, Beijing 100193, PRC
> 
> 
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 


-- 
Sean Dague
http://dague.net



More information about the OpenStack-dev mailing list