[openstack-dev] This is what disabled-by-policy should look like to the user
Monty Taylor
mordred at inaugust.com
Fri Sep 4 16:50:33 UTC 2015
On 09/04/2015 10:55 AM, Morgan Fainberg wrote:
>
>
>> On Sep 4, 2015, at 07:04, Monty Taylor <mordred at inaugust.com>
>> wrote:
>>
>> mordred at camelot:~$ neutron net-create test-net-mt Policy doesn't
>> allow create_network to be performed.
>>
>> Thank you neutron. Excellent job.
>>
>> Here's what that looks like at the REST layer:
>>
>> DEBUG: keystoneclient.session RESP: [403] date: Fri, 04 Sep 2015
>> 13:55:47 GMT connection: close content-type: application/json;
>> charset=UTF-8 content-length: 130 x-openstack-request-id:
>> req-ba05b555-82f4-4aaf-91b2-bae37916498d RESP BODY:
>> {"NeutronError": {"message": "Policy doesn't allow create_network
>> to be performed.", "type": "PolicyNotAuthorized", "detail": ""}}
>>
>> As a user, I am not confused. I do not think that maybe I made a
>> mistake with my credentials. The cloud in question simply does not
>> allow user creation of networks. I'm fine with that. (as a user,
>> that might make this cloud unusable to me - but that's a choice I
>> can now make with solid information easily. Turns out, I don't need
>> to create networks for my application, so this actually makes it
>> easier for me personally)
>>
>
> The 403 (yay good HTTP error choice) and message is great here.
>
> We should make this the default (I think we can do something like
> this baking it into the enforcer in oslo.policy so that it is
> consistent across openstack).
Great idea!
> Obviously the translation of errors
> would be more difficult if the enforcer is generating messages.
The type: "PolicyNotAuthorized" is a good general key. Also - even
though the command I sent was:
neutron net-create
On the command line, the entry in the policy_file is "create_network" -
so honestly I think that policy.json and oslo.policy should have (or be
able to have) all of the info needed to create almost the exact same
message. Perhaps "NeutronError" would just need to be
"OpenStackPolicyError"?
Oh. Wait. You meant translation like i18n translation. In that case, I
think it's easy:
message=_("Policy doesn't allow %(policy_key)s to be performed",
policy_key="create_network")
/me waves hands
> --Morgan
>
>
>
> __________________________________________________________________________
>
>
OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list