[Openstack-operators] Better error messages for API policy enforcements

Mike Dorman mdorman at godaddy.com
Wed Dec 2 22:39:25 UTC 2015


We use some custom API policies (as in policy.json) to restrict certain operations to particular roles or requiring some fields on calls (i.e. we require that users give us an availability zone when booting an instance.)

When the policy causes the operation to be denied, the only response that goes back to the user is something like “operation is denied by policy.”  This is confusing and it’d be really nice if we could send back a response like “you need to have xxxx role to do this”, or “availability zone is required.”

I was thinking about writing up a RFE bug for a feature that would allow configuration of a custom “policy denied” message in policy.json.  Would this be useful/desired by others?

Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151202/1d30b69b/attachment.html>


More information about the OpenStack-operators mailing list