> On Sep 4, 2015, at 07:04, Monty Taylor <mord...@inaugust.com> wrote:
>
> mordred@camelot:~$ neutron net-create test-net-mt
> Policy doesn't allow create_network to be performed.
>
> Thank you neutron. Excellent job.
>
> Here's what that looks like at the REST layer:
>
> DEBUG: keystoneclient.session RESP: [403] date: Fri, 04 Sep 2015 13:55:47 GMT
> connection: close content-type: application/json; charset=UTF-8
> content-length: 130 x-openstack-request-id:
> req-ba05b555-82f4-4aaf-91b2-bae37916498d
> RESP BODY: {"NeutronError": {"message": "Policy doesn't allow create_network
> to be performed.", "type": "PolicyNotAuthorized", "detail": ""}}
>
> As a user, I am not confused. I do not think that maybe I made a mistake with
> my credentials. The cloud in question simply does not allow user creation of
> networks. I'm fine with that. (as a user, that might make this cloud unusable
> to me - but that's a choice I can now make with solid information easily.
> Turns out, I don't need to create networks for my application, so this
> actually makes it easier for me personally)
>
The 403 (yay good HTTP error choice) and message is great here.
We should make this the default (I think we can do something like this baking
it into the enforcer in oslo.policy so that it is consistent across openstack).
Obviously the translation of errors would be more difficult if the enforcer is
generating messages.
--Morgan
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
