On 09/04/2015 10:55 AM, Morgan Fainberg wrote:
On Sep 4, 2015, at 07:04, Monty Taylor <mord...@inaugust.com>
wrote:
mordred@camelot:~$ neutron net-create test-net-mt Policy doesn't
allow create_network to be performed.
Thank you neutron. Excellent job.
Here's what that looks like at the REST layer:
DEBUG: keystoneclient.session RESP: [403] date: Fri, 04 Sep 2015
13:55:47 GMT connection: close content-type: application/json;
charset=UTF-8 content-length: 130 x-openstack-request-id:
req-ba05b555-82f4-4aaf-91b2-bae37916498d RESP BODY:
{"NeutronError": {"message": "Policy doesn't allow create_network
to be performed.", "type": "PolicyNotAuthorized", "detail": ""}}
As a user, I am not confused. I do not think that maybe I made a
mistake with my credentials. The cloud in question simply does not
allow user creation of networks. I'm fine with that. (as a user,
that might make this cloud unusable to me - but that's a choice I
can now make with solid information easily. Turns out, I don't need
to create networks for my application, so this actually makes it
easier for me personally)
The 403 (yay good HTTP error choice) and message is great here.
We should make this the default (I think we can do something like
this baking it into the enforcer in oslo.policy so that it is
consistent across openstack).
Great idea!
Obviously the translation of errors
would be more difficult if the enforcer is generating messages.
The type: "PolicyNotAuthorized" is a good general key. Also - even
though the command I sent was:
neutron net-create
On the command line, the entry in the policy_file is "create_network" -
so honestly I think that policy.json and oslo.policy should have (or be
able to have) all of the info needed to create almost the exact same
message. Perhaps "NeutronError" would just need to be
"OpenStackPolicyError"?
Oh. Wait. You meant translation like i18n translation. In that case, I
think it's easy:
message=_("Policy doesn't allow %(policy_key)s to be performed",
policy_key="create_network")
/me waves hands
--Morgan
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
