On 09/04/2015 10:04 AM, Monty Taylor wrote:
mordred@camelot:~$ neutron net-create test-net-mt
Policy doesn't allow create_network to be performed.
Thank you neutron. Excellent job.
Here's what that looks like at the REST layer:
DEBUG: keystoneclient.session RESP: [403] date: Fri, 04 Sep 2015
13:55:47 GMT connection: close content-type: application/json;
charset=UTF-8 content-length: 130 x-openstack-request-id:
req-ba05b555-82f4-4aaf-91b2-bae37916498d
RESP BODY: {"NeutronError": {"message": "Policy doesn't allow
create_network to be performed.", "type": "PolicyNotAuthorized",
"detail": ""}}
As a user, I am not confused. I do not think that maybe I made a
mistake with my credentials. The cloud in question simply does not
allow user creation of networks. I'm fine with that. (as a user, that
might make this cloud unusable to me - but that's a choice I can now
make with solid information easily. Turns out, I don't need to create
networks for my application, so this actually makes it easier for me
personally)
In any case- rather than complaining and being a whiny brat about
something that annoys me - I thought I'd say something nice about
something that the neutron team has done that especially pleases me.
Then let my Hijack:
Policy is still broken. We need the pieces of Dynamic policy.
I am going to call for a cross project policy discussion for the
upcoming summit. Please, please, please all the projects attend. The
operators have made it clear they need better policy support.
I would love it if this became the experience across the board in
OpenStack for times when a feature of the API is disabled by local
policy. It's possible it already is and I just haven't directly
experienced it - so please don't take this as a backhanded
condemnation of anyone else.
Monty
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev