On 12/02/15 at 03:24pm, Robert Starmer wrote:
I can't think of a case where better error response and log messages are
not useful/desired.
I agree with this, but I don't think that custom error messages defined
in policy.json are the way to go. The API response should be standard
across deployments so error response improvements should be done in the
code.
There has also been discussion about tackling this from the other end
and allowing users to get a list of things they're allowed to do before
even making a request. This doesn't directly address providing
information to users on what they need to do to gain a new capability
but whatever API is created to provide a list of capabilities may be the
better place to add that info rather than the current policy failure
response.
Robert
On Wed, Dec 2, 2015 at 2:39 PM, Mike Dorman <mdor...@godaddy.com> wrote:
We use some custom API policies (as in policy.json) to restrict certain
operations to particular roles or requiring some fields on calls (i.e. we
require that users give us an availability zone when booting an instance.)
When the policy causes the operation to be denied, the only response that
goes back to the user is something like “operation is denied by policy.”
This is confusing and it’d be really nice if we could send back a response
like “you need to have xxxx role to do this”, or “availability zone is
required.”
I was thinking about writing up a RFE bug for a feature that would allow
configuration of a custom “policy denied” message in policy.json. Would
this be useful/desired by others?
Mike
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
