Return policy error, not generic error if nova net-create/delete is forbidden by policy
Bug #1260905 reported by
Tushar Kalra
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Tushar Kalra |
Bug Description
When nova net-create and net-delete are prohibited by policy, we should raise policy violation error (403) to the user instead of service unavailable (503) error which is incorrect.
Steps to reproduce:
1. Add the following policies to policy.json:
"network:create": "rule:admin_api",
"network:delete": "rule:admin_api"
2. As a non-admin user, run nova net-create:
$ nova net-create xyz 192.168.254.1/30
ERROR: Create networks failed (HTTP 503)
Here's the output of other forbidden commands:
$ nova baremetal-node-list
ERROR: Policy doesn't allow compute_
Changed in nova: | |
assignee: | nobody → Tushar (tkay) |
description: | updated |
Changed in nova: | |
importance: | Undecided → Low |
Changed in nova: | |
milestone: | none → icehouse-2 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/62123
Review: https:/