Return policy error, not generic error if nova net-create/delete is forbidden by policy
Bug #1260905 reported by
Tushar Kalra
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
Low
|
Tushar Kalra | ||
Bug Description
When nova net-create and net-delete are prohibited by policy, we should raise policy violation error (403) to the user instead of service unavailable (503) error which is incorrect.
Steps to reproduce:
1. Add the following policies to policy.json:
"network:create": "rule:admin_api",
"network:delete": "rule:admin_api"
2. As a non-admin user, run nova net-create:
$ nova net-create xyz 192.168.254.1/30
ERROR: Create networks failed (HTTP 503)
Here's the output of other forbidden commands:
$ nova baremetal-node-list
ERROR: Policy doesn't allow compute_
| Changed in nova: | |
| assignee: | nobody → Tushar (tkay) |
| description: | updated |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to nova (master) | #1 |
| Changed in nova: | |
| status: | New → In Progress |
| Changed in nova: | |
| importance: | Undecided → Low |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to nova (master) | #2 |
| Changed in nova: | |
| status: | In Progress → Fix Committed |
| Changed in nova: | |
| milestone: | none → icehouse-2 |
| Changed in nova: | |
| status: | Fix Committed → Fix Released |
| Changed in nova: | |
| milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/