"I think we should provide a sample with all possible policies - this should be doable. The admin guide should already contain a guide for editing policy.json"
#2 - There must be a way for an operator to know what is going on. The only way I could find something about it was editing the source code with a print statement and re-exercising the the API.
How could an operator know that delete_xxx:extension_yyy:attribute_zzz policy is also being checked and that it is the reason for Neutron not to be doing what s/he intends to do?
I still think that information should be in the logs or something equivalent, as it will never be outdated -- as would happen if it is in the documents or even in the sample policy.json.
#1 - I agree when you say:
"I think we should provide a sample with all possible policies - this should be doable. The admin guide should already contain a guide for editing policy.json"
#2 - There must be a way for an operator to know what is going on. The only way I could find something about it was editing the source code with a print statement and re-exercising the the API.
How could an operator know that delete_ xxx:extension_ yyy:attribute_ zzz policy is also being checked and that it is the reason for Neutron not to be doing what s/he intends to do?
I still think that information should be in the logs or something equivalent, as it will never be outdated -- as would happen if it is in the documents or even in the sample policy.json.