2013-12-14 01:02:33 |
Tushar Kalra |
description |
When nova net-create and net-delete are prohibited by policy, we should raise policy violation error (403) to the user instead of service unavailable (503) error which is incorrect.
Steps to reproduce:
1. Add the following policies to policy.json:
"network:create": "rule:admin_api",
"network:delete": "rule:admin_api"
2. As a non-admin user, run nova net-create:
nova net-create xyz 192.168.254.1/30
ERROR: Create networks failed (HTTP 503)
Here's the output of other forbidden commands:
$ nova baremetal-node-list
ERROR: Policy doesn't allow compute_extension:baremetal_nodes to be performed. (HTTP 403) |
When nova net-create and net-delete are prohibited by policy, we should raise policy violation error (403) to the user instead of service unavailable (503) error which is incorrect.
Steps to reproduce:
1. Add the following policies to policy.json:
"network:create": "rule:admin_api",
"network:delete": "rule:admin_api"
2. As a non-admin user, run nova net-create:
$ nova net-create xyz 192.168.254.1/30
ERROR: Create networks failed (HTTP 503)
Here's the output of other forbidden commands:
$ nova baremetal-node-list
ERROR: Policy doesn't allow compute_extension:baremetal_nodes to be performed. (HTTP 403) |
|