Blacklist error message is unhelpful
Bug #1933784 reported by
Michael Chapman
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Designate |
New
|
Undecided
|
Unassigned | ||
Bug Description
As noted during review here https:/
The zone create API spec doesn't specify what is contained within the message when there is an error, so perhaps either the blacklist object ID or the regex itself could be returned.
By default the blacklist API only allows read access to system admins, so this should probably change if the user is going to be told which regex their zone has matched as part of the error.
Revision history for this message
| Dr. Jens Harbott (j-harbott) wrote | #1 |
Revision history for this message
| Michael Chapman (michaeltchapman) wrote | #2 |
| affects: | python-designateclient → designate |
To post a comment you must log in.
a) This would seem a bug of the API instead of the client, the latter can only respond with what it gets from the API.
b) In my understanding the details of the blacklist regexes are hidden from users by design, so exposing any of the information you are mentioning might undermine what some deployers consider a security feature.
Maybe a deployer can change the access permissions for the blacklist API via a different policy, but I'm not convinced that the current default behavior is wrong and would need to be changed.