Just wanted to point out that the fault message is the only communication we have to the user about why the instance is in ERROR state. If we make that admin-only, then there will be no indication to non-admin end users about why their instance is in ERROR. It would be a major change and I'm not sure whether we should to go that far? I thought the end user (even non-admin) being able to have some info about why their instance is in ERROR is important for user experience, even if the info is something the "NoValidHost".
In general, I think we usually control what goes into the fault message (above the virt driver layer), but inside the drivers, looks like it's the wild west. I'm wondering if we could do something more like expose only the first sentence of a lower-level error in our handling decorators, by truncating it. And leave the full traceback for the fault "detail" which is admin-only by default policy.
I do empathize that we don't want to be playing whack-a-mole here. I'm just a bit hesitant about the idea of removing all ERROR state info for non-admin users.
Just wanted to point out that the fault message is the only communication we have to the user about why the instance is in ERROR state. If we make that admin-only, then there will be no indication to non-admin end users about why their instance is in ERROR. It would be a major change and I'm not sure whether we should to go that far? I thought the end user (even non-admin) being able to have some info about why their instance is in ERROR is important for user experience, even if the info is something the "NoValidHost".
In general, I think we usually control what goes into the fault message (above the virt driver layer), but inside the drivers, looks like it's the wild west. I'm wondering if we could do something more like expose only the first sentence of a lower-level error in our handling decorators, by truncating it. And leave the full traceback for the fault "detail" which is admin-only by default policy.
I do empathize that we don't want to be playing whack-a-mole here. I'm just a bit hesitant about the idea of removing all ERROR state info for non-admin users.