Merge "Provide useful info when parsing policy file"

keystone/exception.py

@@ -358,6 +358,10 @@ class UnexpectedError(SecurityError):
     title = 'Internal Server Error'
 
 
+class PolicyParsingError(UnexpectedError):
+    message_format = _("Unable to parse policy file %(policy_file)s.")
+
+
 class TrustConsumeMaximumAttempt(UnexpectedError):
     debug_message_format = _("Unable to consume trust %(trust_id)s, unable to "
                              "acquire lock.")

keystone/policy/backends/rules.py

@@ -61,8 +61,11 @@ def init():
 def _set_rules(data):
     global _ENFORCER
     default_rule = CONF.policy_default_rule
-    _ENFORCER.set_rules(common_policy.Rules.load_json(
-        data, default_rule))
+    try:
+        _ENFORCER.set_rules(common_policy.Rules.load_json(
+            data, default_rule))
+    except ValueError:
+        raise exception.PolicyParsingError(policy_file=_POLICY_PATH)
 
 
 def enforce(credentials, action, target, do_raise=True):

keystone/tests/test_policy.py

@@ -57,6 +57,15 @@ class PolicyFileTestCase(tests.TestCase):
         self.assertRaises(exception.ForbiddenAction, rules.enforce,
                           empty_credentials, action, self.target)
 
+    def test_invalid_policy_raises_error(self):
+        action = "example:test"
+        empty_credentials = {}
+        invalid_json = '{"example:test": [],}'
+        with open(self.tmpfilename, "w") as policyfile:
+            policyfile.write(invalid_json)
+        self.assertRaises(exception.PolicyParsingError, rules.enforce,
+                          empty_credentials, action, self.target)
+
 
 class PolicyTestCase(tests.TestCase):
     def setUp(self):