Add log statements for policy check failures

Misconfiguration of the policy.json file may
cause policy check failures. It's kind to the
developer to log the underlying exception
so that he/she can have more information as to
how to address the problem.

Closes bug: #1246139

Change-Id: I8664959cb98b3a41d159db3acb91da9baba810ae
This commit is contained in:
armando-migliaccio 2013-10-29 18:20:53 -07:00
parent fd952c9fbe
commit 1ad5fc8493

View File

@ -370,13 +370,16 @@ def enforce(context, action, target, plugin=None):
:param plugin: currently unused and deprecated.
Kept for backward compatibility.
:raises neutron.exceptions.PolicyNotAllowed: if verification fails.
:raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
"""
init()
rule, target, credentials = _prepare_check(context, action, target)
return policy.check(rule, target, credentials,
exc=exceptions.PolicyNotAuthorized, action=action)
result = policy.check(rule, target, credentials, action=action)
if not result:
LOG.debug(_("Failed policy check for '%s'"), action)
raise exceptions.PolicyNotAuthorized(action=action)
return result
def check_is_admin(context):