51d1899bac
When new default policy rules and scope enforcement are enabled, Neutron needs to handle properly not only PolicyNotAuthorized exception from oslo_policy module but also InvalidScope exception. This patch adds handling of that exception to the neutron policy modules. In the check() method from the neutron.policy module we are calling ENFORCER.enforce() method with do_raise=False which means that PolicyNotAuthorized isn't rasised. Unfortunately it seems that there is bug in oslo.policy module and InvalidScope is raised even with do_raise=False. For now, lets workaround it in Neutron by properly handling InvalidScope exception in the check() method. This workaround can be cleaned when bug [1] will be fixed in oslo.policy. [1] https://bugs.launchpad.net/oslo.policy/+bug/1965315 Partial-Bug: #1959333 Change-Id: I973f8896248c8222031c53343bb53ce48254da74 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| base.py | ||
| resource.py | ||
| resource_helper.py | ||
| router.py | ||