Add log statements for policy check failures

Misconfiguration of the policy.json file may cause policy check failures. It's kind to the developer to log the underlying exception so that he/she can have more information as to how to address the problem. Closes bug: #1246139 Change-Id: I8664959cb98b3a41d159db3acb91da9baba810ae
2013-10-29 18:20:53 -07:00 · 2013-10-29 18:20:53 -07:00 · 573711b6e1
commit 573711b6e1
parent 356aab7b2f
1 changed files with 6 additions and 3 deletions
--- a/neutron/policy.py
+++ b/neutron/policy.py
@ -370,13 +370,16 @@ def enforce(context, action, target, plugin=None):
    :param plugin: currently unused and deprecated.
        Kept for backward compatibility.

-    :raises neutron.exceptions.PolicyNotAllowed: if verification fails.
+    :raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
    """

    init()
    rule, target, credentials = _prepare_check(context, action, target)
-    return policy.check(rule, target, credentials,
-                        exc=exceptions.PolicyNotAuthorized, action=action)
+    result = policy.check(rule, target, credentials, action=action)
+    if not result:
+        LOG.debug(_("Failed policy check for '%s'"), action)
+        raise exceptions.PolicyNotAuthorized(action=action)
+    return result


 def check_is_admin(context):