]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 248375e)
Make sure exceptions during policy checks are logged.
authorarmando-migliaccio <amigliaccio@nicira.com>
Mon, 17 Jun 2013 20:33:46 +0000 (13:33 -0700)
committerarmando-migliaccio <amigliaccio@nicira.com>
Wed, 19 Jun 2013 21:23:49 +0000 (14:23 -0700)
If the invocation of f bombs out, the policy check fails (i.e. returns
False), however it does not log the root cause, which makes very
difficult to understand why this is happening.

Fixes bug #1191948

Change-Id: Ic40053f3965b71199baf9fe3902e8ffc9745076f

quantum/policy.py patch | blob | history
quantum/tests/unit/test_policy.py patch | blob | history

diff --git a/quantum/policy.py b/quantum/policy.py
index f99ef0dfd0e705fbff919f765c7b5d42a34ce482..15ce56164215133e98db1d8d4adf510317be91dd 100644 (file)
--- a/quantum/policy.py
+++ b/quantum/policy.py
@@ -233,10 +233,14 @@ class OwnerCheck(policy.Check):
             # f *must* exist, if not found it is better to let quantum
             # explode. Check will be performed with admin context
             context = importutils.import_module('quantum.context')
-            data = f(context.get_admin_context(),
-                     target[parent_foreign_key],
-                     fields=[parent_field])
-            target[self.target_field] = data[parent_field]
+            try:
+                data = f(context.get_admin_context(),
+                         target[parent_foreign_key],
+                         fields=[parent_field])
+                target[self.target_field] = data[parent_field]
+            except Exception:
+                LOG.exception(_('Policy check error while calling %s!'), f)
+                raise
         match = self.match % target
         if self.kind in creds:
             return match == unicode(creds[self.kind])
diff --git a/quantum/tests/unit/test_policy.py b/quantum/tests/unit/test_policy.py
index 0c47dffb534c90a2e7239c12cb54aefabb05c3a9..5a6d6bfad30bb3cd7169bccb30badf51cfdcaf40 100644 (file)
--- a/quantum/tests/unit/test_policy.py
+++ b/quantum/tests/unit/test_policy.py
@@ -344,6 +344,24 @@ class QuantumPolicyTestCase(base.BaseTestCase):
             result = policy.enforce(self.context, action, target)
             self.assertTrue(result)
 
+    def test_enforce_plugin_failure(self):
+
+        def fakegetnetwork(*args, **kwargs):
+            raise NotImplementedError('Blast!')
+
+        # the policy check and plugin method we use in this test are irrelevant
+        # so long that we verify that, if *f* blows up, the behavior of the
+        # policy engine to propagate the exception is preserved
+        action = "create_port:mac"
+        with mock.patch.object(manager.QuantumManager.get_instance().plugin,
+                               'get_network', new=fakegetnetwork):
+            target = {'network_id': 'whatever'}
+            self.assertRaises(NotImplementedError,
+                              policy.enforce,
+                              self.context,
+                              action,
+                              target)
+
     def test_enforce_tenant_id_check_parent_resource_bw_compatibility(self):
 
         def fakegetnetwork(*args, **kwargs):