From: armando-migliaccio Date: Wed, 30 Oct 2013 01:20:53 +0000 (-0700) Subject: Add log statements for policy check failures X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=1ad5fc84936b4ad2850d1d632514cfb5b24dfd43;p=openstack-build%2Fneutron-build.git Add log statements for policy check failures Misconfiguration of the policy.json file may cause policy check failures. It's kind to the developer to log the underlying exception so that he/she can have more information as to how to address the problem. Closes bug: #1246139 Change-Id: I8664959cb98b3a41d159db3acb91da9baba810ae --- diff --git a/neutron/policy.py b/neutron/policy.py index a129813a2..c4c241a58 100644 --- a/neutron/policy.py +++ b/neutron/policy.py @@ -370,13 +370,16 @@ def enforce(context, action, target, plugin=None): :param plugin: currently unused and deprecated. Kept for backward compatibility. - :raises neutron.exceptions.PolicyNotAllowed: if verification fails. + :raises neutron.exceptions.PolicyNotAuthorized: if verification fails. """ init() rule, target, credentials = _prepare_check(context, action, target) - return policy.check(rule, target, credentials, - exc=exceptions.PolicyNotAuthorized, action=action) + result = policy.check(rule, target, credentials, action=action) + if not result: + LOG.debug(_("Failed policy check for '%s'"), action) + raise exceptions.PolicyNotAuthorized(action=action) + return result def check_is_admin(context):