From 1ad5fc84936b4ad2850d1d632514cfb5b24dfd43 Mon Sep 17 00:00:00 2001
From: armando-migliaccio <amigliaccio@nicira.com>
Date: Tue, 29 Oct 2013 18:20:53 -0700
Subject: [PATCH] Add log statements for policy check failures

Misconfiguration of the policy.json file may
cause policy check failures. It's kind to the
developer to log the underlying exception
so that he/she can have more information as to
how to address the problem.

Closes bug: #1246139

Change-Id: I8664959cb98b3a41d159db3acb91da9baba810ae
---
 neutron/policy.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/neutron/policy.py b/neutron/policy.py
index a129813a2..c4c241a58 100644
--- a/neutron/policy.py
+++ b/neutron/policy.py
@@ -370,13 +370,16 @@ def enforce(context, action, target, plugin=None):
     :param plugin: currently unused and deprecated.
         Kept for backward compatibility.
 
-    :raises neutron.exceptions.PolicyNotAllowed: if verification fails.
+    :raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
     """
 
     init()
     rule, target, credentials = _prepare_check(context, action, target)
-    return policy.check(rule, target, credentials,
-                        exc=exceptions.PolicyNotAuthorized, action=action)
+    result = policy.check(rule, target, credentials, action=action)
+    if not result:
+        LOG.debug(_("Failed policy check for '%s'"), action)
+        raise exceptions.PolicyNotAuthorized(action=action)
+    return result
 
 
 def check_is_admin(context):
-- 
2.45.2