openstack/horizon
Code Issues Proposed changes

Handle Permission Denied for policy files

Browse Source 
oslo.policy doesn't handle Permission Denied error during file
parsing. This patch just ignores IOError exceptions to fallback to
the default behaviour.

Closes-Bug: #1845523
Change-Id: I87c2862e6e3a3f42d231552b00dc02364d6fa14f
This commit is contained in:
Ivan Kolodyazhny 2019-09-02 18:25:55 +03:00
parent 30b7cfb9b8
commit f57b6ead57
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openstack_auth/policy.py
View File

@ -64,7 +64,16 @@ def _get_enforcer():
policy_file, policy_dirs = _get_policy_file_with_full_path(service) policy_file, policy_dirs = _get_policy_file_with_full_path(service)
conf = _get_policy_conf(policy_file, policy_dirs) conf = _get_policy_conf(policy_file, policy_dirs)
enforcer = policy.Enforcer(conf) enforcer = policy.Enforcer(conf)
enforcer.load_rules() try:
enforcer.load_rules()
except IOError:
# Just in case if we have permission denied error which is not
# handled by oslo.policy now. It will handled in the code like
# we don't have any policy file: allow action from the Horizon
# side.
LOG.warning("Cannot load a policy file '%s' for service '%s' "
"due to IOError. One possible reason is "
"permission denied.", policy_file, service)
# Ensure enforcer.rules is populated. # Ensure enforcer.rules is populated.
if enforcer.rules: if enforcer.rules:
LOG.debug("adding enforcer for service: %s", service) LOG.debug("adding enforcer for service: %s", service)