x/vmware-nsx
Code Issues Proposed changes

Make sure exceptions during policy checks are logged.

Browse Source 
If the invocation of f bombs out, the policy check fails (i.e. returns
False), however it does not log the root cause, which makes very
difficult to understand why this is happening.

Fixes bug #1191948

Change-Id: Ic40053f3965b71199baf9fe3902e8ffc9745076f
This commit is contained in:
armando-migliaccio 2013-06-17 13:33:46 -07:00
parent 248375ed0b
commit 8eea1ae574
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
quantum/policy.py
View File

@ -233,10 +233,14 @@ class OwnerCheck(policy.Check):
# f *must* exist, if not found it is better to let quantum # f *must* exist, if not found it is better to let quantum
# explode. Check will be performed with admin context # explode. Check will be performed with admin context
context = importutils.import_module('quantum.context') context = importutils.import_module('quantum.context')
try:
data = f(context.get_admin_context(), data = f(context.get_admin_context(),
target[parent_foreign_key], target[parent_foreign_key],
fields=[parent_field]) fields=[parent_field])
target[self.target_field] = data[parent_field] target[self.target_field] = data[parent_field]
except Exception:
LOG.exception(_('Policy check error while calling %s!'), f)
raise
match = self.match % target match = self.match % target
if self.kind in creds: if self.kind in creds:
return match == unicode(creds[self.kind]) return match == unicode(creds[self.kind])

18
quantum/tests/unit/test_policy.py
View File

@ -344,6 +344,24 @@ class QuantumPolicyTestCase(base.BaseTestCase):
result = policy.enforce(self.context, action, target) result = policy.enforce(self.context, action, target)
self.assertTrue(result) self.assertTrue(result)
def test_enforce_plugin_failure(self):
def fakegetnetwork(*args, **kwargs):
raise NotImplementedError('Blast!')
# the policy check and plugin method we use in this test are irrelevant
# so long that we verify that, if *f* blows up, the behavior of the
# policy engine to propagate the exception is preserved
action = "create_port:mac"
with mock.patch.object(manager.QuantumManager.get_instance().plugin,
'get_network', new=fakegetnetwork):
target = {'network_id': 'whatever'}
self.assertRaises(NotImplementedError,
policy.enforce,
self.context,
action,
target)
def test_enforce_tenant_id_check_parent_resource_bw_compatibility(self): def test_enforce_tenant_id_check_parent_resource_bw_compatibility(self):
def fakegetnetwork(*args, **kwargs): def fakegetnetwork(*args, **kwargs):