From: asteroide Date: Wed, 14 Oct 2015 20:00:28 +0000 (+0200) Subject: When a tenant is not managed by Moon, the result of the authz function is always... X-Git-Tag: colorado.1.0~120^2 X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F39%2F2539%2F1;p=moon.git When a tenant is not managed by Moon, the result of the authz function is always True. Change-Id: Ic63d93371fb1661078367c47ce9ccd0c99537070 --- diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index f1bba652..e509664f 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -1821,7 +1821,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager): tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id()) if tenant_id not in tenants_dict: - raise TenantUnknown() + # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id)) + LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)) + return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)} intra_extension_id = tenants_dict[tenant_id][genre] if not intra_extension_id: raise TenantNoIntraExtension()