provide more descriptive exception

When policy disallows an action, the existing exception doesn't contain anything except the rule. That means finding out why becomes somewhat difficult. We should provide the matrix of information that was used in the decision in the exception. Change-Id: I99c46fcc9f16f2b13a1b5527a3754da26dacf248
author: Sean Dague <sean@dague.net> 2015-03-03 07:08:50 -0500
committer: Sean Dague <sean@dague.net> 2015-03-03 07:08:50 -0500
commit: 87b636d5faa522cf15a0c7672a28ac56215535ce (patch)
tree: 8d7bdcf6cf792025b63f0e8aa1ccebd73d9188fe
parent: 5902ce0b4cf209bc46f194162bdea506674f604f (diff)
download: oslo-policy-87b636d5faa522cf15a0c7672a28ac56215535ce.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py
index e4f4a07..d01455a 100644
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@@ -222,8 +222,9 @@ LOG = logging.getLogger(__name__)
 class PolicyNotAuthorized(Exception):
     """Default exception raised for policy enforcement failure."""
 
-    def __init__(self, rule):
-        msg = _('Policy does not allow %s to be performed.') % rule
+    def __init__(self, rule, target, creds):
+        msg = (_('%(rule)s on %(target)s by %(creds)s disallowed by policy') %
+               {'rule': rule, 'target': target, 'creds': creds})
         super(PolicyNotAuthorized, self).__init__(msg)
 
 
@@ -464,6 +465,6 @@ class Enforcer(object):
             if exc:
                 raise exc(*args, **kwargs)
 
-            raise PolicyNotAuthorized(rule)
+            raise PolicyNotAuthorized(rule, target, creds)
 
         return result
author	Sean Dague <sean@dague.net>	2015-03-03 07:08:50 -0500
committer	Sean Dague <sean@dague.net>	2015-03-03 07:08:50 -0500
commit	87b636d5faa522cf15a0c7672a28ac56215535ce (patch)
tree	8d7bdcf6cf792025b63f0e8aa1ccebd73d9188fe
parent	5902ce0b4cf209bc46f194162bdea506674f604f (diff)
download	oslo-policy-87b636d5faa522cf15a0c7672a28ac56215535ce.tar.gz