diff options
author | Sean Dague <sean@dague.net> | 2015-03-03 07:08:50 -0500 |
---|---|---|
committer | Sean Dague <sean@dague.net> | 2015-03-03 07:08:50 -0500 |
commit | 87b636d5faa522cf15a0c7672a28ac56215535ce (patch) | |
tree | 8d7bdcf6cf792025b63f0e8aa1ccebd73d9188fe | |
parent | 5902ce0b4cf209bc46f194162bdea506674f604f (diff) | |
download | oslo-policy-87b636d5faa522cf15a0c7672a28ac56215535ce.tar.gz |
provide more descriptive exception
When policy disallows an action, the existing exception doesn't
contain anything except the rule. That means finding out why becomes
somewhat difficult. We should provide the matrix of information that
was used in the decision in the exception.
Change-Id: I99c46fcc9f16f2b13a1b5527a3754da26dacf248
-rw-r--r-- | oslo_policy/policy.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index e4f4a07..d01455a 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -222,8 +222,9 @@ LOG = logging.getLogger(__name__) class PolicyNotAuthorized(Exception): """Default exception raised for policy enforcement failure.""" - def __init__(self, rule): - msg = _('Policy does not allow %s to be performed.') % rule + def __init__(self, rule, target, creds): + msg = (_('%(rule)s on %(target)s by %(creds)s disallowed by policy') % + {'rule': rule, 'target': target, 'creds': creds}) super(PolicyNotAuthorized, self).__init__(msg) @@ -464,6 +465,6 @@ class Enforcer(object): if exc: raise exc(*args, **kwargs) - raise PolicyNotAuthorized(rule) + raise PolicyNotAuthorized(rule, target, creds) return result |