When a tenant is not managed by Moon, the result of the authz function is always True.

Change-Id: Ic63d93371fb1661078367c47ce9ccd0c99537070
author: asteroide <thomas.duval@orange.com> 2015-10-14 22:00:28 +0200
committer: asteroide <thomas.duval@orange.com> 2015-10-14 22:00:28 +0200
commit: bc8c519eb4b7b15560bfeb2d7f8487742f83899f (patch)
tree: 355417c12d8bbae8f7424b8879808d4e61b5745a
parent: 004cd2069974e4dfa9ef38c4387529aabcc9dfe3 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index f1bba652..e509664f 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -1821,7 +1821,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
         tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
 
         if tenant_id not in tenants_dict:
-            raise TenantUnknown()
+            # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id))
+            LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id))
+            return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)}
         intra_extension_id = tenants_dict[tenant_id][genre]
         if not intra_extension_id:
             raise TenantNoIntraExtension()
author	asteroide <thomas.duval@orange.com>	2015-10-14 22:00:28 +0200
committer	asteroide <thomas.duval@orange.com>	2015-10-14 22:00:28 +0200
commit	bc8c519eb4b7b15560bfeb2d7f8487742f83899f (patch)
tree	355417c12d8bbae8f7424b8879808d4e61b5745a
parent	004cd2069974e4dfa9ef38c4387529aabcc9dfe3 (diff)