Merge "When a tenant is not managed by Moon, the result of the authz function is always True."

author: Ruan HE <ruan.he@orange.com> 2015-10-14 20:08:24 +0000
committer: Gerrit Code Review <gerrit@172.30.200.206> 2015-10-14 20:08:24 +0000
commit: f514f6dc77e118854116be7bb21ef490db9c1087 (patch)
tree: 17b81b16ab4ef66515f494694fb523540dad4784
parent: 6d5c2202c0bc0c4d2e1ab7d5d4bd7bdd631bd465 (diff)
parent: bc8c519eb4b7b15560bfeb2d7f8487742f83899f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index bca90adb..4cb178ed 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -1823,7 +1823,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
         tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
 
         if tenant_id not in tenants_dict:
-            raise TenantUnknown()
+            # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id))
+            LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id))
+            return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)}
         intra_extension_id = tenants_dict[tenant_id][genre]
         if not intra_extension_id:
             raise TenantNoIntraExtension()
author	Ruan HE <ruan.he@orange.com>	2015-10-14 20:08:24 +0000
committer	Gerrit Code Review <gerrit@172.30.200.206>	2015-10-14 20:08:24 +0000
commit	f514f6dc77e118854116be7bb21ef490db9c1087 (patch)
tree	17b81b16ab4ef66515f494694fb523540dad4784
parent	6d5c2202c0bc0c4d2e1ab7d5d4bd7bdd631bd465 (diff)
parent	bc8c519eb4b7b15560bfeb2d7f8487742f83899f (diff)