diff options
author | asteroide <thomas.duval@orange.com> | 2015-10-14 22:00:28 +0200 |
---|---|---|
committer | asteroide <thomas.duval@orange.com> | 2015-10-14 22:00:28 +0200 |
commit | bc8c519eb4b7b15560bfeb2d7f8487742f83899f (patch) | |
tree | 355417c12d8bbae8f7424b8879808d4e61b5745a | |
parent | 004cd2069974e4dfa9ef38c4387529aabcc9dfe3 (diff) |
When a tenant is not managed by Moon, the result of the authz function is always True.
Change-Id: Ic63d93371fb1661078367c47ce9ccd0c99537070
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index f1bba652..e509664f 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -1821,7 +1821,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager): tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id()) if tenant_id not in tenants_dict: - raise TenantUnknown() + # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id)) + LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)) + return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)} intra_extension_id = tenants_dict[tenant_id][genre] if not intra_extension_id: raise TenantNoIntraExtension() |