From bc8c519eb4b7b15560bfeb2d7f8487742f83899f Mon Sep 17 00:00:00 2001
From: asteroide <thomas.duval@orange.com>
Date: Wed, 14 Oct 2015 22:00:28 +0200
Subject: When a tenant is not managed by Moon, the result of the authz
 function is always True.

Change-Id: Ic63d93371fb1661078367c47ce9ccd0c99537070
---
 keystone-moon/keystone/contrib/moon/core.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index f1bba652..e509664f 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -1821,7 +1821,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
         tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
 
         if tenant_id not in tenants_dict:
-            raise TenantUnknown()
+            # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id))
+            LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id))
+            return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)}
         intra_extension_id = tenants_dict[tenant_id][genre]
         if not intra_extension_id:
             raise TenantNoIntraExtension()
-- 
cgit 1.2.3-korg