Merge "Handle Permission Denied for policy files"

2019-09-26 18:39:54 +00:00 · 2019-09-26 18:39:54 +00:00 · e1d2a8dfb3
commit e1d2a8dfb3
parent d5bddba437 f57b6ead57
1 changed files with 10 additions and 1 deletions
--- a/openstack_auth/policy.py
+++ b/openstack_auth/policy.py
@ -64,7 +64,16 @@ def _get_enforcer():
            policy_file, policy_dirs = _get_policy_file_with_full_path(service)
            conf = _get_policy_conf(policy_file, policy_dirs)
            enforcer = policy.Enforcer(conf)
-            enforcer.load_rules()
+            try:
+                enforcer.load_rules()
+            except IOError:
+                # Just in case if we have permission denied error which is not
+                # handled by oslo.policy now. It will handled in the code like
+                # we don't have any policy file: allow action from the Horizon
+                # side.
+                LOG.warning("Cannot load a policy file '%s' for service '%s' "
+                            "due to IOError. One possible reason is "
+                            "permission denied.", policy_file, service)
            # Ensure enforcer.rules is populated.
            if enforcer.rules:
                LOG.debug("adding enforcer for service: %s", service)