From 54e67e606cabbd218fe8a1c0da04c14ef9922ec7 Mon Sep 17 00:00:00 2001
From: Boxiang Zhu <zhu.boxiang@99cloud.net>
Date: Thu, 18 Aug 2022 14:46:00 +0800
Subject: [PATCH] fix: Catch InternalServerError

We need to catch InternalServerError and then LOG. Just
use user_context.

Change-Id: Iaf4aa2d9c7935735bab600aa892f5d90b5800012
---
 skyline_apiserver/api/v1/policy.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/skyline_apiserver/api/v1/policy.py b/skyline_apiserver/api/v1/policy.py
index 45a7e83..5591d94 100644
--- a/skyline_apiserver/api/v1/policy.py
+++ b/skyline_apiserver/api/v1/policy.py
@@ -17,7 +17,10 @@ from __future__ import annotations
 from typing import Dict
 
 from fastapi import APIRouter, Depends, HTTPException, status
-from keystoneauth1.exceptions.http import Unauthorized as KeystoneUnauthorized
+from keystoneauth1.exceptions.http import (
+    InternalServerError as KeystoneInternalServerError,
+    Unauthorized as KeystoneUnauthorized,
+)
 
 from skyline_apiserver import schemas
 from skyline_apiserver.api import deps
@@ -95,6 +98,10 @@ async def list_policies(
         # User is not authorized to access the system scope. So just ignore the
         # exception and use the user_context as is.
         LOG.debug("Keystone token is invalid. No privilege to access system scope.")
+    except KeystoneInternalServerError:
+        # Keystone is not reachable. So just ignore the exception and use the
+        # user_context as is.
+        LOG.debug("Keystone is not reachable. No privilege to access system scope.")
     target = _generate_target(profile)
     result = [
         {"rule": rule, "allowed": ENFORCER.authorize(rule, target, user_context)}
@@ -137,6 +144,10 @@ async def check_policies(
         # User is not authorized to access the system scope. So just ignore the
         # exception and use the user_context as is.
         LOG.debug("Keystone token is invalid. No privilege to access system scope.")
+    except KeystoneInternalServerError:
+        # Keystone is not reachable. So just ignore the exception and use the
+        # user_context as is.
+        LOG.debug("Keystone is not reachable. No privilege to access system scope.")
     target = _generate_target(profile)
     target.update(policy_rules.target if policy_rules.target else {})
     try: