commit 1e72b811f818f0a0cb519d891cfb67db333cb754
author Sapan Bhatia <sapan@opennetworking.org> Wed Sep 06 11:07:26 2017 -0400
committer Sapan Bhatia <sapan@opennetworking.org> Wed Sep 13 11:10:17 2017 -0700
tree 09faaf384752ef6abff1dabfa07845d713d9d9f0
parent 122a46a8294346bbc62787e1944df326a22386bc

CORD-1870: Port policy fails when the instance field is missing

Change-Id: Idcda824d9a2c74716c7caf29c95db9c1dea78d1f

lib/xos-genx/tests/general_security_test.py

diff --git a/lib/xos-genx/tests/general_security_test.py b/lib/xos-genx/tests/general_security_test.py
index dbf8538..60eab97 100644
--- a/lib/xos-genx/tests/general_security_test.py
+++ b/lib/xos-genx/tests/general_security_test.py
@@ -161,6 +161,42 @@
         verdict = output_security_check(obj, ctx)
         self.assertTrue(verdict)
 
+    def test_call_policy_child_none(self):
+        xproto = \
+"""
+    policy sub_policy < ctx.user = obj.user >
+    policy output < *sub_policy(child) >
+"""
+
+        args = FakeArgs()
+        args.inputs = xproto
+        args.target = self.target
+
+        output = XOSGenerator.generate(args)
+
+        exec(output,globals()) # This loads the generated function, which should look like this:
+
+        """
+        def sub_policy_security_check(obj, ctx):
+            i1 = (ctx.user == obj.user)
+            return i1
+
+        def output_security_check(obj, ctx):
+            if obj.child:
+		i1 = sub_policy_security_check(obj.child, ctx)
+	    else:
+		i1 = True
+	    return i1
+        """
+
+        obj = FakeArgs()
+        obj.child = None
+
+        ctx = FakeArgs()
+	ctx.user = 1
+
+        verdict = output_security_check(obj, ctx)
+        self.assertTrue(verdict)
 
     def test_bin(self):
         xproto = \

lib/xos-genx/xosgenx/jinja2_extensions/fol2.py

diff --git a/lib/xos-genx/xosgenx/jinja2_extensions/fol2.py b/lib/xos-genx/xosgenx/jinja2_extensions/fol2.py
index fefa24c..db98713 100644
--- a/lib/xos-genx/xosgenx/jinja2_extensions/fol2.py
+++ b/lib/xos-genx/xosgenx/jinja2_extensions/fol2.py
@@ -465,7 +465,11 @@
 
             policy_fn = fn_template % policy_name
             call_str = """
-%(verdict_var)s = %(policy_fn)s(obj.%(object_name)s, ctx)
+if obj.%(object_name)s:
+    %(verdict_var)s = %(policy_fn)s(obj.%(object_name)s, ctx)
+else:
+    # Everybody has access to null objects
+    %(verdict_var)s = True
             """ % {'verdict_var': verdict_var, 'policy_fn': policy_fn, 'object_name': object_name}
 
             call_ast = self.str_to_ast(call_str)