From 77281ca68b26ee06e028b2206bfa7fedf96d887d Mon Sep 17 00:00:00 2001
From: Daniel Jiang <jiangd@vmware.com>
Date: Tue, 18 Aug 2020 10:37:20 +0800
Subject: [PATCH] Token service handling invalid resource (#12790)

This commit updates the way token service handles invalid resource, for
example a resource without projectname.
It will clear the requested access instead of returning 500 error.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
---
 src/core/service/token/authutils.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core/service/token/authutils.go b/src/core/service/token/authutils.go
index 320c1b213..58e978754 100644
--- a/src/core/service/token/authutils.go
+++ b/src/core/service/token/authutils.go
@@ -94,7 +94,9 @@ func filterAccess(access []*token.ResourceActions, ctx security.Context,
 		err = f.filter(ctx, pm, a)
 		log.Debugf("user: %s, access: %v", ctx.GetUsername(), a)
 		if err != nil {
-			return err
+			log.Errorf("Failed to handle the resource %s:%s, due to error %v, returning empty access for it.",
+				a.Type, a.Name, err)
+			a.Actions = []string{}
 		}
 	}
 	return nil