rjollos.git:1c203a85 results in a ConfigurationError
being raised immediately when tracopt.perm.authz_policy
is enabled, and before any other steps are taken to configure the installation for authz permissions. It seems better to only raise the ConfigurationError
when AuthzPolicy
is in the list of active permission_policies
. So the behavior I propose is, allow tracopt.perm.authz_policy
to be enabled but don't perform any error checks unless AuthzPolicy
is in the list of active permission_policies
. Once AuthzPolicy
is active, we are very strict about failing with a ConfigurationError
if the authz policy won't be enforced due to a configuration error or dependency not being loaded. Furthermore, after #10285, if AuthzPolicy
is active but tracopt.perm.authz_policy
is not enabled, a ConfigurationError
will be raised, and this also extends to the case of raising a ConfigurationError
if a permission policy in permission_policies
is misspelled.
In rjollos.git:t11293.2 another case is covered by raising a ConfigurationError
if the authz_file
is empty.