Add log warning for cases when the ResourceEntity doesn't exist in the policy. If we have a new BMC but old authz policy, this should give a good log on explaining why a request was unauthorized. This happens when you query a resource whose entity dosent exist in the privilege registry. This resource will return no privileges which by default has unauthorized behavior. PiperOrigin-RevId: 781114669 Change-Id: I959a4e571e3f10a4b7c562141fa937050d0a3504

commit: 2ad36ffc32e369647a2c02c6cfa248fbfc7fbd15 [log] [tgz]
author: Edward Lee <edwarddl@google.com> Wed Jul 09 10:33:42 2025 -0700
committer: Copybara-Service <copybara-worker@google.com> Wed Jul 09 10:34:24 2025 -0700
tree: 817141e704950614ef72422bceaa55f0c94a7689
parent: 179e0630a58366c182d3f3e3a65bd5f76a2cfa6e [diff]
diff --git a/redfish_authorization/redfish_authorizer.cc b/redfish_authorization/redfish_authorizer.cc
index 84e0808..3a5377e 100644
--- a/redfish_authorization/redfish_authorizer.cc
+++ b/redfish_authorization/redfish_authorizer.cc

@@ -696,6 +696,15 @@
 
   std::vector<RedfishPrivileges> required_privilege_sets =
       GetRequiredPrivileges(entity, operation);
+
+  if (required_privilege_sets.empty()) {
+    LOG(WARNING) << "No required privileges found for "
+                 << ResourceEntityToString(entity) << " and operation "
+                 << OperationToString(operation)
+                 << ". This most likely means that you are using an outdated "
+                    "redfish authz policy.";
+  }
+
   for (const RedfishPrivileges& privileges : required_privilege_sets) {
     // NOTE: there won't be an empty required privilege set ever; otherwise,
     // we skip this required privilege set.
commit	2ad36ffc32e369647a2c02c6cfa248fbfc7fbd15	[log] [tgz]
author	Edward Lee <edwarddl@google.com>	Wed Jul 09 10:33:42 2025 -0700
committer	Copybara-Service <copybara-worker@google.com>	Wed Jul 09 10:34:24 2025 -0700
tree	817141e704950614ef72422bceaa55f0c94a7689
parent	179e0630a58366c182d3f3e3a65bd5f76a2cfa6e [diff]