Handle missing server when getting security groups

Fix bug 1010486.

Treat InstanceNotFound as a 404 when querying the security groups of server
that does not exist. Also removes old exception translation, ApiError no
longer exists and NotAuthorized shouldn't need handling at this level.
Includes tweak suggested by Mark McLoughlin in review.

Change-Id: Iaeada84dbadc232968f792c6f4855bf61cc5a5ae

3 files changed, 19 insertions, 6 deletions

diff --git a/Authors b/Authors
index 489122bc2..685dee694 100644
--- a/Authors
+++ b/Authors
@@ -138,6 +138,7 @@ Mandell Degerness <mdegerne@gmail.com>
 Mark McClain <mark.mcclain@dreamhost.com>
 Mark McLoughlin <markmc@redhat.com>
 Mark Washenberger <mark.washenberger@rackspace.com>
+Martin Packman <martin.packman@canonical.com>
 Maru Newby <mnewby@internap.com>
 Masanori Itoh <itoumsn@nttdata.co.jp>
 Matt Dietz <matt.dietz@rackspace.com>
diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 5e81347ec..840813d68 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -385,12 +385,10 @@ class ServerSecurityGroupController(SecurityGroupControllerBase):
 
         try:
             instance = self.compute_api.get(context, server_id)
-            groups = db.security_group_get_by_instance(context,
-                                                       instance['id'])
-        except exception.ApiError, e:
-            raise webob.exc.HTTPBadRequest(explanation=e.message)
-        except exception.NotAuthorized, e:
-            raise webob.exc.HTTPUnauthorized()
+        except exception.InstanceNotFound as exp:
+            raise exc.HTTPNotFound(explanation=unicode(exp))
+
+        groups = db.security_group_get_by_instance(context, instance['id'])
 
         result = [self._format_security_group(context, group)
                     for group in groups]
diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
index 1778068bb..9e636de14 100644
--- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py
+++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
@@ -285,6 +285,20 @@ class TestSecurityGroups(test.TestCase):
 
         self.assertEquals(res_dict, expected)
 
+    def test_get_security_group_by_instance_non_existing(self):
+        self.stubs.Set(nova.db, 'instance_get', return_server_nonexistent)
+        self.stubs.Set(nova.db, 'instance_get_by_uuid',
+                       return_server_nonexistent)
+        req = fakes.HTTPRequest.blank('/v2/fake/servers/1/os-security-groups')
+        self.assertRaises(webob.exc.HTTPNotFound,
+                          self.server_controller.index, req, '1')
+
+    def test_get_security_group_by_instance_invalid_id(self):
+        req = fakes.HTTPRequest.blank(
+            '/v2/fake/servers/invalid/os-security-groups')
+        self.assertRaises(webob.exc.HTTPNotFound,
+                          self.server_controller.index, req, 'invalid')
+
     def test_get_security_group_by_id(self):
         sg = security_group_template(id=2, rules=[])