Handle security group quota exceeded gracefully

Handle the security group quota exceeded more gracefully so a
traceback is not generated in the log files when this error
occurs. This does not change the API as the HTTP status code
returned remains the same.

Fixes bug 1182859

Change-Id: Id3ac513048751759f01b328482b4f02e26ff66ee

2 files changed, 15 insertions, 7 deletions

diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 041eb0dc5..40b085be1 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -289,8 +289,12 @@ class SecurityGroupController(SecurityGroupControllerBase):
         self.security_group_api.validate_property(group_description,
                                                   'description', None)
 
-        group_ref = self.security_group_api.create_security_group(
-            context, group_name, group_description)
+        try:
+            group_ref = self.security_group_api.create_security_group(
+                context, group_name, group_description)
+        except exception.SecurityGroupLimitExceeded as err:
+            raise exc.HTTPRequestEntityTooLarge(
+                explanation=err.format_message())
 
         return {'security_group': self._format_security_group(context,
                                                               group_ref)}
@@ -356,9 +360,13 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
                 msg = _("Bad prefix for network in cidr %s") % new_rule['cidr']
                 raise exc.HTTPBadRequest(explanation=msg)
 
-        security_group_rule = (
-            self.security_group_api.create_security_group_rule(
-                context, security_group, new_rule))
+        try:
+            security_group_rule = (
+                self.security_group_api.create_security_group_rule(
+                    context, security_group, new_rule))
+        except exception.SecurityGroupLimitExceeded as err:
+            raise exc.HTTPRequestEntityTooLarge(
+                explanation=err.format_message())
 
         return {"security_group_rule": self._format_security_group_rule(
                                                         context,
diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
index 1406ed97a..6bd220198 100644
--- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py
+++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
@@ -273,7 +273,7 @@ class TestSecurityGroups(test.TestCase):
             self.assertEqual(res_dict['security_group']['name'], name)
 
         sg = security_group_template()
-        self.assertRaises(exception.SecurityGroupLimitExceeded,
+        self.assertRaises(webob.exc.HTTPRequestEntityTooLarge,
                           self.controller.create,
                           req, {'security_group': sg})
 
@@ -1139,7 +1139,7 @@ class TestSecurityGroupRules(test.TestCase):
             'ip_protocol': 'tcp', 'from_port': '121', 'to_port': '121',
             'parent_group_id': self.sg2['id'], 'group_id': self.sg1['id']
         }
-        self.assertRaises(exception.SecurityGroupLimitExceeded,
+        self.assertRaises(webob.exc.HTTPRequestEntityTooLarge,
                           self.controller.create,
                           req, {'security_group_rule': rule})