From bc0a05dd4aa5e1eb104efd63fda7bbe939bc7cbe Mon Sep 17 00:00:00 2001
From: Chris Yeoh <cyeoh@au1.ibm.com>
Date: Wed, 22 May 2013 21:10:03 +0930
Subject: Handle security group quota exceeded gracefully

Handle the security group quota exceeded more gracefully so a
traceback is not generated in the log files when this error
occurs. This does not change the API as the HTTP status code
returned remains the same.

Fixes bug 1182859

Change-Id: Id3ac513048751759f01b328482b4f02e26ff66ee
---
 nova/api/openstack/compute/contrib/security_groups.py  | 18 +++++++++++++-----
 .../openstack/compute/contrib/test_security_groups.py  |  4 ++--
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 041eb0dc5..40b085be1 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -289,8 +289,12 @@ class SecurityGroupController(SecurityGroupControllerBase):
         self.security_group_api.validate_property(group_description,
                                                   'description', None)
 
-        group_ref = self.security_group_api.create_security_group(
-            context, group_name, group_description)
+        try:
+            group_ref = self.security_group_api.create_security_group(
+                context, group_name, group_description)
+        except exception.SecurityGroupLimitExceeded as err:
+            raise exc.HTTPRequestEntityTooLarge(
+                explanation=err.format_message())
 
         return {'security_group': self._format_security_group(context,
                                                               group_ref)}
@@ -356,9 +360,13 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
                 msg = _("Bad prefix for network in cidr %s") % new_rule['cidr']
                 raise exc.HTTPBadRequest(explanation=msg)
 
-        security_group_rule = (
-            self.security_group_api.create_security_group_rule(
-                context, security_group, new_rule))
+        try:
+            security_group_rule = (
+                self.security_group_api.create_security_group_rule(
+                    context, security_group, new_rule))
+        except exception.SecurityGroupLimitExceeded as err:
+            raise exc.HTTPRequestEntityTooLarge(
+                explanation=err.format_message())
 
         return {"security_group_rule": self._format_security_group_rule(
                                                         context,
diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
index 1406ed97a..6bd220198 100644
--- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py
+++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
@@ -273,7 +273,7 @@ class TestSecurityGroups(test.TestCase):
             self.assertEqual(res_dict['security_group']['name'], name)
 
         sg = security_group_template()
-        self.assertRaises(exception.SecurityGroupLimitExceeded,
+        self.assertRaises(webob.exc.HTTPRequestEntityTooLarge,
                           self.controller.create,
                           req, {'security_group': sg})
 
@@ -1139,7 +1139,7 @@ class TestSecurityGroupRules(test.TestCase):
             'ip_protocol': 'tcp', 'from_port': '121', 'to_port': '121',
             'parent_group_id': self.sg2['id'], 'group_id': self.sg1['id']
         }
-        self.assertRaises(exception.SecurityGroupLimitExceeded,
+        self.assertRaises(webob.exc.HTTPRequestEntityTooLarge,
                           self.controller.create,
                           req, {'security_group_rule': rule})
 
-- 
cgit