From 25ead6a4dab48950bf1cd36d7d554c9e8c20add4 Mon Sep 17 00:00:00 2001
From: Martin Tsvetanov <martin.iva.tsvetanov@hp.com>
Date: Fri, 16 Oct 2015 10:28:01 +0000
Subject: [PATCH] Fixed registry invalid token exception handling

When the registry has an error validating the token that the api
has sent it a 500 is returned rather than 401. This fix catches the
NotAuthenticated exception and throws an HTTPUnauthorized instead.

Change-Id: I405cd98346e2df06c02e37bfdf903a54a29f7b19
Closes-bug:1504184
(cherry picked from 5734d7c16f3a41c250249f538f70634ad521207e)
---
 glance/api/v1/images.py                      |  3 +++
 glance/tests/unit/v1/test_registry_client.py | 14 +++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/glance/api/v1/images.py b/glance/api/v1/images.py
index b63b018478..b2e35774c8 100644
--- a/glance/api/v1/images.py
+++ b/glance/api/v1/images.py
@@ -33,6 +33,7 @@ from webob.exc import HTTPMethodNotAllowed
 from webob.exc import HTTPNotFound
 from webob.exc import HTTPRequestEntityTooLarge
 from webob.exc import HTTPServiceUnavailable
+from webob.exc import HTTPUnauthorized
 from webob import Response
 
 from glance.api import common
@@ -374,6 +375,8 @@ class Controller(controller.BaseController):
                 self._enforce_read_protected_props(image, req)
         except exception.Invalid as e:
             raise HTTPBadRequest(explanation=e.msg, request=req)
+        except exception.NotAuthenticated as e:
+            raise HTTPUnauthorized(explanation=e.msg, request=req)
         return dict(images=images)
 
     def _get_query_params(self, req):
diff --git a/glance/tests/unit/v1/test_registry_client.py b/glance/tests/unit/v1/test_registry_client.py
index f3a9c86a06..9d9b07ce42 100644
--- a/glance/tests/unit/v1/test_registry_client.py
+++ b/glance/tests/unit/v1/test_registry_client.py
@@ -22,6 +22,7 @@ from mock import patch
 from oslo_utils import timeutils
 import testtools
 
+from glance.api.v1.images import Controller as acontroller
 from glance.common import client as test_client
 from glance.common import config
 from glance.common import exception
@@ -32,7 +33,7 @@ import glance.registry.client.v1.api as rapi
 from glance.registry.client.v1.api import client as rclient
 from glance.tests.unit import base
 from glance.tests import utils as test_utils
-
+import webob
 
 _gen_uuid = lambda: str(uuid.uuid4())
 
@@ -944,3 +945,14 @@ class TestRegistryV1ClientRequests(base.IsolatedUnitTest):
             self.client.do_request("GET", "/images")
             mock_do_request.assert_called_once_with("GET", "/images",
                                                     headers={})
+
+    def test_registry_invalid_token_exception_handling(self):
+        self.image_controller = acontroller()
+        request = webob.Request.blank('/images')
+        request.method = 'GET'
+        request.context = context.RequestContext()
+
+        with patch.object(rapi, 'get_images_detail') as mock_detail:
+            mock_detail.side_effect = exception.NotAuthenticated()
+            self.assertRaises(webob.exc.HTTPUnauthorized,
+                              self.image_controller.detail, request)