diff --git a/glance/api/v2/metadef_namespaces.py b/glance/api/v2/metadef_namespaces.py index c0d21ec86c..1561fa6eec 100644 --- a/glance/api/v2/metadef_namespaces.py +++ b/glance/api/v2/metadef_namespaces.py @@ -269,7 +269,7 @@ class NamespaceController(object): md_resource=namespace_obj, enforcer=self.policy) policy_check.get_metadef_namespace() - except webob.exc.HTTPForbidden: + except (exception.Forbidden, webob.exc.HTTPForbidden): LOG.debug("User not permitted to show namespace '%s'", namespace) # NOTE (abhishekk): Returning 404 Not Found as the diff --git a/glance/tests/functional/v2/test_metadef_namespace_api_policy.py b/glance/tests/functional/v2/test_metadef_namespace_api_policy.py index 3a040d15ca..a36e5e866e 100644 --- a/glance/tests/functional/v2/test_metadef_namespace_api_policy.py +++ b/glance/tests/functional/v2/test_metadef_namespace_api_policy.py @@ -339,6 +339,10 @@ class TestMetadefNamespacesPolicy(functional.SynchronousAPIBase): resp = self.api_get(path) self.assertEqual(404, resp.status_code) + # Now try to get the same namespace by different user + self.set_policy_rules({'get_metadef_namespace': '@'}) + self._verify_forbidden_converted_to_not_found(path, 'GET') + # Now disable get_metadef_objects policy to ensure that you will # get forbidden response self.set_policy_rules({ diff --git a/glance/tests/unit/v2/test_metadef_resources.py b/glance/tests/unit/v2/test_metadef_resources.py index 7b4a60a13f..d6b736fe64 100644 --- a/glance/tests/unit/v2/test_metadef_resources.py +++ b/glance/tests/unit/v2/test_metadef_resources.py @@ -451,7 +451,7 @@ class TestMetadefsControllers(base.IsolatedUnitTest): def test_namespace_show_non_visible(self): request = unit_test_utils.get_fake_request() - self.assertRaises(webob.exc.HTTPForbidden, + self.assertRaises(webob.exc.HTTPNotFound, self.namespace_controller.show, request, NAMESPACE2) def test_namespace_delete(self):