Add missing forbidden to not found case for GET namespace API

Covered missing forbidden to not found conversion scenario for
GET namespace API.

Related: blueprint policy-refactor
Change-Id: I5e2d15e861f751031208d2cc36167bacdf91f5a0

glance/api/v2/metadef_namespaces.py

@@ -269,7 +269,7 @@ class NamespaceController(object):
                     md_resource=namespace_obj,
                     enforcer=self.policy)
                 policy_check.get_metadef_namespace()
-            except webob.exc.HTTPForbidden:
+            except (exception.Forbidden, webob.exc.HTTPForbidden):
                 LOG.debug("User not permitted to show namespace '%s'",
                           namespace)
                 # NOTE (abhishekk): Returning 404 Not Found as the

glance/tests/functional/v2/test_metadef_namespace_api_policy.py

@@ -339,6 +339,10 @@ class TestMetadefNamespacesPolicy(functional.SynchronousAPIBase):
         resp = self.api_get(path)
         self.assertEqual(404, resp.status_code)
 
+        # Now try to get the same namespace by different user
+        self.set_policy_rules({'get_metadef_namespace': '@'})
+        self._verify_forbidden_converted_to_not_found(path, 'GET')
+
         # Now disable get_metadef_objects policy to ensure that you will
         # get forbidden response
         self.set_policy_rules({

glance/tests/unit/v2/test_metadef_resources.py

@@ -451,7 +451,7 @@ class TestMetadefsControllers(base.IsolatedUnitTest):
 
     def test_namespace_show_non_visible(self):
         request = unit_test_utils.get_fake_request()
-        self.assertRaises(webob.exc.HTTPForbidden,
+        self.assertRaises(webob.exc.HTTPNotFound,
                           self.namespace_controller.show, request, NAMESPACE2)
 
     def test_namespace_delete(self):