Move Forbidden exceptions to RECOVERABLE group

Previously the Forbidden exceptions raised by clients were classified
as UNAUTHORIZED. This classification is not entirely correct, as
the UNAUTHORIZED group of exceptions implies that the user should be
logged out and forced to log in again. This, however, is not the case
with Forbidden exceptions. Thus, it is more appropriate to place the
Forbidden exceptions into the RECOVERABLE group.

Change-Id: I7e52ed72d66e9d0496bc07036e48c968e7a66c2e
Closes-bug: #1299126

openstack_dashboard/exceptions.py

@@ -30,16 +30,11 @@ from troveclient import exceptions as troveclient
 
 UNAUTHORIZED = (
     keystoneclient.Unauthorized,
-    keystoneclient.Forbidden,
     cinderclient.Unauthorized,
-    cinderclient.Forbidden,
     novaclient.Unauthorized,
-    novaclient.Forbidden,
     glanceclient.Unauthorized,
     neutronclient.Unauthorized,
-    neutronclient.Forbidden,
     heatclient.HTTPUnauthorized,
-    heatclient.HTTPForbidden,
     troveclient.Unauthorized,
 )
 
@@ -61,19 +56,24 @@ RECOVERABLE = (
     keystoneclient.ClientException,
     # AuthorizationFailure is raised when Keystone is "unavailable".
     keystoneclient.AuthorizationFailure,
+    keystoneclient.Forbidden,
     cinderclient.ClientException,
     cinderclient.ConnectionError,
+    cinderclient.Forbidden,
     novaclient.ClientException,
+    novaclient.Forbidden,
     glanceclient.ClientException,
     # NOTE(amotoki): Neutron exceptions other than the first one
     # are recoverable in many cases (e.g., NetworkInUse is not
     # raised once VMs which use the network are terminated).
+    neutronclient.Forbidden,
     neutronclient.NeutronClientException,
     neutronclient.NetworkInUseClient,
     neutronclient.PortInUseClient,
     neutronclient.AlreadyAttachedClient,
     neutronclient.StateInvalidClient,
     swiftclient.ClientException,
+    heatclient.HTTPForbidden,
     heatclient.HTTPException,
     troveclient.ClientException
 )