diff --git a/nova/api/openstack/compute/plugins/v3/servers.py b/nova/api/openstack/compute/plugins/v3/servers.py index 17d91a520904..b0180705cbfe 100644 --- a/nova/api/openstack/compute/plugins/v3/servers.py +++ b/nova/api/openstack/compute/plugins/v3/servers.py @@ -529,6 +529,8 @@ class ServersController(wsgi.Controller): except exception.ConfigDriveInvalidValue: msg = _("Invalid config_drive provided.") raise exc.HTTPBadRequest(explanation=msg) + except exception.ExternalNetworkAttachForbidden as error: + raise exc.HTTPForbidden(explanation=error.format_message()) except messaging.RemoteError as err: msg = "%(err_type)s: %(err_msg)s" % {'err_type': err.exc_type, 'err_msg': err.value} diff --git a/nova/tests/api/openstack/compute/plugins/v3/test_servers.py b/nova/tests/api/openstack/compute/plugins/v3/test_servers.py index e07c8c3b0b87..2818b38c76db 100644 --- a/nova/tests/api/openstack/compute/plugins/v3/test_servers.py +++ b/nova/tests/api/openstack/compute/plugins/v3/test_servers.py @@ -2489,6 +2489,16 @@ class ServersControllerCreateTest(test.TestCase): self.assertRaises(webob.exc.HTTPConflict, self._test_create_extra, params) + @mock.patch.object(compute_api.API, 'create') + def test_create_instance_public_network_non_admin(self, mock_create): + public_network_uuid = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' + params = {'networks': [{'uuid': public_network_uuid}]} + self.req.body = jsonutils.dumps(self.body) + mock_create.side_effect = exception.ExternalNetworkAttachForbidden( + network_uuid=public_network_uuid) + self.assertRaises(webob.exc.HTTPForbidden, + self._test_create_extra, params) + @mock.patch.object(compute_api.API, 'create') def test_create_multiple_instance_with_specified_ip_neutronv2(self, _api_mock):