From 92b92aa4c982a5201d9c46981ef91f3e904d526e Mon Sep 17 00:00:00 2001
From: Michael Polenchuk <mpolenchuk@mirantis.com>
Date: Mon, 30 Nov 2015 20:11:33 +0300
Subject: [PATCH] Catch HTTP 403 response

Also catch not authorized requests with HTTP 403 response in order to
handle it further.

Change-Id: Ib922bd5892f0204566656303e6a484daa8d2d5e7
---
 lib/puppet/provider/openstack.rb     |  2 +-
 spec/unit/provider/openstack_spec.rb | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/provider/openstack.rb b/lib/puppet/provider/openstack.rb
index 155e5b91..f7101993 100644
--- a/lib/puppet/provider/openstack.rb
+++ b/lib/puppet/provider/openstack.rb
@@ -50,7 +50,7 @@ class Puppet::Provider::Openstack < Puppet::Provider
           end
           break
         rescue Puppet::ExecutionFailure => e
-          if e.message =~ /HTTP 401/
+          if e.message =~ /HTTP 40[13]/
             raise(Puppet::Error::OpenstackUnauthorizedError, 'Could not authenticate.')
           elsif e.message =~ /Unable to establish connection/
             current_time = Time.now.to_i
diff --git a/spec/unit/provider/openstack_spec.rb b/spec/unit/provider/openstack_spec.rb
index c9c22eed..35a1d4bb 100644
--- a/spec/unit/provider/openstack_spec.rb
+++ b/spec/unit/provider/openstack_spec.rb
@@ -53,6 +53,30 @@ describe Puppet::Provider::Openstack do
         Puppet::Provider::Openstack.request('project', 'list', ['--long'])
       end
     end
+
+    context 'catch unauthorized errors' do
+      it 'should raise an error with non-existent user' do
+        ENV['OS_USERNAME']     = 'test'
+        ENV['OS_PASSWORD']     = 'abc123'
+        ENV['OS_PROJECT_NAME'] = 'test'
+        ENV['OS_AUTH_URL']     = 'http://127.0.0.1:5000'
+        provider.class.stubs(:openstack)
+                      .with('project', 'list', '--quiet', '--format', 'csv', ['--long'])
+                      .raises(Puppet::ExecutionFailure, 'Could not find user: test (HTTP 401)')
+        expect do
+          Puppet::Provider::Openstack.request('project', 'list', ['--long'])
+        end.to raise_error(Puppet::Error::OpenstackUnauthorizedError, /Could not authenticate/)
+      end
+
+      it 'should raise an error with not authorized to perform' do
+        provider.class.stubs(:openstack)
+                      .with('role', 'list', '--quiet', '--format', 'csv', ['--long'])
+                      .raises(Puppet::ExecutionFailure, 'You are not authorized to perform the requested action: identity:list_grants (HTTP 403)')
+        expect do
+          Puppet::Provider::Openstack.request('role', 'list', ['--long'])
+        end.to raise_error(Puppet::Error::OpenstackUnauthorizedError, /Could not authenticate/)
+      end
+    end
   end
 
   describe 'parse_csv' do