From 1f955045878315fd4c2d1400d1a7b8d109a0547b Mon Sep 17 00:00:00 2001
From: Sachin Bansal <sachin@contrailsystems.com>
Date: Wed, 15 Oct 2014 16:00:18 -0700
Subject: [PATCH] Catch PermissionDenied exception on security_group_update so
 that we can return proper error when sg rule quota is exceeded.

Change-Id: I1ebfe45a50521653ec92f115e12b692cc554dec4
Closes-Bug: 1365463
---
 src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
index 402d9298852..01e65ddc282 100644
--- a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
+++ b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -501,7 +501,11 @@ def _security_group_rule_create(self, sg_id, sg_rule):
             rules.add_policy_rule(sg_rule)
 
         sg_vnc.set_security_group_entries(rules)
-        self._vnc_lib.security_group_update(sg_vnc)
+        try:
+            self._vnc_lib.security_group_update(sg_vnc)
+        except PermissionDenied as e:
+            exc_info = {'type': 'BadRequest', 'message': str(e)}
+            bottle.abort(400, json.dumps(exc_info))
         return
     #end _security_group_rule_create