rbac: nova list with a vm stuck in error state causes PermissionDenied from api server

nova list with a vm stuck in error state causes PermissionDenied from api server.

In other words, port-list with invalid device id causes PermissionDenied rather than printing nothing.
root@a2s41:~/master_181215/contrail-test# neutron port-list --device_id 97039d4e-c2e9-4388-814e-80c3cad40ede
An unknown exception occurred.

port-list with device_id of filters = {'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']}

ERROR:contrail-api:<class 'cfgm_common.exceptions.PermissionDenied'>
Python 2.7.6: /usr/bin/python
Wed Dec 30 04:04:27 2015

A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.

 /usr/lib/python2.7/dist-packages/vnc_openstack/__init__.py in handler_trap_exception(*args=(), **kwargs={})
  985 def handler_trap_exception(*args, **kwargs):
  986 try:
  987 response = handler(*args, **kwargs)
  988 return response
  989 except Exception as e:
response undefined
handler = <bound method NeutronPluginInterface.plugin_http..._plugin_interface.NeutronPluginInterface object>>
args = ()
kwargs = {}
 /usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py in plugin_http_post_port(self=<vnc_openstack.neutron_plugin_interface.NeutronPluginInterface object>)
  466 return self.plugin_delete_port(context, port)
  467 elif context['operation'] == 'READALL':
  468 return self.plugin_get_ports(context, port)
  469 elif context['operation'] == 'READCOUNT':
  470 return self.plugin_get_ports_count(context, port)
self = <vnc_openstack.neutron_plugin_interface.NeutronPluginInterface object>
self.plugin_get_ports = <bound method NeutronPluginInterface.plugin_get_..._plugin_interface.NeutronPluginInterface object>>context = {'is_admin': True, 'operation': 'READALL', 'roles': ['admin'], 'tenant': 'd96eead73a0d49d4962e6a2d4947846a', 'tenant_id': 'd96eead73a0d49d4962e6a2d4947846a', 'type': 'port', 'user_id': 'bb45fd15f5c843ea9ac82e9a576d230e'}port = {'fields': [], 'filters': {'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']}}
 /usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py in plugin_get_ports(self=<vnc_openstack.neutron_plugin_interface.NeutronPluginInterface object>, context={'is_admin': True, 'operation': 'READALL', 'roles': ['admin'], 'tenant': 'd96eead73a0d49d4962e6a2d4947846a', 'tenant_id': 'd96eead73a0d49d4962e6a2d4947846a', 'type': 'port', 'user_id': 'bb45fd15f5c843ea9ac82e9a576d230e'}, port={'fields': [], 'filters': {'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']}})
  428 try:
  429 cfgdb = self._get_user_cfgdb(context)
  430 ports_info = cfgdb.port_list(context, filters)
  431 return json.dumps(ports_info)
  432 except Exception as e:
ports_info undefined
cfgdb = <vnc_openstack.neutron_plugin_db.DBInterface object>
cfgdb.port_list = <bound method DBInterface.wrapper of <vnc_openstack.neutron_plugin_db.DBInterface object>>context = {'is_admin': True, 'operation': 'READALL', 'roles': ['admin'], 'tenant': 'd96eead73a0d49d4962e6a2d4947846a', 'tenant_id': 'd96eead73a0d49d4962e6a2d4947846a', 'type': 'port', 'user_id': 'bb45fd15f5c843ea9ac82e9a576d230e'}filters = {'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']}
 /usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py in wrapper(self=<vnc_openstack.neutron_plugin_db.DBInterface object>, *args=({'is_admin': True, 'operation': 'READALL', 'roles': ['admin'], 'tenant': 'd96eead73a0d49d4962e6a2d4947846a', 'tenant_id': 'd96eead73a0d49d4962e6a2d4947846a', 'type': 'port', 'user_id': 'bb45fd15f5c843ea9ac82e9a576d230e'}, {'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']}), **kwargs={})
 2249 def wrapper(self, *args, **kwargs):
 2250 self._connected_to_api_server.wait()
 2251 return func(self, *args, **kwargs)
 2252
 2253 return wrapper
func = <function port_list>
self = <vnc_openstack.neutron_plugin_db.DBInterface object>args = ({'is_admin': True, 'operation': 'READALL', 'roles': ['admin'], 'tenant': 'd96eead73a0d49d4962e6a2d4947846a', 'tenant_id': 'd96eead73a0d49d4962e6a2d4947846a', 'type': 'port', 'user_id': 'bb45fd15f5c843ea9ac82e9a576d230e'}, {'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']})
kwargs = {}
 /usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py in port_list(self=<vnc_openstack.neutron_plugin_db.DBInterface object>, context={'is_admin': True, 'operation': 'READALL', 'roles': ['admin'], 'tenant': 'd96eead73a0d49d4962e6a2d4947846a', 'tenant_id': 'd96eead73a0d49d4962e6a2d4947846a', 'type': 'port', 'user_id': 'bb45fd15f5c843ea9ac82e9a576d230e'}, filters={'device_id': ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']})
 3699 # current schema and parent in < 1.06 schema)
 3700 port_objs = self._virtual_machine_interface_list(parent_id=device_ids,
 3701 back_ref_id=device_ids)
 3702
 3703 if len(more_ports):
back_ref_id undefineddevice_ids = ['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78']
 /usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py in _virtual_machine_interface_list(self=<vnc_openstack.neutron_plugin_db.DBInterface object>, parent_id=['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'], back_ref_id=['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'], obj_uuids=None, fields=None)
  377 obj_uuids=obj_uuids,
  378 detail=True,
  379 fields=n_extra_fields)
  380 return vmi_objs
  381 #end _virtual_machine_interface_list
fields = None
n_extra_fields = ['logical_router_back_refs', 'instance_ip_back_refs', 'floating_ip_back_refs']
 /usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py in _objects_list(self=<vnc_api.vnc_api.VncApi object>, res_type='virtual-machine-interface', parent_id=['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'], parent_fq_name=None, obj_uuids=None, back_ref_id=['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'], fields=['logical_router_back_refs', 'instance_ip_back_refs', 'floating_ip_back_refs'], detail=True, count=False, filters=None)
  416 parent_fq_name=parent_fq_name, back_ref_id=back_ref_id,
  417 obj_uuids=obj_uuids, fields=fields, detail=detail, count=count,
  418 filters=filters)
  419 # end _objects_list
  420
filters = None
 /usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py in resource_list(self=<vnc_api.vnc_api.VncApi object>, obj_type='virtual-machine-interface', parent_id=['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'], parent_fq_name=None, back_ref_id=['2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e', '97039d4e-c2e9-4388-814e-80c3cad40edf', 'd4e852bc-da98-48e3-91ab-e2cb9ea7659e', '6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'], obj_uuids=None, fields=['logical_router_back_refs', 'instance_ip_back_refs', 'floating_ip_back_refs'], detail=True, count=False, filters=None)
  926 content = self._request_server(rest.OP_GET,
  927 obj_class.create_uri,
  928 data = query_params)
  929 except NoIdError:
  930 # dont allow NoIdError propagate to user
data undefinedquery_params = {'back_ref_id': '2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e,97039d4e-c2...e2cb9ea7659e,6f55ac1e-488b-4ea3-aaed-6ff92ba15b78', 'count': False, 'detail': True, 'fields': 'logical_router_back_refs,instance_ip_back_refs,floating_ip_back_refs', 'parent_id': '2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e,97039d4e-c2...e2cb9ea7659e,6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'}
 /usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py in _request_server(self=<vnc_api.vnc_api.VncApi object>, op=2, url=u'/virtual-machine-interfaces', data={'back_ref_id': '2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e,97039d4e-c2...e2cb9ea7659e,6f55ac1e-488b-4ea3-aaed-6ff92ba15b78', 'count': False, 'detail': True, 'fields': 'logical_router_back_refs,instance_ip_back_refs,floating_ip_back_refs', 'parent_id': '2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e,97039d4e-c2...e2cb9ea7659e,6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'}, retry_on_error=True, retry_after_authn=False, retry_count=30)
  633 return self._request(op, url, data=data, retry_on_error=retry_on_error,
  634 retry_after_authn=retry_after_authn,
  635 retry_count=retry_count)
  636
  637 def _request(self, op, url, data=None, retry_on_error=True,
retry_count = 30
 /usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py in _request(self=<vnc_api.vnc_api.VncApi object>, op=2, url=u'/virtual-machine-interfaces', data={'back_ref_id': '2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e,97039d4e-c2...e2cb9ea7659e,6f55ac1e-488b-4ea3-aaed-6ff92ba15b78', 'count': False, 'detail': True, 'fields': 'logical_router_back_refs,instance_ip_back_refs,floating_ip_back_refs', 'parent_id': '2e4b88e2-7afc-4dbb-bde2-d65e6bf4fa9e,97039d4e-c2...e2cb9ea7659e,6f55ac1e-488b-4ea3-aaed-6ff92ba15b78'}, retry_on_error=True, retry_after_authn=False, retry_count=30)
  677 elif status == 403:
  678 import pdb; pdb.set_trace()
  679 raise PermissionDenied(content)
  680 elif status == 409:
  681 raise RefsExistError(content)
global PermissionDenied = <class 'cfgm_common.exceptions.PermissionDenied'>
content = u'Permission Denied'
<class 'cfgm_common.exceptions.PermissionDenied'>: Permission Denied
    __class__ = <class 'cfgm_common.exceptions.PermissionDenied'>
    __delattr__ = <method-wrapper '__delattr__' of PermissionDenied object>
    __dict__ = {}
    __doc__ = None
    __format__ = <built-in method __format__ of PermissionDenied object>
    __getattribute__ = <method-wrapper '__getattribute__' of PermissionDenied object>
    __getitem__ = <method-wrapper '__getitem__' of PermissionDenied object>
    __getslice__ = <method-wrapper '__getslice__' of PermissionDenied object>
    __hash__ = <method-wrapper '__hash__' of PermissionDenied object>
    __init__ = <method-wrapper '__init__' of PermissionDenied object>
    __module__ = 'cfgm_common.exceptions'
    __new__ = <built-in method __new__ of type object>
    __reduce__ = <built-in method __reduce__ of PermissionDenied object>
    __reduce_ex__ = <built-in method __reduce_ex__ of PermissionDenied object>
    __repr__ = <method-wrapper '__repr__' of PermissionDenied object>
    __setattr__ = <method-wrapper '__setattr__' of PermissionDenied object>
    __setstate__ = <built-in method __setstate__ of PermissionDenied object>
    __sizeof__ = <built-in method __sizeof__ of PermissionDenied object>
    __str__ = <method-wrapper '__str__' of PermissionDenied object>
    __subclasshook__ = <built-in method __subclasshook__ of type object>
    __unicode__ = <built-in method __unicode__ of PermissionDenied object>
    __weakref__ = None
    args = (u'Permission Denied',)
    message = u'Permission Denied'

The above is a description of an error in a Python program. Here is
the original traceback:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/__init__.py", line 987, in handler_trap_exception
    response = handler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py", line 468, in plugin_http_post_port
    return self.plugin_get_ports(context, port)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py", line 430, in plugin_get_ports
    ports_info = cfgdb.port_list(context, filters)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 2251, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 3701, in port_list
    back_ref_id=device_ids)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 379, in _virtual_machine_interface_list
    fields=n_extra_fields)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 418, in _objects_list
    filters=filters)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 928, in resource_list
    data = query_params)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 635, in _request_server
    retry_count=retry_count)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 679, in _request
    raise PermissionDenied(content)
PermissionDenied: Permission Denied