Comment 0 for bug 1260905

When nova net-create and net-delete are prohibited by policy, we should raise policy violation error (403) to the user instead of service unavailable (503) error which is incorrect.

Steps to reproduce:
1. Add the following policies to policy.json:
"network:create": "rule:admin_api",
"network:delete": "rule:admin_api"

2. As a non-admin user, run nova net-create:
nova net-create xyz 192.168.254.1/30
ERROR: Create networks failed (HTTP 503)

Here's the output of other forbidden commands:
$ nova baremetal-node-list
ERROR: Policy doesn't allow compute_extension:baremetal_nodes to be performed. (HTTP 403)