Add exception for insufficient privileges when using security services

When trying to create a share using a security
service while having insufficient privileges or
providing wrong credentials, manila raises a
generic user message that provides little
information to the end user on what exactly went
wrong.
Added a driver-agnostic exception for when this
happens, accompanied with a user message to
provide more useful information to end users.

Partial-Bug: #1900755
Change-Id: I2b0bc5c0715c225cd5b38b55fb3967ff7fc86fa8
This commit is contained in:
Eduardo Santos 2020-11-27 15:19:02 -03:00
parent 9b835f03d5
commit 3d65f46d3e
4 changed files with 39 additions and 0 deletions

View File

@ -615,6 +615,10 @@ class ShareNetworkSecurityServiceDissociationError(ManilaException):
" and security service %(security_service_id)s: %(reason)s.")
class SecurityServiceFailedAuth(ManilaException):
message = _("Failed to authenticate user against security service.")
class InvalidVolume(Invalid):
message = _("Invalid volume.")

View File

@ -120,6 +120,12 @@ class Detail(object):
"that are associated with the used share network. The security "
"service may be unsupported or the provided parameters are invalid. "
"You may try again with a different set of configurations."))
SECURITY_SERVICE_FAILED_AUTH = (
'023',
_("Share Driver failed to create share due to a security service "
"authentication issue. The security service user has either "
"insufficient privileges or wrong credentials. Please check your "
"user, password, ou and domain."))
ALL = (
UNKNOWN_ERROR,
@ -144,6 +150,7 @@ class Detail(object):
FORBIDDEN_CLIENT_ACCESS,
UNSUPPORTED_CLIENT_ACCESS,
UNSUPPORTED_ADD_UDPATE_SECURITY_SERVICE,
SECURITY_SERVICE_FAILED_AUTH,
)
# Exception and detail mappings

View File

@ -1963,6 +1963,24 @@ class ShareManager(manager.SchedulerDependentManager):
share_group=share_group_ref,
)
)
except exception.SecurityServiceFailedAuth:
with excutils.save_and_reraise_exception():
error = ("Provision of share server failed: "
"failed to authenticate user "
"against security server.")
LOG.error(error)
self.db.share_instance_update(
context, share_instance_id,
{'status': constants.STATUS_ERROR}
)
self.message_api.create(
context,
message_field.Action.CREATE,
share['project_id'],
resource_type=message_field.Resource.SHARE,
resource_id=share_id,
detail=(message_field.Detail
.SECURITY_SERVICE_FAILED_AUTH))
except Exception:
with excutils.save_and_reraise_exception():
error = ("Creation of share instance %s failed: "

View File

@ -0,0 +1,10 @@
---
fixes:
- |
`Bug #1900755 <https://bugs.launchpad.net/manila/+bug/1900755>`_:
Added a driver-agnostic exception to handle insufficient privileges on a
security service when trying to create a share.
Added a user message to provide useful information to end users.
Note that vendors will need to implement the exception provided in this
patch in their drivers to take advantage of the more convenient user
message.