Add exception for insufficient privileges when using security services

When trying to create a share using a security service while having insufficient privileges or providing wrong credentials, manila raises a generic user message that provides little information to the end user on what exactly went wrong. Added a driver-agnostic exception for when this happens, accompanied with a user message to provide more useful information to end users. Partial-Bug: #1900755 Change-Id: I2b0bc5c0715c225cd5b38b55fb3967ff7fc86fa8
2020-11-27 15:19:02 -03:00 · 2020-11-27 15:19:02 -03:00 · 3d65f46d3e
commit 3d65f46d3e
parent 9b835f03d5
4 changed files with 39 additions and 0 deletions
--- a/manila/exception.py
+++ b/manila/exception.py
@ -615,6 +615,10 @@ class ShareNetworkSecurityServiceDissociationError(ManilaException):
                " and security service %(security_service_id)s: %(reason)s.")


+class SecurityServiceFailedAuth(ManilaException):
+    message = _("Failed to authenticate user against security service.")
+
+
 class InvalidVolume(Invalid):
    message = _("Invalid volume.")

--- a/manila/message/message_field.py
+++ b/manila/message/message_field.py
@ -120,6 +120,12 @@ class Detail(object):
          "that are associated with the used share network. The security "
          "service may be unsupported or the provided parameters are invalid. "
          "You may try again with a different set of configurations."))
+    SECURITY_SERVICE_FAILED_AUTH = (
+        '023',
+        _("Share Driver failed to create share due to a security service "
+          "authentication issue. The security service user has either "
+          "insufficient privileges or wrong credentials. Please check your "
+          "user, password, ou and domain."))

    ALL = (
        UNKNOWN_ERROR,
@ -144,6 +150,7 @@ class Detail(object):
        FORBIDDEN_CLIENT_ACCESS,
        UNSUPPORTED_CLIENT_ACCESS,
        UNSUPPORTED_ADD_UDPATE_SECURITY_SERVICE,
+        SECURITY_SERVICE_FAILED_AUTH,
    )

    # Exception and detail mappings
--- a/manila/share/manager.py
+++ b/manila/share/manager.py
@ -1963,6 +1963,24 @@ class ShareManager(manager.SchedulerDependentManager):
                        share_group=share_group_ref,
                    )
                )
+            except exception.SecurityServiceFailedAuth:
+                with excutils.save_and_reraise_exception():
+                    error = ("Provision of share server failed: "
+                             "failed to authenticate user "
+                             "against security server.")
+                    LOG.error(error)
+                    self.db.share_instance_update(
+                        context, share_instance_id,
+                        {'status': constants.STATUS_ERROR}
+                    )
+                    self.message_api.create(
+                        context,
+                        message_field.Action.CREATE,
+                        share['project_id'],
+                        resource_type=message_field.Resource.SHARE,
+                        resource_id=share_id,
+                        detail=(message_field.Detail
+                                .SECURITY_SERVICE_FAILED_AUTH))
            except Exception:
                with excutils.save_and_reraise_exception():
                    error = ("Creation of share instance %s failed: "
--- a/releasenotes/notes/add-sec-service-user-msg-10054933ff33e347.yaml
+++ b/releasenotes/notes/add-sec-service-user-msg-10054933ff33e347.yaml
@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    `Bug #1900755 <https://bugs.launchpad.net/manila/+bug/1900755>`_:
+    Added a driver-agnostic exception to handle insufficient privileges on a
+    security service when trying to create a share.
+    Added a user message to provide useful information to end users.
+    Note that vendors will need to implement the exception provided in this
+    patch in their drivers to take advantage of the more convenient user
+    message.