Add exception for insufficient privileges when using security services
When trying to create a share using a security service while having insufficient privileges or providing wrong credentials, manila raises a generic user message that provides little information to the end user on what exactly went wrong. Added a driver-agnostic exception for when this happens, accompanied with a user message to provide more useful information to end users. Partial-Bug: #1900755 Change-Id: I2b0bc5c0715c225cd5b38b55fb3967ff7fc86fa8
This commit is contained in:
parent
9b835f03d5
commit
3d65f46d3e
@ -615,6 +615,10 @@ class ShareNetworkSecurityServiceDissociationError(ManilaException):
|
||||
" and security service %(security_service_id)s: %(reason)s.")
|
||||
|
||||
|
||||
class SecurityServiceFailedAuth(ManilaException):
|
||||
message = _("Failed to authenticate user against security service.")
|
||||
|
||||
|
||||
class InvalidVolume(Invalid):
|
||||
message = _("Invalid volume.")
|
||||
|
||||
|
@ -120,6 +120,12 @@ class Detail(object):
|
||||
"that are associated with the used share network. The security "
|
||||
"service may be unsupported or the provided parameters are invalid. "
|
||||
"You may try again with a different set of configurations."))
|
||||
SECURITY_SERVICE_FAILED_AUTH = (
|
||||
'023',
|
||||
_("Share Driver failed to create share due to a security service "
|
||||
"authentication issue. The security service user has either "
|
||||
"insufficient privileges or wrong credentials. Please check your "
|
||||
"user, password, ou and domain."))
|
||||
|
||||
ALL = (
|
||||
UNKNOWN_ERROR,
|
||||
@ -144,6 +150,7 @@ class Detail(object):
|
||||
FORBIDDEN_CLIENT_ACCESS,
|
||||
UNSUPPORTED_CLIENT_ACCESS,
|
||||
UNSUPPORTED_ADD_UDPATE_SECURITY_SERVICE,
|
||||
SECURITY_SERVICE_FAILED_AUTH,
|
||||
)
|
||||
|
||||
# Exception and detail mappings
|
||||
|
@ -1963,6 +1963,24 @@ class ShareManager(manager.SchedulerDependentManager):
|
||||
share_group=share_group_ref,
|
||||
)
|
||||
)
|
||||
except exception.SecurityServiceFailedAuth:
|
||||
with excutils.save_and_reraise_exception():
|
||||
error = ("Provision of share server failed: "
|
||||
"failed to authenticate user "
|
||||
"against security server.")
|
||||
LOG.error(error)
|
||||
self.db.share_instance_update(
|
||||
context, share_instance_id,
|
||||
{'status': constants.STATUS_ERROR}
|
||||
)
|
||||
self.message_api.create(
|
||||
context,
|
||||
message_field.Action.CREATE,
|
||||
share['project_id'],
|
||||
resource_type=message_field.Resource.SHARE,
|
||||
resource_id=share_id,
|
||||
detail=(message_field.Detail
|
||||
.SECURITY_SERVICE_FAILED_AUTH))
|
||||
except Exception:
|
||||
with excutils.save_and_reraise_exception():
|
||||
error = ("Creation of share instance %s failed: "
|
||||
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
`Bug #1900755 <https://bugs.launchpad.net/manila/+bug/1900755>`_:
|
||||
Added a driver-agnostic exception to handle insufficient privileges on a
|
||||
security service when trying to create a share.
|
||||
Added a user message to provide useful information to end users.
|
||||
Note that vendors will need to implement the exception provided in this
|
||||
patch in their drivers to take advantage of the more convenient user
|
||||
message.
|
Loading…
x
Reference in New Issue
Block a user