[NetApp] Add exception for insufficient privilege or incorrect credentials

When creating a share using CIFS protocol users can face errors related with incorrect credentials or insufficient privileges which have not been properly described by the exception error message. This patch add a more clearer error message to address this kind of error to the user. Closes-Bug: #1900755 Change-Id: I589c218f2c1072e17e76a6a8d8d81541d5072ad1
2023-04-27 17:14:18 +00:00 · 2023-04-27 17:14:18 +00:00 · 81126d97e3
commit 81126d97e3
parent 33593bdf5d
5 changed files with 85 additions and 0 deletions
--- a/manila/share/drivers/netapp/dataontap/client/client_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
@ -1839,6 +1839,15 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
            LOG.debug("Trying to setup CIFS server with data: %s", api_args)
            self.send_request('cifs-server-create', api_args)
        except netapp_api.NaApiError as e:
+            credential_msg = "could not authenticate"
+            privilege_msg = "insufficient access"
+            if (e.code == netapp_api.EAPIERROR and (
+                    credential_msg in e.message.lower() or
+                    privilege_msg in e.message.lower())):
+                auth_msg = _("Failed to create CIFS server entry. "
+                             "Please double check your user credentials "
+                             "or privileges. %s")
+                raise exception.SecurityServiceFailedAuth(auth_msg % e.message)
            msg = _("Failed to create CIFS server entry. %s")
            raise exception.NetAppException(msg % e.message)

--- a/manila/share/drivers/netapp/dataontap/client/client_cmode_rest.py
+++ b/manila/share/drivers/netapp/dataontap/client/client_cmode_rest.py
@ -3779,6 +3779,15 @@ class NetAppRestClient(object):
            LOG.debug("Trying to setup CIFS server with data: %s", body)
            self.send_request('/protocols/cifs/services', 'post', body=body)
        except netapp_api.api.NaApiError as e:
+            credential_msg = "could not authenticate"
+            privilege_msg = "insufficient access"
+            if (e.code == netapp_api.api.EAPIERROR and (
+                    credential_msg in e.message.lower() or
+                    privilege_msg in e.message.lower())):
+                auth_msg = _("Failed to create CIFS server entry. "
+                             "Please double check your user credentials "
+                             "or privileges. %s")
+                raise exception.SecurityServiceFailedAuth(auth_msg % e.message)
            msg = _("Failed to create CIFS server entry. %s")
            raise exception.NetAppException(msg % e.message)

--- a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
@ -9113,3 +9113,29 @@ class NetAppClientCmodeTestCase(test.TestCase):
            'svm-migration-get-progress', api_args=api_args, use_zapi=False)

        self.assertEqual(expected, result)
+
+    def test_configure_active_directory_credential_error(self):
+        msg = "could not authenticate"
+        self.mock_object(self.client, 'send_request',
+                         self._mock_api_error(code=netapp_api.EAPIERROR,
+                                              message=msg))
+        self.mock_object(self.client, 'configure_dns')
+        self.mock_object(self.client, 'set_preferred_dc')
+        self.mock_object(self.client, '_get_cifs_server_name')
+        self.assertRaises(exception.SecurityServiceFailedAuth,
+                          self.client.configure_active_directory,
+                          fake.CIFS_SECURITY_SERVICE,
+                          fake.VSERVER_NAME)
+
+    def test_configure_active_directory_user_privilege_error(self):
+        msg = "insufficient access"
+        self.mock_object(self.client, 'send_request',
+                         self._mock_api_error(code=netapp_api.EAPIERROR,
+                                              message=msg))
+        self.mock_object(self.client, 'configure_dns')
+        self.mock_object(self.client, 'set_preferred_dc')
+        self.mock_object(self.client, '_get_cifs_server_name')
+        self.assertRaises(exception.SecurityServiceFailedAuth,
+                          self.client.configure_active_directory,
+                          fake.CIFS_SECURITY_SERVICE,
+                          fake.VSERVER_NAME)
--- a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode_rest.py
+++ b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode_rest.py
@ -6821,3 +6821,37 @@ class NetAppRestCmodeClientTestCase(test.TestCase):
            '/storage/volumes/', 'get', query=fake_query)

        self.assertEqual(expected, result)
+
+    @ddt.data(fake.CIFS_SECURITY_SERVICE, fake.CIFS_SECURITY_SERVICE_3)
+    def test_configure_active_directory_credential_error(self,
+                                                         security_service):
+        msg = "could not authenticate"
+        fake_security = copy.deepcopy(security_service)
+
+        self.mock_object(self.client, 'configure_dns')
+        self.mock_object(self.client, 'set_preferred_dc')
+        self.mock_object(self.client, '_get_cifs_server_name')
+        self.mock_object(self.client, 'send_request',
+                         self._mock_api_error(code=netapp_api.api.EAPIERROR,
+                                              message=msg))
+        self.assertRaises(exception.SecurityServiceFailedAuth,
+                          self.client.configure_active_directory,
+                          fake_security,
+                          fake.VSERVER_NAME)
+
+    @ddt.data(fake.CIFS_SECURITY_SERVICE, fake.CIFS_SECURITY_SERVICE_3)
+    def test_configure_active_directory_user_privilege_error(self,
+                                                             security_service):
+        msg = "insufficient access"
+        fake_security = copy.deepcopy(security_service)
+
+        self.mock_object(self.client, 'configure_dns')
+        self.mock_object(self.client, 'set_preferred_dc')
+        self.mock_object(self.client, '_get_cifs_server_name')
+        self.mock_object(self.client, 'send_request',
+                         self._mock_api_error(code=netapp_api.api.EAPIERROR,
+                                              message=msg))
+        self.assertRaises(exception.SecurityServiceFailedAuth,
+                          self.client.configure_active_directory,
+                          fake_security,
+                          fake.VSERVER_NAME)
--- a/releasenotes/notes/bug-1900755-netapp-add-exception-cifs-creation-error-user-privileges-or-credentials.yaml
+++ b/releasenotes/notes/bug-1900755-netapp-add-exception-cifs-creation-error-user-privileges-or-credentials.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    `Bug #1900755 <https://bugs.launchpad.net/manila/+bug/1900755>`_:
+    When failing to create shares using security services due to insufficient
+    privileges or wrong credentials, the NetApp ONTAP driver will now report
+    more accurate information on the failure.