)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"93444163cb106a988a362ad0ec85b94006296b83","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"c77458ea_643c7e57","updated":"2024-06-26 12:36:23.000000000","message":"Added some comments inline. Please take a look :)","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"d74fd8ed6f77410e3ecac70e336406211df5598c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"3156ddab_9dc45b20","updated":"2024-06-26 12:36:36.000000000","message":"And thank you very much for the fix","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"5f24c7f5e2c4dd80d7b32cdda1040eb1b211ad57","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"987b867d_dc14d423","updated":"2024-06-26 12:40:27.000000000","message":"Just tested it in an environment where I managed to reproduce the issue before, and the fix works like a charm.","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"09d0017e175446e28879703d2be169c0567c8223","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"b36c1908_2d716326","updated":"2024-06-26 14:32:57.000000000","message":"Hey, Gireesh! Just updated the release note, hope you don\u0027t mind :)","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"46be181051aeddfcab28575a7f9611bd162eeabf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"914ad990_ffcc3e21","updated":"2024-06-26 15:41:19.000000000","message":"LGTM; thanks Gireesh and Carlos","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":36178,"name":"Saravanan Manickam","display_name":"msaravan","email":"manicsaran@gmail.com","username":"msaravan"},"change_message_id":"9e7084ba898471e7b7384163149d533339ebbca9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"1d95f758_3233ea1e","updated":"2024-06-26 15:34:22.000000000","message":"Looks good to me !!","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"128affa389468b15d2e14735196f04153007917a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"90ca4a4a_8a9a40ad","updated":"2024-06-26 22:12:20.000000000","message":"Thanks Douglas; its a useful question to ask; i extended it with some more notes.. I am okay with the fix because anyone using NetApp with vserver scoped creds is broken - even when they don\u0027t use/want kerberos. \n\nI would like some clarity in case we\u0027d like to improve the kerberos auth mechanism.. let\u0027s chat on this patch, or on the bug to make any improvements if necessary","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":30002,"name":"Douglas Viroel","email":"viroel@gmail.com","username":"dviroel"},"change_message_id":"5cef7f28a7e85733b609b6f78e5e4e829bb48a60","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"a973a932_3e53660a","updated":"2024-06-26 17:37:41.000000000","message":"Thanks for the quick fix","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":30002,"name":"Douglas Viroel","email":"viroel@gmail.com","username":"dviroel"},"change_message_id":"d3e3d6f6808acd4500da2bcbdf4f70efda2466e6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"597981a4_7d061286","updated":"2024-06-26 21:35:58.000000000","message":"Updating vote: this is an important fix to land ASAP","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":30002,"name":"Douglas Viroel","email":"viroel@gmail.com","username":"dviroel"},"change_message_id":"4da228e46d94ab7c8ce897363e53e9e859fee97f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"d9a98882_9ba661b9","updated":"2024-06-26 17:46:45.000000000","message":"recheck","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"74727a0cb1b9fe875b88161552ee6d443ebdec8c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"f67d9082_fd213d1e","updated":"2024-06-26 19:56:34.000000000","message":"recheck\n\ncompletely unrelated dummy driver migration API test failures","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"4b446543dbbe83dd736bb5e5d0dae7693c91350b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"4a97867d_06bbd355","updated":"2024-06-26 17:16:26.000000000","message":"recheck\nKnown issue in the LVM job. This change does not touch the manila core neither LVM driver, so we can recheck to try to get a clean run.","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"}],"manila/share/drivers/netapp/dataontap/client/client_cmode.py":[{"author":{"_account_id":30002,"name":"Douglas Viroel","email":"viroel@gmail.com","username":"dviroel"},"change_message_id":"5cef7f28a7e85733b609b6f78e5e4e829bb48a60","unresolved":true,"context_lines":[{"line_number":2062,"context_line":"                with excutils.save_and_reraise_exception() as exc_context:"},{"line_number":2063,"context_line":"                    if \"entry doesn\u0027t exist\" in e.message:"},{"line_number":2064,"context_line":"                        exc_context.reraise \u003d False"},{"line_number":2065,"context_line":"                        return False"},{"line_number":2066,"context_line":""},{"line_number":2067,"context_line":"            attributes \u003d result.get_child_by_name(\u0027attributes\u0027)"},{"line_number":2068,"context_line":"            kerberos_info \u003d attributes.get_child_by_name("}],"source_content_type":"text/x-python","patch_set":3,"id":"244dfb70_3241a35b","line":2065,"updated":"2024-06-26 17:37:41.000000000","message":"So IIUC, svm-scoped accounts will not fail with this error if kerberos is configured, but if kerberos is configured it will return the correct status?\nAnd for cluster scoped accounts this error is never raised here, that would explain why NetApp CI (at least the upstream) never failed since Wallaby?\nIf that is true, the fix looks correct, since svm-scoped account still could use kerberos auth without failing and returning the wrong auth method.","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"128affa389468b15d2e14735196f04153007917a","unresolved":true,"context_lines":[{"line_number":2062,"context_line":"                with excutils.save_and_reraise_exception() as exc_context:"},{"line_number":2063,"context_line":"                    if \"entry doesn\u0027t exist\" in e.message:"},{"line_number":2064,"context_line":"                        exc_context.reraise \u003d False"},{"line_number":2065,"context_line":"                        return False"},{"line_number":2066,"context_line":""},{"line_number":2067,"context_line":"            attributes \u003d result.get_child_by_name(\u0027attributes\u0027)"},{"line_number":2068,"context_line":"            kerberos_info \u003d attributes.get_child_by_name("}],"source_content_type":"text/x-python","patch_set":3,"id":"e24bba12_68c487da","line":2065,"in_reply_to":"244dfb70_3241a35b","updated":"2024-06-26 22:12:20.000000000","message":"Yeah; what i see happening with this fix is if _any_ of the LIFs is not kerberos enabled, we consider kerberos to be disabled. \n\nIt would have been ideal if there was a warning log here in case an administrator has messed up the kerberized LIF configuration. \n\nBut, I don\u0027t see anywhere that the driver allows controlling access via kerberos usernames.. With kerberos configured on the vserver and its LIFs, I presume that anyone in the realm has access to the shares, as long as IP based restrictions also allow mounting shares on the eventual clients. \n\nSo correct me if this understanding is correct:\n\nDHSS\u003dTrue\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\n1) User creates a manila security service to map to their kerberos service\n2) User creates a share network, associates the security service with it\n3) User creates share/s\n4) Driver creates a vserver, enables kerberos with the security service configuration and sets up kerborized LIFs\n5) User allows share access to clients via their IP addresses\n6) Within the client, the user would also need kerberos auth to mount the share and use it\n\nDHSS\u003dFalse\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n1) Administrator creates kerberos-enabled vserver, and kerberized LIFs\n2) User allows share access to clients via their IP addresses\n3) Within the client, the user would also need kerberos auth to mount the share and use it\n\n\nIf the admin messes up, the client wouldn\u0027t be able to use their kerberos auth to mount the share in their client.. \n\nIs this the workflow?","commit_id":"232627db3b39163cfbef00d1e625fcd9a524253a"}],"releasenotes/notes/bug-2069125-fix-manila-driver-error-with-ontap-svm-scoped-user-when-add-rule-1ae120a96dd8f68a.yaml":[{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"93444163cb106a988a362ad0ec85b94006296b83","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    NetApp driver `bug #2069125"},{"line_number":5,"context_line":"    \u003chttps://bugs.launchpad.net/manila/+bug/2069125\u003e`_:"},{"line_number":6,"context_line":"    Fixed the issue for the NetApp driver in the ZAPI workflow where a"},{"line_number":7,"context_line":"    Vserver-scoped user failed to add rules for a share when the "},{"line_number":8,"context_line":"    Vserver LIF was not configured with Kerberos. Added a try/except"},{"line_number":9,"context_line":"    block to the code that retrieves the Kerberos configuration for"},{"line_number":10,"context_line":"    the LIF to resolve the issue."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"be81f1b5_6d683b60","line":7,"range":{"start_line":7,"start_character":4,"end_line":7,"end_character":18},"updated":"2024-06-26 12:36:23.000000000","message":"I think this might not be necessarily only vserver scoped. We are also hitting this issue with an account that has admin permissions, but is not the cluster administrator itself.\n\nSo my suggestion for the release note would be:\n\n\u003e Fixed the issue for the NetApp ONTAP driver in the ZAPI workflow, where users failed to add access rules for a share when the vserver network interface was not configured with kerberos.","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"09d0017e175446e28879703d2be169c0567c8223","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    NetApp driver `bug #2069125"},{"line_number":5,"context_line":"    \u003chttps://bugs.launchpad.net/manila/+bug/2069125\u003e`_:"},{"line_number":6,"context_line":"    Fixed the issue for the NetApp driver in the ZAPI workflow where a"},{"line_number":7,"context_line":"    Vserver-scoped user failed to add rules for a share when the "},{"line_number":8,"context_line":"    Vserver LIF was not configured with Kerberos. Added a try/except"},{"line_number":9,"context_line":"    block to the code that retrieves the Kerberos configuration for"},{"line_number":10,"context_line":"    the LIF to resolve the issue."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"7e101155_68f49f4d","line":7,"range":{"start_line":7,"start_character":4,"end_line":7,"end_character":18},"in_reply_to":"be81f1b5_6d683b60","updated":"2024-06-26 14:32:57.000000000","message":"Done","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"93444163cb106a988a362ad0ec85b94006296b83","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    \u003chttps://bugs.launchpad.net/manila/+bug/2069125\u003e`_:"},{"line_number":6,"context_line":"    Fixed the issue for the NetApp driver in the ZAPI workflow where a"},{"line_number":7,"context_line":"    Vserver-scoped user failed to add rules for a share when the "},{"line_number":8,"context_line":"    Vserver LIF was not configured with Kerberos. Added a try/except"},{"line_number":9,"context_line":"    block to the code that retrieves the Kerberos configuration for"},{"line_number":10,"context_line":"    the LIF to resolve the issue."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"2bf7325d_92ec21e4","line":10,"range":{"start_line":8,"start_character":50,"end_line":10,"end_character":33},"updated":"2024-06-26 12:36:23.000000000","message":"I believe we can remove this part, because it is an implementation detail, and at the end we will have end users seeing this message, and they might not be familiar with the code :)","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"},{"author":{"_account_id":29632,"name":"Carlos Eduardo","email":"ces.eduardo98@gmail.com","username":"silvacarlos"},"change_message_id":"09d0017e175446e28879703d2be169c0567c8223","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    \u003chttps://bugs.launchpad.net/manila/+bug/2069125\u003e`_:"},{"line_number":6,"context_line":"    Fixed the issue for the NetApp driver in the ZAPI workflow where a"},{"line_number":7,"context_line":"    Vserver-scoped user failed to add rules for a share when the "},{"line_number":8,"context_line":"    Vserver LIF was not configured with Kerberos. Added a try/except"},{"line_number":9,"context_line":"    block to the code that retrieves the Kerberos configuration for"},{"line_number":10,"context_line":"    the LIF to resolve the issue."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"4daf7f0a_bfa475c3","line":10,"range":{"start_line":8,"start_character":50,"end_line":10,"end_character":33},"in_reply_to":"2bf7325d_92ec21e4","updated":"2024-06-26 14:32:57.000000000","message":"Done","commit_id":"ac539b33589b7f485a47956c9555367b920b8048"}]}
