virt: don't fail if the pool secret has been removed

When updating a storage pool needing a secret don't fail if the secret is missing in libvirt: user may have mistakenly killed it. Instead create a new secret and log and information in the log.
2025-04-17 10:10:20 +00:00 · 2020-05-19 11:39:12 +02:00 · 2020-05-19 11:39:12 +02:00 · 0b75496c10
commit 0b75496c10
parent f19bcf49c2
2 changed files with 30 additions and 27 deletions
--- a/salt/modules/virt.py
+++ b/salt/modules/virt.py
@ -5831,15 +5831,19 @@ def _pool_set_secret(
        if secret_type:
            # Get the previously defined secret if any
            secret = None
-            if usage:
-                usage_type = (
-                    libvirt.VIR_SECRET_USAGE_TYPE_CEPH
-                    if secret_type == "ceph"
-                    else libvirt.VIR_SECRET_USAGE_TYPE_ISCSI
-                )
-                secret = conn.secretLookupByUsage(usage_type, usage)
-            elif uuid:
-                secret = conn.secretLookupByUUIDString(uuid)
+            try:
+                if usage:
+                    usage_type = (
+                        libvirt.VIR_SECRET_USAGE_TYPE_CEPH
+                        if secret_type == "ceph"
+                        else libvirt.VIR_SECRET_USAGE_TYPE_ISCSI
+                    )
+                    secret = conn.secretLookupByUsage(usage_type, usage)
+                elif uuid:
+                    secret = conn.secretLookupByUUIDString(uuid)
+            except libvirt.libvirtError as err:
+                # For some reason the secret has been removed. Don't fail since we'll recreate it
+                log.info("Secret not found: %s", err.get_error_message())

            # Create secret if needed
            if not secret:
--- a/tests/unit/modules/test_virt.py
+++ b/tests/unit/modules/test_virt.py
@ -4534,24 +4534,6 @@ class VirtTestCase(TestCase, LoaderModuleMockMixin):
          </source>
        </pool>"""

-        expected_xml = (
-            '<pool type="rbd">'
-            "<name>default</name>"
-            "<uuid>20fbe05c-ab40-418a-9afa-136d512f0ede</uuid>"
-            '<capacity unit="bytes">1999421108224</capacity>'
-            '<allocation unit="bytes">713207042048</allocation>'
-            '<available unit="bytes">1286214066176</available>'
-            "<source>"
-            '<host name="ses4.tf.local" />'
-            '<host name="ses5.tf.local" />'
-            '<auth type="ceph" username="libvirt">'
-            '<secret uuid="14e9a0f1-8fbf-4097-b816-5b094c182212" />'
-            "</auth>"
-            "<name>iscsi-images</name>"
-            "</source>"
-            "</pool>"
-        )
-
        mock_secret = MagicMock()
        self.mock_conn.secretLookupByUUIDString = MagicMock(return_value=mock_secret)

@ -4572,6 +4554,23 @@ class VirtTestCase(TestCase, LoaderModuleMockMixin):
        self.mock_conn.storagePoolDefineXML.assert_not_called()
        mock_secret.setValue.assert_called_once_with(b"secret")

+        # Case where the secret can't be found
+        self.mock_conn.secretLookupByUUIDString = MagicMock(
+            side_effect=self.mock_libvirt.libvirtError("secret not found")
+        )
+        self.assertFalse(
+            virt.pool_update(
+                "default",
+                "rbd",
+                source_name="iscsi-images",
+                source_hosts=["ses4.tf.local", "ses5.tf.local"],
+                source_auth={"username": "libvirt", "password": "c2VjcmV0"},
+            )
+        )
+        self.mock_conn.storagePoolDefineXML.assert_not_called()
+        self.mock_conn.secretDefineXML.assert_called_once()
+        mock_secret.setValue.assert_called_once_with(b"secret")
+
    def test_pool_update_password_create(self):
        """
        Test the pool_update function, where the password only is changed