From cfae28a869e1f245fc472f0e25b1627963e61ea1 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 3 Feb 2020 10:13:26 -0500
Subject: [PATCH] Add error mesasges to help with non-root confluent

non-root confluent daemon will have a larger struggle
with permissions, try to help the user navigate that.
---
 confluent_server/confluent/firmwaremanager.py | 29 +++++++++++++++----
 .../plugins/hardwaremanagement/ipmi.py        |  5 ++++
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/confluent_server/confluent/firmwaremanager.py b/confluent_server/confluent/firmwaremanager.py
index dd2ba061..db4258d9 100644
--- a/confluent_server/confluent/firmwaremanager.py
+++ b/confluent_server/confluent/firmwaremanager.py
@@ -36,14 +36,31 @@ _tracelog = None
 
 def execupdate(handler, filename, updateobj, type, owner, node):
     global _tracelog
-    if type != 'ffdc' and not os.path.exists(filename):
-        errstr =  '{0} does not appear to exist on {1}'.format(
-            filename, socket.gethostname())
-        updateobj.handle_progress({'phase': 'error', 'progress': 0.0,
-                                   'detail': errstr})
-        return
+    if type != 'ffdc:
+        errstr = False
+        if not os.path.exists(filename):
+            errstr =  '{0} does not appear to exist on {1}'.format(
+                filename, socket.gethostname())
+        elif not os.access(filename, os.R_OK):
+            errstr =  '{0} is not readable by confluent on {1} (ensure confluent user or group can access file and parent directories')'.format(
+                filename, socket.gethostname())
+        if errstr:
+            updateobj.handle_progress({'phase': 'error', 'progress': 0.0,
+                                    'detail': errstr})
+            return
     if type == 'ffdc' and os.path.isdir(filename):
         filename += '/' + node
+    if 'type' == 'ffdc':
+        errstr = False
+        if os.path.exists(filename):
+            errstr = '{0} already exists on {1}, cannot overwrite'.format(
+                filename, socket.gethostname())
+        elif not os.access(os.path.dirname(filename), os.W_OK):
+            errstr = '{0} directory not writable by confluent user/group on {1}, check the directory and parent directory ownership and permissions'.format(filename, socket.gethostname())
+        if errstr:
+            updateobj.handle_progress({'phase': 'error', 'progress': 0.0,
+                                    'detail': errstr})
+            return
     try:
         if type == 'firmware':
             completion = handler(filename, progress=updateobj.handle_progress,
diff --git a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
index 2e104e48..cf990e1d 100644
--- a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
+++ b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
@@ -1494,6 +1494,11 @@ class IpmiHandler(object):
 
     def save_licenses(self):
         directory = self.inputdata.nodefile(self.node)
+        if not os.access(os.path.dirname(directory), os.W_OK):
+            raise exc.InvalidArgumentException(
+                'The onfluent system user/group is unable to write to '
+                'directory {0}, check ownership and permissions'.format(
+                    os.path.dirname(directory)))
         for saved in self.ipmicmd.save_licenses(directory):
             self.output.put(msg.SavedFile(self.node, saved))